Here's the feature request for it… https://redmine.pfsense.org/issues/3029

Since this morning the LAN interface had no public IPv6 address, and now I returning on pfSense and the LAN interface has received its IPv6 address .. Why must wait several hours before the interface obtains its IPv6 address? Now : [image: 638847Untitled1.jpg] But if I reboot pfSense now I know I should not have IPv6 address on my LAN interface for some hours…

@Maarten90: … some say that setting a MTU of 1492 fixes this... Salvation of (jumbo) MTU issues for IPv6 are actually beyond control of the end-user; RFC4638 must come into effect first at all locations. The other problem is that many global server-admins block IPv6 ICMP signals. So the test is useless or excluded. The best you can do, I think, is maybe set the value to 1492 at the first host which is your FB. [see FB>Internet>Account Info>IPv6>Addtional Settings>] So then the FB announces the right thing to pfSense (and you let that box to the default 1500) (Sofar I experience no webpage problems, my ISP FB-config ships max MTU 1492 as a temp. solution) N.B. some config changes require a reboot in download sequence of the 2 cascading boxes, and then a DHCP6(PD) ISP refresh-cycle (upto 1 or 2 hrs). So look & wait until your pfSense-LAN IPv6 number is back and up…

Hi Leeph, I've exactly the same issue as you! Suddenly, my IPv6 connectivity dropped and I also detected that outgoing packets are sent to the ovpns1 interface!? Could you please give more details about your fix? <update>Here is the route which affects my traffic: ff02::%ovpns1/0 fe80::200:24ff:fed0:6950%ovpns1 U 0 78423 1500 ovpns1</update> Tx! @xme

Ended up opting out and getting a Cisco EPC3825 that can do both pure bridge and "IP Address Pass-through " feature. In other word no double NAT issues and Fritz!Box half locked config from operator.

@gadams999: Do you have a Comcast provided router or your own? My SMC router is only giving /64 PD's. I think customer routers/modems are getting /56's according to Comcast, but still collecting info. Any device being used as a MODEM (either leased or owned) can have whatever router is connected request whatever prefix size is available based on your class of service (residential /60 or business /56). Any device being used as a GATEWAY - a modem and router combined into one unit - will only likely request a /64. If a GATEWAY device is put into BRIDGE MODE (some allow you to do this in the web-based GUI, some require calling Comcast), this essentially makes it function similar to a MODEM, and your own router can request whatever prefix size is available based on your class of service. Comcast has been moving away from renting regular modems, and mostly rents gateway devices now. This has allowed them to raise their rental fees ("We're renting you more than just a modem now, we're renting you a modem AND router!") as well as have some management control over the router portion.

Hi! I experienced the same problems. I was able to fix this with the attached patch. I'm not sure but probably we should file a bug report. The problem is that tcp resets get filtered as the 'pass out' rule for  the firewall itself is limited to TCP SYN pakets. However I still receive no ICMPv6 unreachables if i'm trying to reject IPv6 udp traffic. Here the patch: diff --git a/filter.inc b/filter.inc index c49403a..a4e3c45 100644 --- a/filter.inc +++ b/filter.inc @@ -2854,8 +2854,8 @@ EOD;         $ipfrules .= << <eod<br># let out anything from the firewall host itself and decrypted IPsec traffic -pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" -pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself" +pass out inet all flags any keep state allow-opts label "let out anything IPv4 from firewall host itself" +pass out inet6 all flags any keep state allow-opts label "let out anything IPv6 from firewall host itself" EOD;</eod<br> Cheers

If you're getting a WAN IPv6 address and a LAN prefix via DHCP… The IPv6 setting for your WAN interface should be set to DHCP. On the LAN interface, you should set your IPv6 setting to Track Interface, then in the IPv6 section select WAN as the interface to be tracked. If you're getting a /64 prefix from your provider then the field below should be 0.

It appears to be working now.  All I did was go into the LAN interface in the interfaces section of pfSense, (changed nothing) clicked save, and then did the same on my WAN. As I said, consistently inconsistent .

@kejianshi: You will like it.  Too bad its not replaced IPV4 significantly yet. Looking forward to it …. might be ready to retire when it finally become mainstream.

Was afraid of this answer. Yes, it´s a good thing - for me the admin. Not sure, my users will appreciate as much as I do. Thanks     Martin

I persuaded my colocation service provider to allocate a range of IPv4's to me so my panic is over. I even considered buying a /24 range of IPs, but that would cost around £2100 which didn't strike me as fun. I'll test IPv6 slowly - seems to me we're a long way from actually using IPv6 in Europe. Probably decades.

I'm really freaking out here. This Fritzbox doesn't do PPPoE Passthrough with current firmware 6.something. My other modem doesn't sync and now I'm pissed with this crappy software / hardware. Seems like I need even another Modem.

It's my understanding the broadcast are gone in IPv6 so you need to specify your router (Ra) in ipv6 in the absence of a dhcp server. That way devices will know their gateway. I wouldn't advertise my router on the wan and but could be missing something.

@Derelict: DHCPv6 is out because you can't set up DHCPv6 on a dynamic interface, which a "Track Interface/WAN" is. Because you can't get into that menu, you can't set any RA characteristics for that segment either. There is a way to run DHCPv6 on a dynamic LAN interface.  It is probably considered unsupported and exploitation of a bug.  But, mine has been running this way for over a year.  This is with 2.1.x Configure your LAN for a static IPv6 address (just make something up). Enable DHCPv6 Server/RA. Go back and change the LAN interface to dynamic with WAN Tracking.    It will prompt you to disable DHCPv6 Server.  Do so and then finish the LAN interface configuration. config.xml will be left with a remnant like … <dhcpdv6><lan><ramode>assist</ramode> <rapriority>high</rapriority> <rainterface><radomainsearchlist><range><prefixrange><defaultleasetime><maxleasetime><netmask><failover_peerip><domain><domainsearchlist><ddnsdomain><tftp><ldap><nextserver><filename><rootpath><dhcpv6leaseinlocaltime>yes</dhcpv6leaseinlocaltime></rootpath></filename></nextserver></ldap></tftp></ddnsdomain></domainsearchlist></domain></failover_peerip></netmask></maxleasetime></defaultleasetime></prefixrange></range></radomainsearchlist></rainterface></lan> 4) The DHCPv6 Server will continue to run and hand out address on the dynamic IPv6 network.  To make any changes to the DHCPv6 Server/RA you need to directly edit the config.xml. **Caveats** + I have not tried to make a lot of edits to the config,  have just let it run on "auto-pilot".  No advanced configurations. + This is apparently "unsupported" and may stop working at anytime, due to code changes to the base system. + Not recommended to production environments.  **Other** This explains why I noticed this behavior:  https://forum.pfsense.org/index.php?topic=83534.0 It is possible that this behavior lead to major problem when I upgraded to 2.2-BETA:  https://forum.pfsense.org/index.php?topic=83256.0</dhcpdv6>