@jycai Here is my WAN rule for ICMP [image: 1530296078722-wanicmp-resized.png]

@theserverguy Only after I enter the ::1 address specifically in the monitoring field. Just enabling the 6to4 config isn't enough for the gateway monitoring. If I leave it blank IPv6 still works but the monitor says it's down. So it seems to be cosmetic but affects the uptime stats. So I suspect the 6to4 code simply missing a step when it creates the dynamic gateway for monitoring.

@jknott said in sub-delegation of WAN PD for DHCPv6 server: @jimp said in sub-delegation of WAN PD for DHCPv6 server: “Prefix” doesn’t mean /64, it means “IPv6 subnet” "PD" means prefix delegation, part of the process that creates addresses for devices. The prefix, with PD, is 64 bits and the other 64 bits are determined by some other means such as SLAAC or DHCPv6. PD does mean prefix delegation, but I think you might be confusing a couple terms. Normal DHCPv6 doesn't involve PD. If a client just wants an address it requests one from the interface which is inside the /64 subnet. If that client also happens to be a router, then it kicks in PD to request a delegation. This is an additional block of addresses that get routed to the client. PD is not locked to /64. You can delegate whatever size blocks you want depending on what you have available. PD is frequently larger than /64, that's how an ISP will assign multiple /64's to a single customer, by delegating them a /60, /56, or whatever they choose. The firewall will take individual /64 networks out of that block and assign them locally. When you set an interface in pfSense to "Track Interface" for IPv6, you can then set an IPv6 Prefix ID which controls how it chooses a network to put on the interface. If your ISP uses PD to delegate you a /60, then you can choose from 16 different IDs for /64 networks inside that block (id 0 through f), so you can delegate ID 0 to your LAN, 1 to a guest network, 2 to a DMZ, and so on. In OPs scenario, they want to take some of that, say IDs 8-F, and use that to delegate to some other router. For example, ID 0 would be on LAN, a client gets an address in the 0 network, and then the firewall would route prefix ID 8 to that address.

It's also been in Linux for a while.

@virgiliomi I've had the same prefix since that setting was added, about 2 years ago IIRC. That's stable enough for me. On IPv4, my host name is based on firewall & cable modem MAC addresses and so never changes unless I change hardware. This means that no matter what my IPv4 address is, I can still find my network. However, my IPv4 address is also stable, so long as I leave my firewall running, other than the rare occasion when my ISP makes network changes.

@johnpoz said in Working around AT&T's terrible native IPv6 implementation: Because they are special assignment prefixes… 2001:db8::/32 is designed for documentation purpose use… Just like 192.0.2/24 in ipv4… There are others in ipv4 as well that do not route other than rfc1918… 2001:2::/48 is for benchmarking, and again not designed to route globally. There are others that might not route, they have caveats… Here… https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml Oh, that sort of thing. I wonder why they didn't use a ULA for that, instead of messing things up.

@deet Exactly what I've been through. :( In case I can't clear, my PD on LAN is now a /64. Before with WAN set to /59 and hinting I was getting the /63 on WAN. I also turned off the firewall on the cable modem. Under firewall for IPv4 and 6 select Custom then at the bottom the last check box is were you can disable it. It's kind of hidden.

@satadru said in Netflix & HE.net tunnel fix using unbound python module revisited.: Note that the last line restarts unbound, since I’ve discovered that with timing of the script running, it is best to force unbound to restart to make sure that the symlinking for python is done before unbound starts. (Otherwise it might not start.) thanks for that, will check later on

@zer0t3ch said in Dual WAN IPv6: @mrsunfire: Yes the LAN gets an IPv6 too. I think the problem is the Track Interface option. That is set wo WAN, so it can‘t use the WAN_VDSL. In my point of view Multi WAN is impossible with IPv6. Or can I set LAN to assign it‘s IPv6 by DHCP? Multi-WAN is possible within the confines of what IPv6 is capable of, just not easily done with pfSense right now. ULA + NPt seems to be about the only (mostly) reliable way to get Multi-WAN IPv6 working, with appropriate caveats.

@johnpoz said in avoid using IPv6 for host/domain: Could you give an example site that does this? That was one of my SIP providers, here is the message I see after login: Sorry, your IP address is marked as high risk or you're accessing our web site through IP proxy or VPN. We can't provide a service to you. I'll try the script suggested, thanks!

@jimp said in Firewall rules bug?: Yeah it was a validation problem. GIGO. I added some frontend and backend validation. Put those changes in by hand, and it does parse the above case correctly, throws a red The following input errors were detected: The specified source address is not a valid IPv6 prefix perfect!

@alankeny said in Static addresses for servers: Thanks for confirming this. I started with how-to guides that kept referring to EUI-64 addresses based on the MAC with “ff:fe” in the middle. I couldn’t find any of these, since it doesn’t seem like they’re really used very much any more. I k They are. They're default on Linux, but Windows defaults to a random number. However, it can be configured to use the MAC address instead.

Nice digging. Thanks for getting back.

@johnpoz @Derelict Is there another way? Can I do something with Virtual IP maybe? (If I don't want a tunnel broker)

@donzalmrol said in How to retrieve my IPv6 default gateway?: I was in the understanding that I would have a IPv6 gateway in the same range (2a02:.../56) like I have with my public IP (81.83.0.1/19). No.

Nothing new here? Am I the only one with these strange things happening?