My ISP has, after weeks of fighting them on the matter, admitted that this is in fact their fault.

I would delete this thread, but I cannot.

@Fandangos said in Ipv6 almost working?:

https://www.reddit.com/r/ipv6/comments/evv7r8/ipv6_and_netflix/

Is this beyond what the end user is able to solve?

That was years ago (the reddit post : more the 4 years). When Netflix, like everybody else started to use IPv6. Netflix, for very understandable reasons don't want me to look at season 10 of Walking Dead, while it's already old and out in other countries. They use my IPv6 to 'know' where I connect from.
The thing is : they had not mapped the entire Ipv6 into a a GEO IPv6 database to determine where I connect from. [ 😊 and now they know that they will never be able to do so, as there isn't enough materiel on planet earth to build all the hard disks to store this database ]
Some IPv6 ranges, tough, are already listed : the ones from huricane.net for example, some sort of VPN IPV6 supplier. I was using them as they offered a good IPv6 implementation (way better as many ISP today).

The solution was an easy one : pfBlockerng !

Like this :

229110bf-a604-473e-9916-a319272cbd73-image.png

There is a list on this forum with all (there are several) netflix domain names that you have to enter.
Netflix, from then on, will be accessed over IPv4, and you'll be fine.

@tmoore said in Setting up ipv6 with one /64 allocation:

For what it's worth my ISP is Teksavvy. I phoned in to them this morning and asked them to give me a /56 address delegation which they have done. So now I have a /56.

Are you connected via Bell or Rogers? If Rogers, you might want to check the Rogers config. A friend of mine is with Teksavvy on Rogers. Another friend used be be with them on Bell.

As for that pending gateway, you have to provide a monitor address that responds to pings. For mine, I ran traceroute to Google and picked the first address that responded. That address is 2607:f798:10:10d2:0:241:5615:217. It might be different for you, depending on where you are.

@Kenneth_H said in IPv6 with framed IPv6-prefix:

it does however seem strange that the lease time is around 5 minutes

My lease time is over 164 hours.

@Spaylia

Well, I don't know what to say. It's a really strange system you have there. The MAC address comes from the NIC, not pfSense. So, if you're seeing the MAC, that is the 48 bit hardware address, on the LAN side, there must be some other path involved. This is why I asked you to provide the Packet Capture file, so that I can examine it in Wireshark.

@regiolis said in IPv6 not working on LAN:

hat's my case..... so i don't know how to do

Describe your Internet connection. For example, I'm on a cable modem, which I put into bridge mode. This allows DHCPv6-PD to reach my pfSense firewall, which will then provide IPv6 to the LAN.

I've just put pfsense 2.7 in for my parents Toob connection, it's a IPV4 CGNAT / IPV6 service and I think they allocate /56. Not needed to carve up VLANs etc. it's a flat network. I must check the log file myself to confirm what they had out.

@elbombo

Editing /conf/config/xml worked... ``` <dhcrelay> <interface>lan,opt3,opt4,opt8,opt25</interface> <server>10.200.0.233</server> <carpstatusvip>none</carpstatusvip> <enable></enable> </dhcrelay> <dhcrelay6> <interface>lan,opt3,opt4,opt8,opt25</interface> <server>xxxx:xxxx:x:xxxx::233</server> <carpstatusvip>none</carpstatusvip> <enable></enable> </dhcrelay6>

@chill_out said in Router solicitations not working on vlans (2.7.1-RC):

My understanding is that with ipv6 there's no more broadcasts, everything is either unicast or multicast

That is correct. The closest thing to a broadcast is the all hosts multicast. There are some differences, such as the scope can be specified and for some things, the hop count can be set to 255 as protection against a bogus packet being sent through a router.

Edit:

I found the solution, I disabled the DHCPv6 server, RA on Assisted and Priority on High, and on the LAN interface I left it on Track Interface. It works without problems even after the restart.

Thanks! @JKnott

@Lurick said in Do not allow PD/Address release - Specific Interface Only?:

needs it checked otherwise your IPv6 prefix will change

Yeah for sure could see that.. Because it would release it.. But not sure how some ISP would need a release from you - for stuff to work.. They might give you a different prefix anyway even if you don't release.. But not sending a release should have nothing to do with getting a prefix in the first place. you sure can not send a release when your first asking for one.

@Dough29 said in Subneting my /56 prefix to multiple internal LANs:

forum lafibre.info

That's where I go to check if any progress exists 👍

@FOOLiSH86 said in IPV6 on pfsense WAN:

I wanted to understand how to properly set up full ipv6 support on my pfsense

You might want to mention your ISP, as some might have issues. As for pfSense, you need the modem in bridge mode, as gateway mode won't work for this. Then you need to enable dhcpv6 on the WAN interface. Normally, you use SLAAC on the LAN side. I used unmanaged for RA mode. Try getting started and ask about any issues as you come across them. Also, someone might have already posted configuration for your ISP or similar. Here's the info for mine.

@JKnott

I appreciate your knowledge and input. Getting that deep with the ISP customer support is my fear. I don't know if its worth the effort. It would probably be easier changing ISPs :).

Luckily, the problem fixed itself after several days! I didn't change my PfSense configuration but I did bring the WAN interface down and back up again today. I guess whatever was hanging up the CMTS is fixed as it decided to honor the prefix delegation it supplied me. IPv6 traffic within that prefix range is finally routing back.

Thank you again.