Resurrecting an old thread because I recently got around to setting up RFC2136 in bind and I can confirm that the IPv6 patch works, so I used a variant of it and it'll be in 2.1.

I'll give it a shot for sure. Thank you for your efforts.

If you have native IPv6 on 2 wan interfaces you will have to resort to NPt for now. There is no real other solution yet, except getting BGP.

Which I can recommend but is likely outside the budget.

Yeah, it does work with both Protocols "as is"

@Michael:

And at the beginning of the string, not anywhere.

if(! preg_match("/^fe80:/i", $_POST['gateway'])) {

Fixed, thanks!

Yes.

Phew, the solution was hard to find. I have a MAC based VLAN membership configured on a switch port for the DMZ VLAN. This MAC based VLANs are built with untagged member ports. The advertisement was sent to ff02::1 over this port and reached all clients behind not only the VLAN members.

Alex

You should have been given two subnets. One, a /64 or smaller between you and your ISP for routing/interconnect.

Second, your /48 should be routed to your WAN-side CARP VIP.

Only then can you use addresses from any section of the /48 on your LAN.

Runs fine, but clients do not get any ipv6 related setting.
Even track interface seems not to work anymore since my LAN interface also has no ipv6 anymore, without changing anything on pfSense!
Seems the whole ipv6 support is extremely buggy on Fritzbox or pfSense side.

Even better as I just recognize: As long as mein LAN interface has a IPv6 adress, pfSense will hardcrash from time to time. I already sent 3 crash reports. The funny thing: if the interface does not get a IPv6 adress, there will be no crash.

Hopefully some dev is able to trace that down with the debug logs uploaded…

Dan

It seems that it's not a problem. The problem was routing in the pfsense box. Re-save the gateway config and apply changes re-establish all OK.

@ineti:

would it be possible to implement dynamic NPt in IPv6?

Eventually, yes, but not in the way you're after.

@ineti:

Example: ISP –-> ISP Router ---> Pfsense ----> multiple Subnets with Unique Local Unicast subnets. That ULA subnets shall be mapped via NPt to the /64 network between the ISP router and the pfsense.

[Emphasis Mine]
That's your problem. You can't do that. It would require doing proxy NDP for the entire /64. Doing NPt only works with /64 subnets routed to you from your ISP.

@ineti:

Under NAT: NPt in pfSense 2.1 I could only add a static destination prefix. If my provider changes the assigned iPv6 prefix I must manually change the destination prefix. Would it be possible to add a "tracking feature" for the WAN Interface, so the destination prefix gets changed as well?

That is possible but see above for why that wouldn't do what you expect it to do.
Now it would be possible for things like DHCP-PD with a dynamic prefix delegation (routed subnet) which would work, but that will likely have to wait for 2.2.

@ineti:

My provider is only assigning /64 prefixes :-(

Then they're deploying a broken design. You're supposed to get transport connectivity and a routed subnet. Even people using dynamic IPv6 methods such as DHCP-PD and 6RD get a routed setup in addition to a WAN-side address.

It's not as if they need to be stingy with the address space… they probably just don't know any better.

This used to work a few months ago. Something broke along the way.

My experience has been a little worse than priller, my Fedora boxes don't get the IPv6 DNS entries either. Haven't tested anything else really.

RC1 should be coming Really Soon Now™

Never mind, rebooted the router and now the entry for my second interface shows up as expected.

I also just read elsewhere that Comcast have temporarily suspended support for requesting prefixes shorter than /64.

@jimp:

Link-local is valid as a gateway, and preferred in automated configuration cases.

If you have that in your routing table, it must be coming from somewhere in the config, unless you haven't rebooted since it was removed before.

I've put a copy of my config online on http://downloads.joolee.nl/config-firewall.vsl.domain.local-20130328110745.xml

The only remnant of the Sixxs config is a dhcpdv6 entry on the LAN interface. I can't remove this without adding a static ip to the interface but I don't think it should be a problem. I've also installed numerous updates to pfSense 2.1 Beta since removing all Sixxs config data so it has been rebooted a lot of times.

I'll try finding another unused PC to install a fresh copy of pfsense.

I believe I just figured out the issue.  v2.0.2 doesn't support IPv6.  Looks like I need v2.1 beta. 
Ahh for the love of …..  :)

-Alby