@jknott [image: 1664864944764-99a04cc3-fb1d-4f02-b4c7-cff09faa9eb0-image.png] No. Time Source Destination Protocol Length Info 6370 183.350531899 fe80::208:a2ff:fe12:49f2 ff02::1 ICMPv6 198 Router Advertisement from 00:08:a2:12:49:f2 29679 664.793636676 fe80::208:a2ff:fe12:49f2 ff02::1 ICMPv6 198 Router Advertisement from 00:08:a2:12:49:f2 32056 1034.144777006 fe80::208:a2ff:fe12:49f2 ff02::1 ICMPv6 198 Router Advertisement from 00:08:a2:12:49:f2

@mrsunfire I just upgraded to 2.6 and this is STILL an issue....

@mikev7896 Thanks. The setting you recommend was set. I don't recall setting it. Maybe in CE 2.6.0 it's a default? More things to learn...RDNSS, etc. Sigh.

@jknott I went for the nuclear option and rebooted pfSense and it's working fine now. [image: 1664639933263-5293d4c1-c90f-469b-a961-d55af208eeec-image.png]

@mariatech Maybe this will be helpful luckman212/assign-gua-from-iapd - GitHub

@ddbnj I'm on FIOS too (NYC) and spent just about the entire week messing around with and learning the ins and outs of Verizon's implementation. There are definitely some sharp edges but I'm pretty happy now with the way things are working. You might want to check out my helper script to assign a routable IP (GUA) to your WAN from one of the delegated prefix subnets. Link below luckman212/assign-gua-from-iapd - GitHub

I realized the problem was my bridge so I am in the middle of a complete redesign of my network. Will post back when I know more. Hopefully the family wont object too much to the down time.

@johnpoz said in odd ipv6 routing issue: Been in the business for some 30 years, before there was even switches. So, you're a newcomer. I've been in the LAN business since early 1978, before there was Ethernet or IP. It was on the Air Canada reservation system, where the LAN used time division multiplexing over coax @ 2 Mb or triaxial cable @ 8 Mb. I started in telecom in May 1972.

@roycethebiker Did you select 56 for the prefix size?

Looks like a bug has been filed by the dev team.

It is set on for me per my above post. But, I am on 2.6.0 (which is 22.2 config rev).

@pfadmin Assuming you want access from elsewhere, how would that help? You still have to allow the outside world to know what the address is.

@jagdtigger You said an ordinary computer doesn't work. Try complaining about and see what they say. I know it can sometimes be difficult to get through support.

@ddbnj said in Site to Site ipv6 best practice GUA vs ULA: I'm still using IPv4 tunnels but am transmitting IPv6 packets across. I do the same. I don't run the tunnel over IPv6 due to DNS issues. My IPv4 address is an alias that points to the ISP provided host name. Using the alias prevents the DNS server from returning the IPv6 address, which is a regular AAAA record. However, pfSense is configured to allow either IPv4 or IPv6.

@jarhead said in xfinity/comcast ipv6 issue: But the CGNAT issue I agree with and is valid. Other than that, no reason for IPv6. When NAT first came out, it broke FTP clients. It breaks VoIP and some games, requiring STUN to get around it. It breaks IPSec authentication headers. It adds work load to routers. IPv6 provides far more than enough addresses. IPv6 adds security features. IPv6 improves router performance. Etc..

@jknott The packet capture via mac address is a good idea. If I decide to create an IPv6 table for my local devices, I'll use it. Regarding routing, I realized that I have to add a route for ULA devices if I don't create an address for the interface itself. It's for devices on a different VLAN to reach ULA devices (admin to IOT). Anyway, thanks for your insights. Learning and deploying IPv6 has been pretty time consuming, I got to catch up with my real life! Thanks, Devan

@mloiterman Make a /128 Virtual IP address on your WAN in on of the /64s you want to route downstream. Make a WAN rule passing ICMP6 to that address. Ping it from the outside. Until that works you're not going to be able to route it downstream. pfSense is doing what it's supposed to be doing with the /64s on a tracked inside interface. That doesn't mean it's a new delegation. Just that dhcpd is adding that prefix to that interface from the delegation. Go to System > Advanced, Networking and enable the debug on dhcp6c. Then edit/save WAN. Then go to Status > System Logs, DHCP and filter on Process: dhcp6c. See what is there. That should show you the prefix that was assigned.

[image: 1660614575912-2c9312f5-1be0-42f0-82b9-37c99c93416b-image.png] I only keep zipping files since this webpage doesn't accept my native uploads. The screenshots have to be less than 2MB or they get rejected. The only way I could get the screenshot that small was to make it a PDF file which isn't accepted. Saving it as a .BMP or .JPG the file was just over 2MB and wasn't accepted. Frank