I finally get my IPv6 connexion working with pfSense 2.1.4-RELEASE (i386) . Here are the steps I followed : checked "Allow IPv6" in "System: Advanced: Networking" enabled "Static IPv6" on the WAN interface and set IPV6_ADDR with /128 prefix let "IPv6 Upstream Gateway" to "none" run "route change -inet6 default IPV6_ADDR" (without %pppoe) enabled "Static IPv6" on LAN interface and set IP with /64 prefix checked "Enable DHCPv6 server on LANX interface" in "Services: DHCPv6 server" let "Router Advertisement" to "Disabled" added some IPv6 rules for LANX traffic

Right.. seemingly working when i did the following: Put a notch on "Only request a IPv6 prefix, do not request a IPv6 address " on my WAN dhcp6 setting. Also followed the other advice around and put LAN on "Track interface", added a WAN firewall rule to allow inbound source UDP 547, destination UDP 546 Internal clients get ipv6 address, and get 10/10 on the test-ipv6.com page. Well.. guess every ISP is different perhaps? C

@avink: This very much resembles the thing I have. I always have to start the DHCPv6 by hand. In my opinion it is because the PPPoE isn't stable when the DHCPv6 is starting. I actually got the dhcp6c command from your bugreport on redmine, thanks for that  ;) Running dhcp6c in a tmux by hand now, seems stable so far.

If i set the WAN interface to DHCP6 and delegation size to 48 (according to my ISP), and LAN interface to "Track Interface:WAN", my WAN gets a address like this: IPv6 Link Local fe80::202:1eff:fef2:8981%xl0  IPv6 address 2001:4610:a:b::xxx  Subnet mask IPv6 128 Gateway IPv6 fe80::2a0:a50f:fc7a:8b00 And my LAN gets: IPv6 Link Local fe80::1:1%bge0  IPv6 address 2001:4641:7766:0:21a:a0ff:xxxx:xxxx  Subnet mask IPv6 64 And internal clients also gets a IPV6 address.. However, im unable to ping anything related to IPV6. ping6 ipv6.google.com PING6(56=40+8+8 bytes) 2001:4641:7766::34cf:6c49:85df:9bb8 --> 2a00:1450:400f:803::1001 ^C --- ipv6.l.google.com ping6 statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss Ive added a WAN firewall rule to allow IPV6 UDP Source Port:547 Destination Port: 546. I also added WAN rule to allow IPV6 ICMP. What am i doing wrong? :) C

I am really looking forward to have a dynamic NPt that tracks my DHCP PD assignment

@razzfazz: Pass-through as in VT-d? Yes, Intel VT-d aka DirectPath I/O in VMware ESXi. The parent interface's name is "igb0". In contrast, the other two WAN interfaces were called "vmx3f1"/"vmx3f2" on pfSense 2.1 and are now called "vmx1"/"vmx2" on 2.2. By the way, I've switched from 2.1.3 to 2.2 since my last message in this thread. @razzfazz: The point is, the WAN interface that's the parent for your tunnel cannot be behind a NAT (including the NAT that many desktop virtualization solutions use for their virtualized interfaces by default) unless you set up the correct forwarding (proto 41 – note, not port 41! – needs to be forwarded to your tunnel endpoint). There's no NATing going on anymore (for the tunnel's parent interface at least). After your post I've set the upstream DSL modem to operate in transparent bridge mode and let pfSense do all the PPPoE magic. pfSense displays the exact same IPv4 address on that interface that various "What's my IP address?"-websites show me (like this one). Now that I figured I needed to use the "Update Key" instead of my password, pfSense's DynDNS client seems to work just fine, too. HE is constantly aware of any IP address changes. The tunnel is still not up however. :-X Edit: It's working! Well, after deleting my old tunnel and creating a new one and updating all the settings in pfSense accordingly I was finally able to ping servers via IPv6, but unfortunately most of the requests simply timed out. I stumbled across this video on youtube suggesting to set the MTU to the lowest possible value. So after setting the MTU to 1280 in pfSense and the HE control panel I got rid of that odd timeout problem. Still, I noticed some minor flaws: 1.) Gateway monitoring is stuck on "pending", no matter what I set the monitor IP to. (I just disabled monitoring for now.) 2.) A second/bogus GW popped up that I simply can't remove. It doesn't show up in exported settings, but as soon as I import the settings it's there again. 3.) The box on the right side of the tunnel interface on the first page of pfSense is blank where it should show the IPv6 address I assume. This behavior doesn't change whether or not I set "IPv6 Configuration Type" to none or static, providing the IPv6 address myself. Fixed as per 2.2-ALPHA (amd64) built on Fri May 23 08:08:31 CDT 2014! However, thank you for your time razzfazz!

Am I alone with this ? I played with the Pool and the Router advisement but no luck so far… any help ? Please

I set the MSS to 1000, and then it started working. No idea why it has to be so low, and it could probably be a bit higher, but I haven't been bothered to check.

@priller: 1e100.net is Google. Correct. See: https://support.google.com/faqs/answer/174717?hl=en

Yeah, for android devices is a must, they only use SLAAC.

Hey, thanks for the replies. I'll look into setting it up as a transparent firewall.

Thank you podilarius, I've turned off the default logging in the logger settings and do not see anymore ipv6 anything logging - which is what I would prefer.

@Criggie: @Criggie: I think this redmine bug is going to be related:    https://redmine.pfsense.org/issues/3357 Turns out that bug was not related.  Here's the current bug report for this  https://redmine.pfsense.org/issues/3544 SOLVED!  I don't know when the option appeared but under interface -> WAN there is now an option Use IPv4 connectivity as parent interface  [X] Request a IPv6 prefix/information through the IPv4 connectivity link So now I have full IPv6 native connectivity both inwards and outwards.

you filed it as a feature request, not a bug.. Its a BUG not a feature if dhcpv6 is running when your using dhcp-pd but you can not edit its config or even view what its handing out that is a bug not a feature ;)

Well, as pointed out before, using the same /64 on both the WAN and the LAN interface won't work, and since all you get is a /64, splitting out a sub-prefix will be problematic as well (IPv6 is really designed to use /64 as the maximum prefix size for LAN use; things like SLAAC will not work with anything longer). So, not sure what to tell you at this point.