Hi Just wanted to add also saw this issue during an upgrade from 2.4.4_3 to 2.4.5, I had previously unchecked "Register DHCP leases in the DNS Resolver" due to loads of restarts on the DNS Resolver service. On upgrading to 2.4.5 (I think unrelated to the upgrade, it was just because of the restart) I found an issue with my VoIP phone over IPv6 failing to register. Various trouble shooting later I ended up testing from a Windows PC using NSLOOKUP which picked up the DNS server on the IPv6 address but it was timing out and returning no results. A Goggle brought me here, so as per OP I restarted the DNS Resolver and NSLOOKUP started returning addresses, and low and behold the VoIP phone registered back up. So definitely a bug somewhere. Regards Phil

Just wanted to give an update on the issue. I wrote to my ISP explaining the problem. I didn't get an answer, but the following day, my IPv6 connection got miraculously rock solid (since 5 days now), whereas I hadn't touched the system. A big thanks to all the people on this forum who helped trying to find a solution

@riften Yep, I get the same behavior from the Arris BGW210-700.

@JKnott said in Getting upstream delegating router to create a route to pfSense gateway: @AaronL That is surprising, given that Comcast has long promoted IPv6. However, what you can do is capture the DHCPv6 packets. Set up Packet Capture to capture ICMPv6 on the WAN port. Then disconnect/reconnect the WAN cable. This should result in capturing the DHCPv6 packets. Download the capture and open it with Wireshark. The advertise and reply XID lines should show the assigned prefix. Yeah, that is the first thing I did. The DHCPv6 conversation works great, and goes exactly how it should. (That's not entirely true; it gives out T1 and T2 values that dhcp6cd thinks are 'too short,' but as far as I can tell, that's not causing any actual trouble.) The problem is that a route matching the assigned prefix doesn't seem to get added on the cablemodem, which I can also see clearly in Wireshark from the neighbor discovery packets. Because Comcast has had a reputation for making an effort on IPv6, I want to push on this as hard as I can: this is really something that should be right, and from an engineering standpoint, is probably pretty straightforward to fix.

@Bob-Dig said in IPv6 / track interface / pass DNS server to client: rewall-aliases of my hosts by itself, bravo. What? What? Really? No joke?

Charter will allow you a /56 if you select that on the "DHCPv6 Prefix Delegation size" config on the WAN interface. Then as stated you can use a 0-ff for the prefix ID on your internal interfaces to assign a /64 to that network.

@Crunk_Bass said in DHCP6 request specific address: Is there any way I can request an address with a specific interace identifier? Not that I'm aware of.

What does your current setup look like? Is your pfSense behind your Fritz!Box router? Wich device does all the PPPoE stuff? I'm a little confused. Is IPv6 working when you are using the Fritz!Box? At first glance it looks like you would be better off using something like a DrayTek Vigor165 as a modem instead of the Fritz!Box.

@dr_tech Did the ISP provide configuration info?

@amello So open a ticket - https://redmine.pfsense.org/issues/10364 - and was rejected asking for more information to be provided here. Not sure what information to provide, but on the ISPs side all is working, as with two pfSenses works without any issues. Only when consolidating to one box is that the problem appears.

@jimp If states are not to be preserved, then a disable/enable (via a heartbeat mechanism or otherwise) might do the trick.. of course with a disruption of the IPv6 connectivity while the tunnel is re-establishing itself.

No, Netgear and HP. All managed.

What I finally did was deleting the interface and then creating it new. This time there seems to be no problem. Thanks everybody. I have to read more log files to get a sense, when there is something not ok. Also I crafted some new IPv6 addresses in the DHCPv6 Server, like this one: ::192:168:2:37

To the ones that may have the same problem as me, I managed to go a little further. To allow incoming ICMPv6 ping messages I had to uncheck those two options on my interface: [image: 1583847471255-8d0c7aec-55ca-44c1-a620-957d549360ae-image.png] I'm still having a problem with my Cisco SG250-26 which does not let some IPv6 packets passing through...

eh i wonder if he.net do some kind of check on the hardware used and it need time to sync after a change, mac address or fingerprint or something

I think it's being blocked by the default deny rule. Make a rule on that VLAN3_HB interface for tcp port 22 and set it to accept. If you assign a new interface there aren't any rules applied to it so everything will be blocked by default. Also if the machine your connecting to is on another segment make sure a firewall rule that will let that traffic pass is applied. I assume ssh to pfsense is working because pfsense has anti lockout rules for local ssh managment.

Sounds like a similar issue to what happens when devices use NIC teaming or similar to impersonate one another's addresses in non-standard ways. I don't see a sysctl to affect that directly but you might try adjusting the value of the net.inet6.ip6.log_interval tunable. You can make an entry for it under System > Advanced on the tunables tab. It controls the number of seconds between log messages. So you could maybe try -1 or 0 to disable, or a much higher value so it happens less frequently (e.g. 120, 3600, 86400...)

Alright so that is working, but now the LAN VM's have no access to the WAN. I have been troubleshooting for a while now on what this could be but cannot find anything on it... I have no gateway for LAN nor routing setup.

As noted, so long as you have zero-loss connection, fragmentation is not an issue. For example, my HE.NET connection is a corporate one and out of the peak times (around 3 p.m. work days) it passes all tests for any MTU <= 1472 and MSS <= MTU - 20. Problems arise only under heavy load. By the way, the harder targets (to me) are those in Eastern Europe, Latin America, and Africa.