@johnpoz Argh! Now I see what you were referring to. I just thought you were generally wanting to confirm if I was referring to Netgear or Netgate. NETGEAR support stinks. I never reached out to NETGATE because I don't think the problem is the 8860 or pfSense. Ugh.... I tried to edit the post but says too much time has elapsed. Can you edit, John? Netgate support is great the few times I have reached out!!! :P

@vabello It would be nice if the guide for installing pfsense on Hyper V included this issue. I have run into it and trying basically everything in this thread and whatever sleuthing turns up to get these errors to go away. I am working with Hyper V 2019 and the NICs (for now) are Intel X722 (10 Gbe) ones. I know the physical NICs have VMQ enabled (power shell command spit that out). The console messages though were for two virtual devices and it kept spamming (so I was unable to continue setup after initial install from iso). If I figure anything out, I will share it.

@evolve-0 I don't see that being a problem. No matter how the random number is generated, duplicate address detection is used to avoid collisions. As long as there is a 64 bit random number, it's actual value is irrelevant. If it matches with an address on a different subnet, so what? The prefix will be different, so the address will still be unique. I think some people worry too much about "privacy". While there may be some concern about tracking people where they go through their MAC address, there's no reason to worry about it for the stable address. It would only be used for reaching a computer, so the address must be known. If it's always in one location, then there's nothing to track. Further, once you're off the local network, there's no way to tell if it's a MAC or random number based address.

Nope. Solution for tonight is just disable IPv6 completely and live in IPv4 land. Thankfully this is a small network, I can reboot (or release/renew, or disconnect/reconnect) everything pretty quickly. I'll try non-VLAN, non-LAG ports tomorrow.

Many years ago, ther were question like this https://forum.netgate.com/topic/118566/netflix-and-he-net-tunnel-fixed-using-unbound-python-module?_=1622934995649 These days, the package pfBlockerNG can work with lists of AAAA domain names, that can be blocked (no AAAA returned on a DNS request) so the A record gets used == IPv4.

For my site the issue has been resolved now. Been running smoothly for more than a week after increasing Router Lifetime in services_router_advertisements.php?if=lan

@jknott It is a router for around 100 bucks. It only has one switch and one guest network, so the rest will get passed on I guess.

@sts-134 You allow only what you want to. In this case, I didn't want to block anything. On the other hand, my guest WiFi VLAN is configured to allow only pinging the interface or going out to the Internet. [image: 1621939830548-c703fd7b-51cd-4e17-8cd4-8bd8d81345ed-image.png]

@gertjan I feel a bit silly. I missed the step on assigning an address to LAN first. Thank you the detailed explanation. Lesson learned is do not attempt IPv6 when tired.

@ddbnj Then I can only assume you didn't reboot pfsense. That's pretty much necessary to get the full sequence. Otherwise, you only get renewals.

@spacey SLAAC is the normal way to configure IPv6. Look on Services > DHCPv6 Server & RA > LAN > Router Advertisements. If you have things configured correctly, a prefix will be automatically provided and the suffix is provided by the device.

@ofloo Sorry, I have never used TAP, but I can see problems in trying to bridge between networks.

@wineguy Yeah, using a sniffer is a good idea. When I had the problem with my ISP, I made a data tap with a managed switch.

@tzvia said in WAN DHCP6 gets addresses, but no connectivity: @jackthesmack said in WAN DHCP6 gets addresses, but no connectivity: @tzvia said in WAN DHCP6 gets addresses, but no connectivity: @jackthesmack Do IPV6 IPs show in your INTERFACES on the dashboard now, because your post showing your INTERFACES only lists IPV4 addresses. No they don't, despite the IPv6 addresses showing in the Status / Interfaces page. In your screenshot I only see the link local and gateway which looks to be an FE80. I don't see an IPV6 address assigned, that's why I am asking. You would think that if your router was getting functional IPV6 from the ISP and was set correctly and was assigned, you would have IPs assigned from the ISP, not just a link local address. [image: 1619620561776-a9377e67-27bf-48f5-ab46-0a18e80ca677-image.png] Well this seems like an ISP issue now, because I plugged in my PC directly into the modem and now IPV6 doesn't work anymore. [image: 1619629974306-6735661e-e88a-408a-a8ab-d548b473e5b3-image.png] [image: 1619630056058-03291491-d272-465a-abe3-3935b888ecd4-image.png]

@tomsparklabs said in [Solved] Unable to ping pfSense's LAN interface on IPv6: rebooted the router Hmm, thanks from the future...I set up an HE tunnel tonight and though the router could get out over IPv6, and PCs got IPv6 addresses, I found the PCs could not ping the router, dig to pfSense DNS over IPv6 to the LAN IPv6 was blocked by the default block firewall rule despite already having a LAN IPv6 to any rule, and new rules I added for DNS. Restarting pfSense (2.5.1) got IPv6 working fine from the PCs. Oddly https://test-ipv6.com/ worked...I guess over IPv4? But it showed IPv6 working, 10/10.

@bob-dig I agree it should be easier to find. As for the name alias, that was even the case with IPv4, before there was IPv6. I assume it's because you have more than one address an interface can use, which is not typical. Also, with IPv6, you have not just mulitple addresses, you have multiple prefixes. Even if you don't have an alias, with SLAAC you can have up to 8 addresses, then there's link local too. By the time you've added a 2nd prefix, you're up to 17 addresses on a single interface.

I can use the IPV6 that are assigned on the USG DHCP to address computers from the internet. It just won't say "Internet" on Network and Sharing Center, or pass any IPv6 tests. Ping (as well as traceroutes) from local computers to google.com are fine even though it says "No Internet Access". The traceroutes go from the USG to the pfSense LAN IPv6 out to the internet, even though I have the link-local gateway address of Cox specified in the next-hop on the USG.