Where do you adjust that?

@johnpoz:

HE tunnel is stable, my /64s from my /48 never change ;)  I have no plans on going back to isp ipv6 any time soon.

+1. Examples of IPv6 "implementation" on some local ISPs:

A huge xDSL provider: when you ask for IPv6, you get CGN IPv4 instead of your current shiny public IPv4 that has not changed for years, plus one (!!!) /64. No /60, /56 or anything like that possible. The /64s are dynamic and changing all the time. Awesome.  ::) Major cable provider:  testing only, using dual-stack lite, IPs changing all the time, a general yuck…  ;D Small local WISP: Huh, what's IPv6? Oh, so you want a public /29 instead? But we are running short of IPv4s...  ::) ::) ::) (They actually have the - deprecated - 6to4 available without even knowing.)

IPv6 needs ICMP to function properly.

Here's one: http://blogs.cisco.com/security/icmp-and-security-in-ipv6

You get an /48 space supply. Of this /48 you can chop something like say /56 up into subnets of /64 (these are 255 LAN's or NIC's)

Reliable communication goes with /64.

So you can do a Static like 2A02:babe:face:1::1/64 for LAN-1
And you can do a Static like 2A02:babe:face:2::1/64 for LAN-2

Suppose you connect a switch to LAN-1.
Then you can attach a PC on that switch (to LAN-1) give it a Static, say 2A02:babe:face:1::beef

And you need RA to set on Router Only if you do Static, else no routing…

@Banane:

I now switched the FritzBox to a Draytek Vigor 130 VDSL modem and set it to PPPoE-Passtrough.
Where do I have to set up the VLAN, at the Vigor 130 or at the pFsense firewall ?
At the moment i disabled the VLAN tagging at the VDSL modem and set it up for the WAN interface in pFsense.
I can connect via PPPoE and receive a Ipv4-address. Does this mean the VLAN is configured right ?
How do I have to set up IPv6 (DHCPv6/SLAAC).

Good move !

VLAN is at pfSense, Draytek-130 is absolutely pass-tru to ISP-node.

Why do you need VLAN(), because of separate ISP tagging of the Internet, Phone and TV ?

If you get an IPv6 that basically doesn't change, then go Static (+SLAAC if you wish) or DHCP6-server for your LAN.
Else you have to stick to Track-Interface for the LAN. This will do out-of-the-box. Issue /64 addressing i.e. 2a02:2028:xyzt:klmn:…../64

Prior and besides LAN-config, you need to know the connection protocol to ISP for WAN, probably with dhcp6(c)(PD).
Find out by experimentation or ask them the ISP.

That ifconfig output does not look good. Having a prefixlen of 56 on a LAN will break every SLAAC device out there because RADVD will advertise a /56. RADVD can become confused, as in your case, because there is a mismatch between what comcast is offering and what DHCPv6 Prefix Delegation size has been set to. You must set DHCPv6 Prefix Delegation size to 56 to match what comcast provides. This in turn will cause RADVD to offer a /64 to LAN.

If you check /etc/var/radvd.conf and the prefix line is anything other than /64 at the end, LAN connectivity will not work for IPv6. I already went through this a while back: https://forum.pfsense.org/index.php?topic=83524.0

The link provided by kejianshi even mentions the possible need for setting it to 56.

Is 32,000 a big number? (I ran out of fingers - Let me take my shoes off)

/48 works really well - I think I have about 5 right now.  I will give them back if people start running out.

I agree with derelict.

Hmmm just a guess, is it possible that no RA is being send because client already exists in NDP table?

Ever get anywhere with your issue?

@digitalsushi:

we have a comcast router we are leasing because we have a static v4 /28 routed to us with a comcast rip client configuration we are not allowed to run on our own hardware.  This router's configuration is locked in place - if we used our own router, we could do the /60 PD req no problem. I should have mentioned this earlier but I didnt want to take my own thread off topic.

This was a critical piece of info.

Comcast doesn't support more than /64 on their own gateway devices. They don't yet support "sub-delegation", where you would be able to have a /60 or /56 on their gateway (which is required to be used for static IP addressing) and then sub-delegate prefixes to other routers (like pfSense).

That's why you can't get more than a /64, because you're using Comcast's gateway.

If the static IPv4 addresses weren't necessary, then you would be fine to use pfSense as your only router (have theirs put into Bridge mode, or buy a modem-only device) and request a /60 or /56 for IPv6.

And again why do you have them in floating in the first place? Are they set to quick, rules in floating are for SPECIAL rules..

For example
" I'm just not concerned with IPv6 on those VLANs."

But you had a rule that should allow ipv6 out, which would be applied to ALL interfaces..  I don't recommend putting anything in floating unless it really needs to go there.

I think I agree with a lot what people are saying here but it just seems like a engineering nightmare. To my point earlier who knows what hashing algorithm they are using to randomize the mac address. Is it even a hash?  I'm just glad that I am not the only one that thinks everything about IPv6 is NOT all good. NAT just seemed like an elegant solution to a problem and now we have IPv6 and it just doesn't seem right to me, but we will see.

If IP addresses was all we were worried about they could have just added an extra octet and called it a day. Hell you could even make that octet Hex which would have given you 48bits in the address space with is a ridiculous amount of IPs, but i guess we couldn't call it an octet, maybe a hextet. Older devices would just read the lower 32 bits; newer device would read all 48 bits.

I read this book about every open system becomes closed, let me check the name real fast. The book is called "Who controls the Internet" it is on audible if you don't have time to actually read a physical book I definitely recommend you checking it out.

I do appreciate everyone opinion though, it is good to hear different perspectives.

I think IPV6 is ready for the world and am baffled as to why it hasn't replace IPV4 already.

So, yeah - I agree.

I'm having the same issue.  I originally had IPv6 set up to track the 6rd connection on the WAN interface, but later switched to a static LAN IP with the DHCPv6/RA server, but even with that, I still only ever get IPv4 addresses in DNS (except for static mappings).  Google hasn't been much help, and I can't find anything helpful in the pfSense documentation, beyond settings for the IPv4 mappings.  Any suggestions?

I'm ignoring it…

found it: services.inc