@joe90 If it is assigning an address from with your prefix, then that address will start with your /56 prefix. I don't have any experience with IPv6 on PPPoE or with OpenWRT, so I don't know what else to check. However, you don't need a WAN GUA. If you want to access pfSense from elsewhere, you can use the LAN interface address.

@jknott I see, i need to take a closer look to the virtual IP settings

@aeminkocal Is the VM set up as a bridge or NAT connection? If NAT, the IPv4 address will be in a different subnet than the LAN and IPv6 won't work. You need to bridge the interface. Also, it might help to mention which VM you're using.

After I reset pfSense, and did a new setup, the issue still remain. I can't connect to archlinux.org via IPv6. @johnpoz said in Not able to connect to some website: I would suggest he moves his lan back to 1500, and then get with his ISP for the proper setup for his wan connection.. A common pppoe mss clamp size is like 1452.. But for optimal working with his ISP he should contact them for proper setup. I agree, I should consult my ISP for help. I left MTU and MSS default. Will it related to PMTUD no working? The last result might be using pfSense in transparent mode. I've never tested it yet. Another issue is ICMP req always failed (tested using ipv6-test.com), even I allow it on WAN interface. This didn't happen on my last configuration, which is pretty much the same as this one except I left DHPCv6 enable. I think I disable DHCPv6 last time, MyPC use RDNSS instead. I'm scratching my head off.

I just now found a small config in the bridge advanced setting: [image: 1652816053276-screenshot-from-2022-05-17-21-33-59.png] My local hosts now have an autoconfigured ip in the LAN-range (At least, I assume it's auto-configured, since the dhcp6 server isn't working still) Routing is still all broken though, so it's only a small boon (And probably isn't helping the hosts in question at all, having to realize ipv6 isn't an option after timeout) Still - Wanted to keep you guys posted, if this could trigger something

Attached pcaps: VM2.pcapng VM1.pcapng

@swtw122 So your provider gave you a /56 on WAN? What provider is this? OVH?

@johnpoz said in IPv6 can not connect to IPv6: I vpn into my pfsense over their translation setup just fine.. Not saying that couldn't be an issue.. NAT breaks IPSec authentication headers. Other VPNs, such as OpenVPN use plain UDP that passes through NAT. Also, WiFi calling uses IPSec in UDP for the same reason.

@jknott The USB-stick in the default mode is firewalling the traffic, preventing me from listening for connections. The built-in web-UI also doesn't have any option, whatsoever, for port-forwarding. As for PPP, yeah, it's old. NCM-mode would be faster, but it's apparently not supported by pfSense.

Hi @mrpete The discussion here may assist you: https://forum.netgate.com/topic/152194/solved-firewall-log-entries-flooded-for-ipv6-5353

@georgemv You set a unique prefix ID for each interface. You do this in theIPv6 Prefix ID box. With a /56, your choices range 0 - ff.

@johnpoz Yeah I was just so into it being an inbound problem I didn’t test outbound for a while. D’oh! My assumption was the data center was good…

@jknott said in Routing IPv6 ULA across interfaces: @offstageroller said in Routing IPv6 ULA across interfaces: They appear to create their own ULA addresses that have nothing to do with my router (pfSense), and since I don't run a consumer router that allows all by default and only has a single subnet, things start getting blocked. Is your modem in bridge or router mode? The modem from my ISP provides both GUA and ULA addresses when in gateway mode. My modem is in bridge mode. My pfSense WAN interface has a link local and global address assigned to it. My modem does not appear to be offering a ULA address to that interface.

@tzvia yes Interfaces widget shows the public one. I was using Gateways just as a quick summary for Interfaces -obviously bad idea- because there are many VLANs, much better idea seems to be a second Interfaces widget showing only the WAN interface so that solves my request. I still dont know why I was seeing public IPv6 address as the gateway before but maybe I am confused and remember something else, I dont have 2.5.2 at the moment to check.

@steveits I noticed the ipv6 gateway isn't right on the vm

@dwren78 Hmmm this is frustrating, could you describe what is happening in more detail? I am confused why it works when you have the Smarthub ahead of the pfsense router. I am not familiar with configuring the smart hub as a bridge, so where is the pppoe authentication done, in the smarthub or pfsense? Are you getting a v4 address? Is the v6 interface up? Are you getting a link-local v6 address? Dumb question, but I am going to ask it anyway, are you using your bt business pppoe username/password? cheers F

@dem Do they offer 6rd on wireless? My carrier, Rogers, provides native IPv6 on wireless, but only a single /64. This means the device connected to wireless will get an IPv6 address, but not any device behind it. A bit of history. Many years ago, my wireless carrier was called "Cantel AT&T" when they partnered with AT&T. This goes back to when Rogers owned part of Unitel, a company I used to work for, and AT&T had a slice of it too. Even now, AT&T is the preferred company for Rogers to roam on in the U.S., though I think T-Mobile is the other choice.