@virgiliomi

I've had the same prefix since that setting was added, about 2 years ago IIRC. That's stable enough for me. On IPv4, my host name is based on firewall & cable modem MAC addresses and so never changes unless I change hardware. This means that no matter what my IPv4 address is, I can still find my network. However, my IPv4 address is also stable, so long as I leave my firewall running, other than the rare occasion when my ISP makes network changes.

@johnpoz said in Working around AT&T's terrible native IPv6 implementation:

Because they are special assignment prefixes… 2001:db8::/32 is designed for documentation purpose use… Just like 192.0.2/24 in ipv4… There are others in ipv4 as well that do not route other than rfc1918…
2001:2::/48 is for benchmarking, and again not designed to route globally. There are others that might not route, they have caveats… Here…
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

Oh, that sort of thing. I wonder why they didn't use a ULA for that, instead of messing things up.

@deet Exactly what I've been through. :( In case I can't clear, my PD on LAN is now a /64. Before with WAN set to /59 and hinting I was getting the /63 on WAN.

I also turned off the firewall on the cable modem. Under firewall for IPv4 and 6 select Custom then at the bottom the last check box is were you can disable it. It's kind of hidden.

@satadru said in Netflix & HE.net tunnel fix using unbound python module revisited.:

Note that the last line restarts unbound, since I’ve discovered that with timing of the script running, it is best to force unbound to restart to make sure that the symlinking for python is done before unbound starts. (Otherwise it might not start.)

thanks for that, will check later on

@zer0t3ch said in Dual WAN IPv6:

@mrsunfire:

Yes the LAN gets an IPv6 too. I think the problem is the Track Interface option. That is set wo WAN, so it can‘t use the WAN_VDSL. In my point of view Multi WAN is impossible with IPv6. Or can I set LAN to assign it‘s IPv6 by DHCP?

Multi-WAN is possible within the confines of what IPv6 is capable of, just not easily done with pfSense right now.

ULA + NPt seems to be about the only (mostly) reliable way to get Multi-WAN IPv6 working, with appropriate caveats.

@johnpoz said in avoid using IPv6 for host/domain:

Could you give an example site that does this?

That was one of my SIP providers, here is the message I see after login:

Sorry, your IP address is marked as high risk or you're accessing our web site through IP proxy or VPN. We can't provide a service to you.

I'll try the script suggested, thanks!

@jimp said in Firewall rules bug?:

Yeah it was a validation problem. GIGO. I added some frontend and backend validation.

Put those changes in by hand, and it does parse the above case correctly, throws a red

The following input errors were detected: The specified source address is not a valid IPv6 prefix

perfect!

@alankeny said in Static addresses for servers:

Thanks for confirming this. I started with how-to guides that kept referring to EUI-64 addresses based on the MAC with “ff:fe” in the middle. I couldn’t find any of these, since it doesn’t seem like they’re really used very much any more.
I k

They are. They're default on Linux, but Windows defaults to a random number. However, it can be configured to use the MAC address instead.

Nice digging. Thanks for getting back.

@johnpoz @Derelict Is there another way? Can I do something with Virtual IP maybe? (If I don't want a tunnel broker)

@donzalmrol said in How to retrieve my IPv6 default gateway?:

I was in the understanding that I would have a IPv6 gateway in the same range (2a02:.../56) like I have with my public IP (81.83.0.1/19).

No.

Nothing new here? Am I the only one with these strange things happening?

@mrsunfire

Thanks for the recommendation. I went with a Netgear CM700 and it works!

OK, now you have to determine if traffic for 2001:818:d9d9:ba00::/56 is arriving on your interface. Set up a packet capture like this and start it.

The try to do stuff with it like ping6 2001:818:d9d9:ba01::1/56 from the outside, telnet to it from the outside, etc.

Then stop the capture and see what is there.

If you need someone to ping6 it from the outside holler.

Hmm. This is interesting:

0_1527707707481_Screen Shot 2018-05-30 at 12.14.34 PM.png

Get a tunnel to hurricane and a /48 and use static addressing.

https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker

"Please go back and look at the times when you said a link local address could not be used."

Where did Derelict ever say that link-local can never be used?

He did clearly point out the RFC that clearly states 2 scenario's where they do not work.

"However, there are two cases where using a link-local address as the
  next-hop clearly does not work.  One is when the static route is an
  indirect (or multi-hop) static route.  The second is when the static
  route is redistributed into another routing protocol.  In these
  cases, the above text from RFC 4861 notwithstanding, either a GUA or
  ULA must be used."

I think this horse has been beaten enough ;)