@gertjan I feel a bit silly. I missed the step on assigning an address to LAN first. Thank you the detailed explanation. Lesson learned is do not attempt IPv6 when tired.

@ddbnj Then I can only assume you didn't reboot pfsense. That's pretty much necessary to get the full sequence. Otherwise, you only get renewals.

@spacey SLAAC is the normal way to configure IPv6. Look on Services > DHCPv6 Server & RA > LAN > Router Advertisements. If you have things configured correctly, a prefix will be automatically provided and the suffix is provided by the device.

@ofloo Sorry, I have never used TAP, but I can see problems in trying to bridge between networks.

@wineguy Yeah, using a sniffer is a good idea. When I had the problem with my ISP, I made a data tap with a managed switch.

@tzvia said in WAN DHCP6 gets addresses, but no connectivity: @jackthesmack said in WAN DHCP6 gets addresses, but no connectivity: @tzvia said in WAN DHCP6 gets addresses, but no connectivity: @jackthesmack Do IPV6 IPs show in your INTERFACES on the dashboard now, because your post showing your INTERFACES only lists IPV4 addresses. No they don't, despite the IPv6 addresses showing in the Status / Interfaces page. In your screenshot I only see the link local and gateway which looks to be an FE80. I don't see an IPV6 address assigned, that's why I am asking. You would think that if your router was getting functional IPV6 from the ISP and was set correctly and was assigned, you would have IPs assigned from the ISP, not just a link local address. [image: 1619620561776-a9377e67-27bf-48f5-ab46-0a18e80ca677-image.png] Well this seems like an ISP issue now, because I plugged in my PC directly into the modem and now IPV6 doesn't work anymore. [image: 1619629974306-6735661e-e88a-408a-a8ab-d548b473e5b3-image.png] [image: 1619630056058-03291491-d272-465a-abe3-3935b888ecd4-image.png]

@tomsparklabs said in [Solved] Unable to ping pfSense's LAN interface on IPv6: rebooted the router Hmm, thanks from the future...I set up an HE tunnel tonight and though the router could get out over IPv6, and PCs got IPv6 addresses, I found the PCs could not ping the router, dig to pfSense DNS over IPv6 to the LAN IPv6 was blocked by the default block firewall rule despite already having a LAN IPv6 to any rule, and new rules I added for DNS. Restarting pfSense (2.5.1) got IPv6 working fine from the PCs. Oddly https://test-ipv6.com/ worked...I guess over IPv4? But it showed IPv6 working, 10/10.

@bob-dig I agree it should be easier to find. As for the name alias, that was even the case with IPv4, before there was IPv6. I assume it's because you have more than one address an interface can use, which is not typical. Also, with IPv6, you have not just mulitple addresses, you have multiple prefixes. Even if you don't have an alias, with SLAAC you can have up to 8 addresses, then there's link local too. By the time you've added a 2nd prefix, you're up to 17 addresses on a single interface.

I can use the IPV6 that are assigned on the USG DHCP to address computers from the internet. It just won't say "Internet" on Network and Sharing Center, or pass any IPv6 tests. Ping (as well as traceroutes) from local computers to google.com are fine even though it says "No Internet Access". The traceroutes go from the USG to the pfSense LAN IPv6 out to the internet, even though I have the link-local gateway address of Cox specified in the next-hop on the USG.

I found the problem. I had IPv6 enabled in pfBLocker-devel 3.0.16 DNSBL: IPv6 DNSBL Enable Enable DNSBL for IPv6 DNS Resolution filtering. Default IPv6 Webserver address [ ::10.10.10.1 ] and ports [80/443] radvd was choking on the ::10.10.10.1 RDNSS line of the config file.

Just in case someone finds this hack useful, the following is the patch I used on 2.5.0. It will only do what is intended (hardcode advertised MTU to 1480) if "Use same settings as DHCPv6 server" is unchecked under the Router Advertisements configuration settings. src/etc/inc/services.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index a3203aaaf7..1c63272ca1 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -130,7 +130,8 @@ function services_radvd_configure($blacklist = array()) { $radvdconf .= "\tAdvDefaultLifetime {$dhcpv6ifconf['raadvdefaultlifetime']};\n"; } - $mtu = get_interface_mtu($realif); + /*$mtu = get_interface_mtu($realif);*/ + $mtu = 1480; if (is_numeric($mtu)) { $radvdconf .= "\tAdvLinkMTU {$mtu};\n"; } else {

https://redmine.pfsense.org/issues/11800

@starcodesystems said in IPV6 ULA LAN to WAN ISP Public IPV4 internet possible?: you have to know how to do these things Huh? Why would you need to know how do stuff that makes no sense to do? Do you have a use case example where anyone would want/need to do such a thing? Where it wouldn't make more sense to just give the device rfc1918 that you nat to your public IPv4..

I don't think its really anything to do with the AP firmware.. So I don't think they will be able to fix it.. From what a few were saying has to do with the different auth that wpa3 uses.. Not sure - have not dug that deep into yet. I was really hoping to just have guest be limited to wpa3.. But I will live with this compromise.. Just thought give you a heads up if you were doing the same thing.. And you had friends come over - and you get hey this qr code thing isn't working ;)

@gertjan Yep. He was one of my favourite things in that magazine. Incidentally, I have every paper issue of the magazine on my shelves here, going back to Vol 1, #1, Sept 1975. I bought the first three issues in person from the original publisher, Wayne Greene, at an amateur radio convention in Ottawa in 1975. He put the magazine in his wife's name for tax reasons. He then lost it when they divorced.

@fabrizior I didn’t know it was a thing :) Thanks for the information.

@jknott I didn't say reboot. I said save WAN again. Your workflow might be triggering a dhcp6c refresh, but, in general, when you make changes to inside interfaces set to "track interface" you have to save WAN again to pick them up. The dhcp6c client is the mechanism that sets all of the interface addresses. That happens when dhcp6c receives the PD. That happens on WAN. pfSense itself does not do any of that work.

Since this is the forum for IPv6 and not the forum for the Development 2.5.1-RC snapshots, you may want to re-post this over there, where the developers would be more likely to see it. https://forum.netgate.com/category/83/21-02-2-2-5-1-snapshots