@nevolex It is in System/Advanced/Networking if you are on plus.

@pfaai said in WAN doesn't get IPv6: I’m using my home connection to serve public services, Then you only need an address on your LAN, which you apparently have. That is I hope you're not planning on providing those services from pfSense. Also, better check your terms of service. Some ISPs don't like consumers providing public servers. I get a GUA on my WAN interface, but rarely use it. I use the IPv4 address for my VPN, but everything else has a LAN address, which I provide via my DNS server.

@jknott said in IPv6 routing over VPN: Can you spare another? Also, you can always use Unique Local Addresses for the tunnel. No. But the tunnel is not the problem. Here I already use Unique Local Adresses. Here is my IPv6 configuration, maybe it helps to solve my problem: Wireguard Server: [Interface] Address = 10.56.0.1/24, fe00::1/64 PrivateKey = ******************** ListenPort = 51820 [Peer] PublicKey = ******************** AllowedIPs = 10.56.0.5/32, fe00::2/128, 2001:********************::/64 At the wireguard client side (the pfSense) I use the fe00::2. This works. But the routing/NAT between my DMZ server and the pfSense is not working: On the pfSense DMZ interface (which I gave no IPv6 ip) I have the following static route: 2001:******************** 3c:ec:ef:70:6d:ba UHS igb2 On the DMZ server (with the ip 2001:********************:21/128) I configured the route back as the host route: [::]/0 fe80::3eec:efff:fe70:6dba UGH 1024 3 0 ens18 And here comes my problem: Direct ping to fe80::3eec:efff:fe70:6dba (the pfSense's link local address) works. But no NAT or routing to other targets.

I am now getting IPv6 addresses assigned by Starlink again. I didn't change anything but just noticed it today. I enabled WAN ping and can ping it from the mobile network. I am running rtsol every two minutes. This hasn't worked for over six months, but today I noticed it was working again.

@buzzman said in Spectrum config for IPv6: the IPv6 default gateway is not accessible. You're using a link local address, which does not work. Find a GUA somewhere beyond the gateway and use that. I did a traceroute to Google and used the first GUA that turned up. Link local addresses are commonly used for routing with IPv6.

@jknott Well I just learned something new today, thanks!

@mcbrown90 The FDxx... address range is private so it's not going anywhere on the internet no matter how hard you try. FE80 is link local. I don't see in your screenshot any internet routable IPV6 addresses being blocked. If you are using Windows computers, open a command prompt (type CMD on the start menu search box) and type "ipconfig /all" to see what IP addresses your computer is getting. You should have multiple IPV6 addresses, not just the link local and the private FD. [image: 1670085641705-246f174f-82a2-4596-bcd0-0d6028dd33b7-image.png] You would have had to setup how IPV6 addressing is accomplished via router advertisements under SERVICES/DHCP6 SERVER AND RA. Choose ROUTER ADVERTISEMENTS and set the ROUTER MODE to either UNMANAGED or SLAAC. I set mine to SLAAC and input my two DNS servers in the DHCP6SERVER section, so that my devices get my DNS server addresses while also setting their own IPV6 addresses automatically without using DHCP6. UNMANAGED should work if you don't have DNS server addresses you wish to push to the clients. But in the end, your clients need to have Internet routable IPs, not just ULA (unique local FC/FD) addresses.

@maanbsat First thing to try is to turn on DHCP6 Debug and then look in the logs.

Solved. I had to reboot the pfSense after enabling IPv6 track interface on LAN2.

@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY: While they provide a global WAN IP, it's not used for routing. Same here. That is why I think using one part of the prefix for WAN wouldn't be a technical problem, just waste of one /64.

@jknott Because GUA with a dynamic prefix is problematic, especially for hosts that don't get notified that the prefix has changed. So for now, only pfSense has to know for its WAN interface. That does work better, as long as pfSense is the first router.

@lolo54000 said in Ipv6 configured but unable to ping internet: In my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6 To have a router in front, you would need: an IPv6 for the router WAN an IPv4 for the router WAN OVH to route your other IP addresses to those IPs your servers to use your router LAN IPv4/IPv6 as their gateway It sounds like they are simply not set up to handle a router, like you're asking for.

@casperghst42-real-one working here on a 2.6 [image: 1666540604231-workshere.jpg] You can't just leave ::1000 and :2000 You have to set the full range.. Those are just place holders.. That range is quite large 2a06:4004:1234:1:: to 2a06:4004:1234:1:ffff:ffff:ffff:ffff Maybe you want to hand out 2a06:4004:1234:1:42::1000 to 2a06:4004:1234:1:42:2000 so those ::1000 to ::2000 are just place holders for the actual IPs that could be handed out in your selected range. So you have to be specific on your actual range you want to use.

@mariog Thanks for the link. I'll keep an eye on this.

@cyth The gateway is part of the basic RA. The DNS server is an optional part of it and NTP server would require stateless DHCPv6. If needed, you could still rely on IPv4 for those too. However, using DHCPv6 for device addresses will fail for Android devices. Unmanaged is fine, unless you need stateless DHCPv6. The prefix for the alias is the first 56 bits of the addresses (assuming /56).

Like @nogbadthebad I've : [image: 1664873716247-ee3c2974-942b-413f-86ef-40816c315c2d-image.png] and added all the devices that I wanted to give a DHCP static IPv6 lease, like @NogBadTheBad Apple devices play very well with this. Zero issues for the last ... decade or so ?! ( I never had to use an Android based device in my life ) Even if the DUID are not added to the DHCPv6 static mappings list, it works well, an Ipv6 from the pool is used.