It seems that it's not a problem. The problem was routing in the pfsense box. Re-save the gateway config and apply changes re-establish all OK.

@ineti: would it be possible to implement dynamic NPt in IPv6? Eventually, yes, but not in the way you're after. @ineti: Example: ISP –-> ISP Router ---> Pfsense ----> multiple Subnets with Unique Local Unicast subnets. That ULA subnets shall be mapped via NPt to the /64 network between the ISP router and the pfsense. [Emphasis Mine] That's your problem. You can't do that. It would require doing proxy NDP for the entire /64. Doing NPt only works with /64 subnets routed to you from your ISP. @ineti: Under NAT: NPt in pfSense 2.1 I could only add a static destination prefix. If my provider changes the assigned iPv6 prefix I must manually change the destination prefix. Would it be possible to add a "tracking feature" for the WAN Interface, so the destination prefix gets changed as well? That is possible but see above for why that wouldn't do what you expect it to do. Now it would be possible for things like DHCP-PD with a dynamic prefix delegation (routed subnet) which would work, but that will likely have to wait for 2.2. @ineti: My provider is only assigning /64 prefixes :-( Then they're deploying a broken design. You're supposed to get transport connectivity and a routed subnet. Even people using dynamic IPv6 methods such as DHCP-PD and 6RD get a routed setup in addition to a WAN-side address. It's not as if they need to be stingy with the address space… they probably just don't know any better.

This used to work a few months ago. Something broke along the way. My experience has been a little worse than priller, my Fedora boxes don't get the IPv6 DNS entries either. Haven't tested anything else really.

RC1 should be coming Really Soon Now

Never mind, rebooted the router and now the entry for my second interface shows up as expected. I also just read elsewhere that Comcast have temporarily suspended support for requesting prefixes shorter than /64.

@jimp: Link-local is valid as a gateway, and preferred in automated configuration cases. If you have that in your routing table, it must be coming from somewhere in the config, unless you haven't rebooted since it was removed before. I've put a copy of my config online on http://downloads.joolee.nl/config-firewall.vsl.domain.local-20130328110745.xml The only remnant of the Sixxs config is a dhcpdv6 entry on the LAN interface. I can't remove this without adding a static ip to the interface but I don't think it should be a problem. I've also installed numerous updates to pfSense 2.1 Beta since removing all Sixxs config data so it has been rebooted a lot of times. I'll try finding another unused PC to install a fresh copy of pfsense.

I believe I just figured out the issue.  v2.0.2 doesn't support IPv6.  Looks like I need v2.1 beta.  Ahh for the love of …..  :) -Alby

Still no luck. I just updated to yesterdays build. I hijacked http://forum.pfsense.org/index.php/topic,56880.0.html to post more information.

fix the array (remove the bad drive from the array and readd) as described at http://doc.pfsense.org/index.php/Create_a_Software_RAID1_%28gmirror%29 and then you'll have no issues updating.

Can you run a ping -S $WAN_STF_ADDRESS $monitoring address and see if that works?

I'm seeing the exact same thing. Low level tests work fine, but http is very hit or miss. Ipv6-test.com almost never works, and with test-ipv6.com sometimes it's great, sometimes it's terribly slow, and sometimes I fail the large packet tests. Ipv6test.google.com alternately tells me I don't have any ipv6 or that it's working fine. As more "regular" sites are starting to be v6 enabled I've actually disabled my HE interface since I've grown tired of the timeouts just clicking on links for leisure surfing. I'm on the March 12th build of 2.1.

@Sn3ak: I too had this problem, however I saw another post, and found clicking save on the He.net interface, fixed the issue, however on reboot it came back. My solution to the problem, was to change the recommended /128 subnet on both sides of the tunnel and made it a /64 as He.net specifies. Multiple reboots later, it's still coming up automagically and working. Hope this helps.. Mine survived a reboot, and then the update to the next nightly just fine once I "edited and saved" the gateway again, although I've always been using the /64 CIDR. Did you always have the issue with the route dropping? Or was it after a certain update?

Free text config area sounds like a good idea. As the saying goes: patches accepted :-) (or, preferably, github pull requests) So long as the new functionality doesn't break the old functionality, it's all fine. I haven't had time/funding/drive to work on this yet, but if someone else does, feel free.

What brokendash said is right. Make yourself some /64's out of the /48 and use them as you did the first routed /64 they gave you. You have 2^16 (65,536) /64 networks to use inside that /48. Don't spend them all in one place. :-)

IPv6 support exists is in the 2.1-beta version.

A linklocal address is fine, mine is  fe80::201:5cff:fe31:da01 And working just fine - can your clients ping an ipv6 address on the public net, say ipv6.google.com If so then your all good.  Is your pfsense lan getting a 2601: address?

Ok it was 0, I have deleted that and is now blank and rebooting.. Lets see what I get back on reboot.. Will edit post once it finishes reboot. So I changed it to blank and got NOTHING now for lan ipv6 other than linklocal And file is now interface em1 {        send ia-na 0;   # request stateful address        send ia-pd 0;   # request prefix delegation request domain-name-servers; request domain-name; script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please }; id-assoc na 0 { }; id-assoc pd 0 { }; Again – changing it back to 0 and rebooting again. So once I changed it to 0 before reboot when I look at status for lan I showed this again IPv6 address 2001:558:6033:12c::1 edit: ok after setting back to 0 on lan interface and rebooting I am now getting IPv6 address 2601:d:8b80:c0:250:56ff:fe00:2 Again -- this is working, but pretty shitting address for your gateway ;)  Why would it be such an address and not like 2601:d:8b80:bf::1 where it was before?  I would think the address should be 2601:d:8b80:c0::1