thanks for the this response too let me know when it is added to the code thanks for everything!

Cino has it just about right. Once 2.0 ships the current ipv6 code from databeestje will likely be pulled in and used as the basis for 2.1 from that point. Obviously many other things will go in to make 2.1 proper, but that will be a good starting point to jump ahead on ipv6. The current ipv6 code is periodically synced up with 2.0 proper to make sure there isn't too much divergence between them. Many of us devs are running the ipv6 code on routers in various places trying to help track down issues. I run it at home on my router and use a he.net tunnel, it works great for me (aside from some dhcpd issues which have probably been fixed since my last sync.)

@billm: That's a horrendously large sync.  Looks like it has over 1100 changed files, I'm not totally surprised it's making Firefox cry (mine didn't die, but it certainly had massive issues rendering the page).  If it's any consolation, I'm reasonably confident that our Gitorious install wouldn't have been any happier with it. Gitorious would have just refused to show it entirely, "too large", so it loading at all is definitely an improvement. Gitorious had that nice habit of doing that to small diffs in some circumstances too. That page indeed takes a long time to load but that's just the massive amount of stuff there. Chrome loaded the page about 5* faster than Firefox 4.

@Kampfwurst: i got the same error. Is it possible to post the fix It still doesn't work for me, but I have added the IPv4 and IPv6 gateways manually. When I have the time I will do a fresh install and restore the configuration and see if it works better.

didn't know that, thanks for the info!

@billm: Should be fixed here: https://github.com/smos/pfsense-ipv6/commit/fed025ea776a0f8ec2a7b324c73dbac9c72a2c6d ha, you were faster. i digged in the code myself, and was just about to commit a patch myself, but yours is more clean than mine.  :D

Ok looks like reached max attachment size - had to create new post. This does seem a bit odd?  I looked at the total blocked ipv4 in after generating some ipv6 traffic, that shows as ipv6 passed in – this is odd.  Is this what your seeing?  See 3rd attachement [image: isthiswhatyourseeing.jpg] [image: isthiswhatyourseeing.jpg_thumb]

You're welcome guys :)

Yeah I saw that ;) hehehe Right place at the right time I guess!  Saw the fix right after I posted. Maybe I should play the lottery today ;)

I've found that the default route might dissapear when the parent interface goes down. I have not debugged that.

Yeah I think that is a 2.0 thing. I'm not exactly sure what the criteria are for showing up there, but it should be gateways listed there, I thought. Looking a bit deeper we already have a ticket open for that: http://redmine.pfsense.org/issues/785 But it's set to 'future' since it's more of a convenience and could be done via static routes as well.

The remco bressers post is indeed hackery. And as you also mention this is very different from the current IPv6 code in my branch which is far more turn key. I just setup another v6 box at work, and it's becoming easier, just plug in some addresses and it works. That was the whole intention of pfSense. Your advice on configuring proper IPv6 over fiddling around is a good suggestion. It's far more valuable and less likely to break your internet in interesting ways. :-)

This sometimes happens, it's reproduceable, I have not investigated.

Have not done this since moved tunnel endpoint to my pfsense box.. Much better way to do it!!  Now you have firewall control at pfsense, etc. But to allow the tunnel endpoint to be box on lan side of your pfsense box, allow ipv6 traffic and put in the lan side IP address you want to be the endpoint, example 192.168.1.100 or something, whatever the IP of your box is that is going to be the endpoint of your ipv6 tunnel. [image: ipv6behindpfsense.jpg] [image: ipv6behindpfsense.jpg_thumb]

I have not attempted a gateway pool yet. And that doesn't work with a gateway pool anyhow, any attempt to send out traffic from a HE address through the Sixxs router will fail. The only way to make that work is by performing NAT and there is no provision for that. You can not add multiple v6 subnets on the same interface either. The only trick you could theoretically use here is performing network prefix translation. So if you have 2 /64 subnets, one from each ISP you can then translate this network when traffic leaves the network. I do this by assigning a ULA range on the LAN, then create 2 mapping, 1 for each WAN with each network prefix. This so that traffic leaving either interface is using the netblock from the correct ISP. Not much different from ipv4 nat, but subtly different.

Oh yes - I forgot that part :-) One of the reasons why some of the big ones are dragging their feet is also that they earn A LOT of money from charging extra for official IP addresses. How many addresses should a non commercial have? Give each one a /64 subnet - don't try to create artificial limits. It is a new world - deal with it. If someone want to set up a server at home - let them do it. I think ISP's should realise that what they provied is a connection. What this connection is used for - reading the newspaper, watching TV, listening to radio, online purchases, research, running your own server for your blog - that should all be up to the person paying for the line. You can differenciate on the guaranteed quality you are offering - commercial customers could get two lines in through different connection points so it is less likely they will loose connection - home users will obviously only have one line and multiple single points of failure. Also, a home user line is always oversold - I don't know any ISP that actually has enough bandwith to give full speed to all customers at the same time. A commercial customer could receive minimum guarantees of bandwith/speed. There are ways to differentiate commercial and home users. But it should never be on what they can do with their line. That would be like Ford denying you to carry tools that you use at work in your car because it was not bought as a commercial vehicle.

I've decided on the options disabled, managed, unmanaged, combined. Fix forthcoming later.

@iFloris: There is a script on the he.net website to change your ip. By installing cron and calling the script every 24 (or so) hours, you can sort of automatically update your endpoint. That sounds like something that would make a good candidate for a dyndns update type.

@databeestje: Outside of the snapshots I don't have these binaries Download a snapshot, extract the racoon, setkey and racoonctl binaries from /usr/local/sbin and upload those to your install thanks for the quick reply… As I was driving into work after posting this, I thought of trying that in-case there is not binaries to download.

2.0-RC1-IPv6 (i386) built on Tue Mar 15 13:14:13 EDT 2011 Not entirely sure if this is an IPv6 thing or just an RC2 thing… searched a bit but didnt find anything on it over in that forum. Since last Thursday, i'm not sowing any wan-out data (IPv6 or 4) in my rrd traffic or packets graphs. Nothing sticking out at me in the logs either. Anyone else seeing this?