@admins said in No IPv6 DHCP6 Request on WAN: How could I check if dhcp6 is sending an request? Do a packet capture on ICMP6 on the WAN interface. However, it might be difficult to use the pfSense Packet Capture at that time, so you'd need a managed switch, with port mirroring, between the firewall and modem. You'd then use a computer running Wireshark to capture the packets. I assume your modem is in bridge mode, not gateway.

Looks like the validation check had the wrong variable name for IP address validation. It only seems to have affected IPv6, though. https://redmine.pfsense.org/issues/9543 The fix will show up there momentarily, and can be applied with the system patches package

@rdunkle said in Comcast ipv6 / Netgear C7100V: I did not clone any MAC address, just went with what it had. I am thinking my mention of cloning mac address might of muddled the conversation... This is an option for when you want to change devices and not power cycle a modem.. I use to do this when I wanted to fire up a different router distro most of the time on a vm.. So that my public IP wouldn't change.. And allowed me to switch between distros faster without having to wait for the modem to power cycle as well. It for sure is an "option" if you do not have an easy method of power cycle the modem, or not enough time to wait for it, etc. etc.. Prob the only option you will have once you place a modem in bridge vs router mode would be to switch it back to router mode.. I hit the 192.168.100.1 address to view "status" of my cable modem for example.. Which doesn't even have a router mode. Glad you got it all sorted.

How about LAN to the IPv6 address on the pfSense WAN interface? How about LAN to the very next IPv6 hop outside the WAN? Packet capture on WAN. If the echo requests are being sent but no reply is being received, there's nothing pfSense can do about it. Complain to the ISP. It is very possible they could have something different configured (perhaps unintentionally) for the interface address/prefix and the routed, delegated /60 prefix.

Im having now the same Problem. Im from Germany and i don’t get an IPv6 at the Lan Interface. The Wan gets an IPv6 and the router (of my ISP) tells me it is registered with the ipv4 (Home Network) and ipv6. All on the Wan. At lan interface i can access the webpage. I made the wan dhcp6 at the ipv6 configuration type, Checked only the 2 ticks send ip prefix hint and debug. For the prefix Delegation size I used 64 (cause the router gets an 64 Delegation size). At the lan Interface I made it track interface for the ipv6 configuration type. And choosed at the bottom Wan for the track ipv6 interface and entered 0 for the prefix id. At dhcpv6 server & ra I disabled the dhcpv6 server and tried all router modes at router advertisements. I hope someone could help me. It’s really important.

@ssjoco85 said in IPv6 subneting and DHCP PD how to: Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines. I'm on a consumer service and my prefixes are solid, ever since the "Do not allow PD/Address release" option was added to pfSense. DHCPv6-PD uses something called "Device Unique IDentifier" (DUID) to lock the prefix to the customer.

@jimp Thanks for your comment, may be there are some misstakes in wording at my site, it's not my mothers speech :-) My last stand was, that you don't see the nessessarity, nice to see we are some steps forward :-) At me it looks not that complicated, prefix as variable to call everywhere and thats it . Ok I have no idea how coding works so I can only hope someone do it ;-)

My point is it is not assigned to him via DHCP. And there is zero reason to use DHCP to assign it to pfSense. Just route it.

@Derelict I stated previously it was a PEBKAC error (as in the problem lies between the Keyboard and Chair). Again thanks everyone for your help and time on this. I have multiple clients and many of them run multiple VPN's. Putting a mention in the document to remind troglodytes like myself to disable VPN's when testing might deserve a mention?

@mark-b Have you ended up figuring this one out? I’m having similar issues.

They are not responding.

One other thing you may want to try. Put your modem into gateway mode and see if it works properly. If it does, then the problem is with pfSense. If it doesn't it's with your ISP. My experience shows the tech support will not work on a problem if a customer firewall/router is used. So, use the gateway mode to determine where the problem is.

Thanks @Derelict I think I have it working now. I had a couple of problems with the way I was trying to do it. I ended up having edge-pf delegate /60 subnets so that internal-pf could use /64 subnets on its lans. The biggest catch, that had me scratching my head for ages, is the dhcpd service seems to need to be restarted; or a reboot. I'm not exactly sure which situation requires which but just saving a new configuration or restarting an interface isn't enough. After I have all this working I'll post my config to help the next novice like me.

Thanks for the help @Derelict and @JKnott. I now have my WAN and LAN interfaces looking like they are working as they should. I can also successfully ping and traceroute to the public ipv6 address I found. For others who may have similar problems I found this post useful to understand a little more about how track interface works. My next hurdle is to get prefix delegation working from the pfsense that connects to the internet to the pfsense that does internal routing and services. I'm having some trouble with that but I'll create a new post for it since it's outside of this topic.

Well, I got it working last night... oddly enough the problem was actually due to the bug I mentioned in my original post - https://redmine.pfsense.org/issues/5999. Because IP aliases break tracking I had removed my IPv6 interface from CARP. That meant that my secondary was picking up some percentage of the IPv6 traffic on the LAN. It still had routes to my old ISP over the v6 tunnel, so it was sending some of the traffic out that way. The solution for the moment was to turn the secondary off, I'm going to do some more config tweaking tonight and see if I can get to a state (probably with no IPv6 on the secondary) where I can leave it on-line so I have at least some level of failover.

@bbusa said in Native IPv6 from Telekom using GPON and PPPoe [solved]: They had misinformation on the phone, and that created the confusion. Misinformation from an ISP? WOW, that's a first!!! Yeah, right. IPv6 from my ISP worked well from the start, three years ago, until I ran into a problem around New Years. With my own testing, I had determined the problem was at the ISPs office and later was even able to identify the failing system. It took me 3 months to get the problem resolve and I often found myself having to teach the support people how IPv6 worked. Hopefully, the support will improve, as ISPs get more experience with IPv6.

Having multiple GUAs on a host puts a lot of the burden on that host for choosing the desired source address for a particular connection. The pfSense routing role could be handled right now using existing policy routing rules based on the source IPv6 address. This source, out this WAN, that source, out the other WAN. But the decision moved to the host as to which source address is used for a particular connection.

@mikael-ljung-mikeonline-se I think best practice is to use GUA for everything. If you have a broken ISP that changes the prefix then ULA is a way to work around that.