Well... Actually i had quite the same problem as in the referenced thread: The issue was also caused by the WLAN infrastructure (but ExtremeNetworks AP130 AP250 Firmware 10.3.x). I have connected the conspicuous devices to the "WIFI VLAN" via USB-RJ45 adapter and have not seen any problems in the IPv6 connectivity. I also made a case to the WIFI vendor.... Sorry for the noice.

@hmf said in IPv6 and internal DNS registration: Version 21.05.2-RELEASE (amd64) I'm on 2.5.2 (amd64), which is the latest for non Netgate gear. I didn't know there was a version 21 for AMD.

@johnpoz You may not need it now, but the more people procrastinate, the longer it will take to move to IPv6 and the world as a whole will suffer for it. The shortage of IPv4 addresses was obvious many years ago and even to me, when I was just learning about IPv4. I remember sitting in the class and thinking to myself that 4B addresses wasn't enough. We need more mandates to provide IPv6, just as happened in India, China and elsewhere. The move to IPv6 is being driven by the 3rd world, when we should be leading, not following. In Canada, many companies are providing IPv6, but for some reason not Bell Canada, where even on their cell network, where IPv6 is mandatory for 4G, they do a poor job of it. Curiously, Telus, which is Bell's partner (they even shared cell networks) in the western part of the country, was one of the first to provide IPv6, even before Rogers, which I'm on. All the Canadian cable companies I'm aware of provide IPv6, as do some of the resellers that use Bell's ADSL network or Rogers' cable. Sticking with IPv4 is crippling the Internet.

@jknott Thank you so much for pointing that out. The presense of the 192.168.0.0/24 address should have been a clue. Stupid me didn't think of bridge mode. I was able to enable bridge mode and everything is working as expected.

@linuxtracker I tried but still the same problem The name resolution works but I cannot ping nor access a LAN device in IPv6. Thanks

I realized my /60 prefix from Xfinity had changed, once I updated the NPt mapping all is well again. I was thinking that if the prefix changed, the v6 gateway would go down - but, that didn't happen. If anyone has any suggestions for how I might monitor a prefix change without using DHCP6 I'd be very appreciative. Unfortunately, I don't think I can have two interfaces each pulling prefixes with DHCP6: https://redmine.pfsense.org/issues/6880 My workaround was to get the prefix through DHCP6 on the Xfinity interface, then use the assigned ipv6 address, gateway and prefixes to for a static configuration. Can't figure out a better way...

@bob-dig Windows is my home's Domain Controller, DHCP (DHCPv6) and DNS -- soon to be LDAP. I make all address reservations in Windows Server 2019. I am hoping that once I get to the LDAP configuration - I can set pfSense to use LDAP credentials to login - rather than the local account I use now.

@jpvonhemel COMCAST support forums are a huge Joke!!! You got all the COMCAST Staff in there telling you their favorite answer "that configuration is 'not supported'" Trust me - I have B.T.D.T (been there done that). I think I got it working in another way - back to 19/20 - still cannot figure out why I cannot get Hostname for ipv6 to show on the test. I can ping the IPv4 and IPv6 address of the DC and pfSense with name resolution - and they come back with the name from the DC. [image: 1636250571370-b9bcc81a-ac80-4924-ba03-21e23fd72d2e-image.png] From other machines on my network I get this [image: 1636250385736-900cfeeb-31b2-4629-81d9-091153f2d818-image.png] It resolves the NAME - but get ping failure. I checked the Firewall on that workstation and ICMP is on - otherwise it would not have resolved the name or pinged at all.

My comment keeps getting auto-flagged as spam (not the first time) so here's an image of it. [image: 1635365980056-reply.jpg]

This all worked for a couple of years but we have had some Hyperoptic upgrade done in the area and it has broken IPV6 connectivity using DHCPV6 (default configuration). Trying to work out what is best to do at the moment but wondering if anyone else has seen this? Only way of getting IPV6 right now is using the ISP provided kit which isn't giving much away about configuration. I'm not hopeful of a solution right now as I've seen several other forum posts where people have either been able to get IPV6 working on their connection or not and if it works it seems to just work in the way described above but if it isn't working nothing seems to get it on, but will be trying a couple of options with PFSense over the next few days as we have a lot more info from the logs than on most of the other routers out there.

Success! Thanks so much for the help. Very much appreciated.

@jknott Enough. I got my first "computer" when we could buy the parts at Radio Shack, 1973... Had you told me I won't see anything in the captured file going in, maybe different result. OR had you told me how to use Wireshark so I could see...I can certainly figure out Wireshark. Again being smarter than me about operating systems does not mean you get to be... never mind. I have IPV6 working fine now by the way if your interested. Dropped using 2.6.0, back to 2.5.2 and found a guy in this area also using Comcast who has a "IF you use Comcast here's how you setup PFSense" step by step. IPV6 fine. Have to wait until this evening to test Nintendo Switch on-line game access.

@rodrigocamargo said in Endereço IP: 1 Digamos que a pessoa irá criar uma rede na empresa dela e usará o IP 192.168.0 a 192.168.0.255, ou seja, colocará num total 256 hosts na empresa, este endereço de IP ele é exclusivo da empresa, ou seja, ninguém que for criar uma outra rede com o mesmo propósito não poderá usar este endereço de IP? Não são 256 hosts, o primeiro e o último não pode usar pois o primeiro 192.168.0.0 é a network, e o útlimo é 192.168.0.255 que é o broadcast. São 8 bits para host, 2 elevado a n -2, onde n é o número de bits, ou seja 256 -2 = 254 hosts. 2 Eu vi alguns roteadores e modems que eu tenho em casa, por exemplo da Tp-link que o endereço de IP é 192.168.68.102 este endereço é só dá Tp-link? E se eu fosse utilizar o endereço de rede no item 1 eu teria que utilizar somente hosts da mesma marca ou posso ter de marcas diferentes? Não é assim, pesquise sobre RFC1918. Esses endereços podem ser usados em todas as redes internas. 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 E é para isso que NAT serve, pois o NAT transforma seu IP público, que é único, no IP privado que você tem ai dentro.

@skilledinept If you know the issue isn't local, check alsways this page https://www.tunnelbroker.net/status.php. the he.net.ipv6 POPs can have issues. For example, right now, the a UK-LONDON POP has been moved to Dusseldorf, Germany. While we can't see the 'load' of these servers, it will be a factor. All my IPv6 traffic goes out over the he.net.ipv6 link, and it's pretty stable. I'm using their services for many years now. edit : also check out the he.net support forum.

Using it as as just a AP behind pfsense will be fine - and then sure be able to look into sure. As to sniffing - on pfsense, do a packet capture on your opt interface you were using for wireless. In promiscuous mode.. set it for just arp on the protocol Do you see arp traffic from the internet? For example.. This is my actual wan interface - I tried to run some wireless network here it would be directly connected to the internet no matter what "ip" Layer 3 range I ran on it.. [image: 1633312986884-arp.jpg] This interface is connected to the internet.. Running some AP on your isp device that you put into bridge mode and tried to run wireless on - "could" very well just be bridging that wifi to the internet.. Be it you running as some rfc1918 network or not. That sniff ran for 5 seconds - that is just small portion of what it saw, none of those IPs are my pfsense wan IP.. Those are just other isp clients on the same L2 as my wan.

@andicniko EDIT: After a factory reset and trying again, it seems it will work if 1) I state the DHCPv6 range in full (including the prefix), and 2) I state the subnet in the router advertisements settings. For anyone else struggling to make this work, the specific settings are: Services / DHCPv6 Server & RA / LAN / DHCPv6 Server Range = [your desired IPv6 range in full, e.g. 1000:1000:1000:1000::2000 to 1000:1000:1000:1000::3000] Note: DO NOT omit the prefix when stating the range. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default, the range is stated excluding the prefix, e.g. ::2000 to ::3000. I'm not sure why this should matter, if the subnet field is already populated and aware of 1000:1000:1000:1000::, and omitting the prefix does no harm when the LAN interface is set to IPv6 Configuration Type = Track interface. Also note: I also had some trouble keeping the "Provide DNS servers to DHCPv6 clients" checkbox ticked. It is ticked by default, but seemed to untick by itself when changing and saving settings on this page. When ticking it again and saving, it would just disappear. However, it was ticked after navigating to another page and coming back. So I didn't have an issue in the end. Services / DHCPv6 Server & RA / LAN / Router Advertisements Subnets = [your IPv6 prefix 1000:1000:1000:1000::/64] Note: DO NOT leave this blank. This is one of the issues that seemed to prevent my DHCPv6 server working properly (if the LAN interface is set to IPv6 Configuration Type = Static IPv6). By default this is blank, and it does no harm leaving it blank when the LAN interface is set to IPv6 Configuration Type = Track interface. I'm not sure why this should matter. I don't know if the above are supposed to be necessary or not - apologies if I'm posting something that should be obvious. But I hope that helps someone!

@csoban A big part of the problem are those who think an inadequate address space + hacks is a good idea, even though it's holding back many things. One thing I was reading about recently was how China plans to be single stack IPv6 only by 2030. This means if you want to reach sites there, you will need IPv6. There are other parts of the world, where they won't hand out IPv4 addresses to anyone who's not also running IPv6. I don't know how things are in Eastern Europe, but in North America it's still possible to get by with only IPv4 because we have so many of the addresses here. In Canada, some of the major IPs are providing IPv6, but Bell Canada, which used to be a world leader in telecom, is falling behind.

@sts-134 did you actually get /56? Maybe they only allow you to ask for specific sizes went doesn't give you what you ask for it confuses pfsense? Which I agree is no ideal.