Thanks, I thought about that, but the address in question is clearly listed as my WAN gateway: IPv6 Address 2604:5500:c078:8000:xxx:xxxx:xxxx:xxxx Subnet mask IPv6 64 Gateway IPv6 fe80::768e:f8ff:fea6:6e01 The only other device I can think of that could possible run misc network services would be my Aruba AP whose IP doesn't match. I have no other router on my LAN.

https://redmine.pfsense.org/issues/9577 maybe this apply to you also :)

@Nan0tEch said in Netflix and HE.net tunnel fixed using Unbound python module: how does this works for the netflix app by not getting the IPv6 adresses as i block all IPv6 in my network? The issue is / was : devices that run browsers to visit Netflix, or apps on phones or SmartTV could contact Netflix by IPv4 and - if you have it enabled - IPv6. Some ISP's don't know what IPv6 is, so ipv6.he.net can be used as an IPv6-ISP, in parallel with your classic ISP, doing IPv4 only. The issue is : like many VPN's, the gateway he.net is using (an Ipv6) is considered as and "VPN endpoint" and listed as such by NetFlix : they don't accepts that I use ipv6.he.net to stream their content. So, blocking AAAA requests when some device on my LAN want to resolve a Netflix server help : my device steps back to IPv4 only, thus using my classic ISP, Netflix doesn't complain now. Nite : If you do not use IPv6 your don''t need the unbound-python trick described here. @Nan0tEch said in Netflix and HE.net tunnel fixed using Unbound python module: What could the app be using by getting these IPv6 blocks and blocking the streaming service. What do you mean ? How it works ? See the script. It blocks AAAA requests if the URL is on a list, present in the script. You have to edit the script to implicate other URLs.

@JKnott that is exactly what I do for all of my other hosts. Manual entries in the DNS. The plan was to have the DDNS set to notify me by email if the prefix ever changes but I noticed never got an email when it actually occurred. I am also using this in conjunction with uptime robot. I can adjust it to use the WAN instead for this but it seems this is a bug since it is possible for the WAN ip to stay the same but have the prefix change.

I know I would, but as I said (or tried to), as soon as I set my current router / modem to bridge mode, it involves (due to my ISP's restrictions), that I don't get IPv6 anymore at all. And currently I get a /64 only (see original post), which proves (additionally) that my ISP offers IPv6 only because they don't have enough IPv4 addresses. When I set my router / modem to bridge mode (acting as a modem only), I then get an individual IPv4 address (which I currently do not have, hence DSlite I think it's called) and my ISP seems to think "oh well, no IPv6 necessary anymore". Which is at least in my case in some way true, because currently I need IPv6 only to make stuff like my Plex server, my cloud etc. accessible on the internet - which obviously wouldn't be possible as long as my server is not reachable by IPv4. Some german website said this DSlite thingy is more or less a german thing only, so I'm not sure you're aware of this problem at all, but I hope this post clarifies my situation better.

All of the PD and tracked interface settings happen in the dhcp6c client itself. It does everything. All it needs to be is set up and run. Whenever you change an inside interface tracking setting you have to edit/save the WAN that is being tracked (or wait for a renewal) to get the changes applied because that re-runs the dhcp6c client on that interface.

See Also: SLAAC

I do not know that switch... All I can tell you is that if your getting 2 address from two different RA then your not isolated at Layer 2 - its simple as that. Be it your switch config, or you have something else bridging the 2 L2 networks. It makes no sense to me to run a vlan on top of the native interface if all your going to do is run 1 network on it.. Pointless... Now if your going to run more than 1 vlan on it, then there is something to be said to only tagging and no native.. But if all you have is native interface pfsense needs not now anything about vlans for that network. But an "any" setting doesn't seem logical to me at all.. From you later image looks like you have every port as a member of 3 vlans - that is BORKED for freaking sure!! [image: 1559244472130-wrong.png] I can tell you for freaking sure that is wrong without knowing that switch os at all... The only ports that should be members of more than 1 vlan are ports connected to something that will sep the vlans based upon tag, etc.. Like a router interface that has more than 1 vlan on it, or a another switch uplink, or connection to an AP, etc.

@admins said in No IPv6 DHCP6 Request on WAN: How could I check if dhcp6 is sending an request? Do a packet capture on ICMP6 on the WAN interface. However, it might be difficult to use the pfSense Packet Capture at that time, so you'd need a managed switch, with port mirroring, between the firewall and modem. You'd then use a computer running Wireshark to capture the packets. I assume your modem is in bridge mode, not gateway.

Looks like the validation check had the wrong variable name for IP address validation. It only seems to have affected IPv6, though. https://redmine.pfsense.org/issues/9543 The fix will show up there momentarily, and can be applied with the system patches package

@rdunkle said in Comcast ipv6 / Netgear C7100V: I did not clone any MAC address, just went with what it had. I am thinking my mention of cloning mac address might of muddled the conversation... This is an option for when you want to change devices and not power cycle a modem.. I use to do this when I wanted to fire up a different router distro most of the time on a vm.. So that my public IP wouldn't change.. And allowed me to switch between distros faster without having to wait for the modem to power cycle as well. It for sure is an "option" if you do not have an easy method of power cycle the modem, or not enough time to wait for it, etc. etc.. Prob the only option you will have once you place a modem in bridge vs router mode would be to switch it back to router mode.. I hit the 192.168.100.1 address to view "status" of my cable modem for example.. Which doesn't even have a router mode. Glad you got it all sorted.

How about LAN to the IPv6 address on the pfSense WAN interface? How about LAN to the very next IPv6 hop outside the WAN? Packet capture on WAN. If the echo requests are being sent but no reply is being received, there's nothing pfSense can do about it. Complain to the ISP. It is very possible they could have something different configured (perhaps unintentionally) for the interface address/prefix and the routed, delegated /60 prefix.

Im having now the same Problem. Im from Germany and i don’t get an IPv6 at the Lan Interface. The Wan gets an IPv6 and the router (of my ISP) tells me it is registered with the ipv4 (Home Network) and ipv6. All on the Wan. At lan interface i can access the webpage. I made the wan dhcp6 at the ipv6 configuration type, Checked only the 2 ticks send ip prefix hint and debug. For the prefix Delegation size I used 64 (cause the router gets an 64 Delegation size). At the lan Interface I made it track interface for the ipv6 configuration type. And choosed at the bottom Wan for the track ipv6 interface and entered 0 for the prefix id. At dhcpv6 server & ra I disabled the dhcpv6 server and tried all router modes at router advertisements. I hope someone could help me. It’s really important.

@ssjoco85 said in IPv6 subneting and DHCP PD how to: Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines. I'm on a consumer service and my prefixes are solid, ever since the "Do not allow PD/Address release" option was added to pfSense. DHCPv6-PD uses something called "Device Unique IDentifier" (DUID) to lock the prefix to the customer.

@jimp Thanks for your comment, may be there are some misstakes in wording at my site, it's not my mothers speech :-) My last stand was, that you don't see the nessessarity, nice to see we are some steps forward :-) At me it looks not that complicated, prefix as variable to call everywhere and thats it . Ok I have no idea how coding works so I can only hope someone do it ;-)

My point is it is not assigned to him via DHCP. And there is zero reason to use DHCP to assign it to pfSense. Just route it.

@Derelict I stated previously it was a PEBKAC error (as in the problem lies between the Keyboard and Chair). Again thanks everyone for your help and time on this. I have multiple clients and many of them run multiple VPN's. Putting a mention in the document to remind troglodytes like myself to disable VPN's when testing might deserve a mention?

@mark-b Have you ended up figuring this one out? I’m having similar issues.

They are not responding.