Thanks for all help.

I think I finally found the last problem.
I had a IP alias for ::1 so I could have a easy to remember static gateway.. it had a /128 per how I'm used to setup ip aliases. Apparently the dhcp server were using this as base for it's range6 statement and it also messed things up somehow so it didn't reply to that anymore.

After removing the ip alias and also disabling ipv6 completely on the lan interface and re-enabling everything including the ip alias but now as a /64.. everything seems fine again.

Not sure if some check was changed between the releases.. because this issue started after the upgrade.

After a reboot of everything involved (computers, pfsense boxes, etc) everything is now working

That makes it look much easier

I have now fixed it.

I am very pleased,the kids not so much!

Thank you so much for the help!

I just set up OpenVPN between my psSense firewall and a computer running Windows.  Initially, it provided the Windows computer an IPv6 address on my network prefix.  However, that will cause problems with routing etc., so I changed it to another prefix.  I'll have to see what happens with this.  At the moment, I can't ping the firewall or Windows computer, using the OpenVPN endpoint addresses.

Yes, I know every interface has a link local address.  No doubt about it.  My point is that it's not used for most things.  Routers advertise the link local address and other devices use that link local address for the default route.  But you can't use browsers with a link local address and you have to specify the interface for everything else, as a given link local address could be on any interface, as there is nothing in the link local address to indicate which interface is used.  For example, I just pinged my firewall.  When I used the global unicast address, I could just ping it.  But to ping the link local address, I had to specify the interface that connected to the firewall, even though there is only one network interface in this computer. i.e. ping6 -I eth0…

So, yes, you could do something like use ssh to connect to a link local address, but why bother, if you have another unicast address, where you don't have to specify the interface?

Regardless, this has gone beyond the original question, where the OP confused link local addresses with unique local addresses.

https://en.wikipedia.org/wiki/Unique_local_address

https://en.wikipedia.org/wiki/Link-local_address#IPv6

Thanks.

Right my bad. I'm so used to IPV4 :\

Ok I'll try a any any rule. but how do you test that to see if it works.

There is an issue with the leases being displayed as well: https://redmine.pfsense.org/issues/7413

Hey, thanks for your replies, I'm solving another priority right know, so I'll take a little more time to try it again!
Pretty soon I'll be back here!!!
Thanks

@bimmerdriver:

It could also be that your ISP only gives /56 prefix, regardless of what you request.

It obviously does.
As I said I got DIFFERENT PDs each try, but they all were /56. At least now I know what caused the issue.

Good stuff.

I suspected CP early on and unchecked the "Enable Captive Portal" box in the config, clicked save, it didn't fix it. Rebooted, still didn't fix… it wasn't until much later that I realized that the checkbox doesn't seem to do anything. Once I clicked save and left the page assuming it accepted the setting, coming back to that page showed it was checked as enabled again. I tried a few times to just disable it and every time the box was left checked. Finally I just deleted the captive portal and everything IPv6 lit up as expected.

me too.  NPT not nornal work now..

2.3.3-RELEASE-p1 (amd64)
built on Thu Mar 09 07:17:41 CST 2017
FreeBSD 10.3-RELEASE-p17

Unless you want to test how devices behave (better said, how much broken they are) on an IPv6-only network, then no, absolutely NOT.

My original issue is resolved.  But if you really wanted to know:

WAN: DHCPv4 and DHCPv6 client
LAN: Static IPv4, Tracking WAN IPv6

You've seen the DHCPv6 configuration in the screenshots above (I changed the From to :0001).

@mbouchonnet:

Hello,

Actually, I restarted the computer, tried in "rescue mode" (the computer boot with a live cd ubuntu), managed to get ipv6 running and it worked.
And when I restarted pfsense it worked too (i tried 2 or 3 times before to restart pfsense) so i suspect there was something weird witch the block that the rescue mode repaired.

Hi!
I am trying it as well, but my pfSense only gets a /128 as stated in the console. What did you do in rescue mode? I want to do it as quick as possible to have a low downtime…

Regards