Thanks.  Using lower case for the alphabetic hex characters in the interface address works.

It's a bit inconsistent though, as the interface allows upper-case characters when adding the IPv6 gateway.

For Windows, you can run ipconfig /release6 and ipconfig /renew6. Not sure about other operating systems.

Your DHCPv6 is not working, you get link local addresses (staring with fe08).

Perhaps you need to set your router advertisement mode to managed?

This is a known bug in Windows.  If is not a PFSense bug - and there is nothing you can do in PFSense to fix it.

The windows NIC driver will deliver layer-2 broadcast traffic (which includes RAs) from any VLAN, tagged or untagged, to the untagged VLAN.  So the IPv6 driver sees the RAs and sets up the routes.  Stupid.

MS, foolishly, refuses to recognize that this is a bug.  They claim working by design, partly because they use it in some configuration for SMB (aks Samba) file sharing.

Best advice: don't ever mix tagged and untagged traffic on a link terminating to a MS Windows or MS Server box.  If you don't need the tagged traffic in the Windows box you may be able to block the tagged VLANs in your Switch.

Linux systems used to have this fault too - but the Linux community recognized and fixed the bug in their NIC handling.  Your phone (whether Android or iPhone) never suffered from this bug.

Setting it to "track" automatically sets up RA and DHCP for the segment being tracked.

Thank you.  I'll give that a try this evening.  Appreciate the help.

and here the pfSense ifconfig -a, netstat -rn and pfctl -sa (sans STATE)

[2.3.2-RELEASE][admin@fw.home]/root: ifconfig -a re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:e0:4c:68:27:db inet6 fe80::2e0:4cff:fe68:27db%re0 prefixlen 64 scopeid 0x1 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>) status: active re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:e0:4c:68:27:dc inet 192.168.178.1 netmask 0xffffff00 broadcast 192.168.178.255 inet6 2001:981:41db:0:2e0:4cff:fe68:27dc prefixlen 64 inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active iwn0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 2290 ether 00:1e:65:41:11:d1 nd6 options=21 <performnud,auto_linklocal>media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) status: no carrier pflog0: flags=100 <promisc>metric 0 mtu 33160 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 nd6 options=21 <performnud,auto_linklocal>re0_vlan6: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=3 <rxcsum,txcsum>ether 00:e0:4c:68:27:db inet6 fe80::2e0:4cff:fe68:27db%re0_vlan6 prefixlen 64 scopeid 0x8 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 6 vlanpcp: 1 parent interface: re0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet 82.161.239.242 --> 194.109.5.175 netmask 0xffffffff inet6 fe80::2e0:4cff:fe68:27db%pppoe0 prefixlen 64 scopeid 0x9 inet6 fe80::2e0:4cff:fe68:27dc%pppoe0 prefixlen 64 scopeid 0x9 nd6 options=23 <performnud,accept_rtadv,auto_linklocal>[2.3.2-RELEASE][admin@fw.home]/root: netstat -rn Routing tables Internet: Destination        Gateway            Flags      Netif Expire default            194.109.5.175      UGS      pppoe0 82.161.239.242    link#9            UHS        lo0 127.0.0.1          link#7            UH          lo0 192.168.178.0/24  link#2            U          re1 192.168.178.1      link#2            UHS        lo0 194.109.5.175      link#9            UH      pppoe0 194.109.6.66      194.109.5.175      UGHS    pppoe0 194.109.9.99      194.109.5.175      UGHS    pppoe0 Internet6: Destination                      Gateway                      Flags      Netif Expire default                          fe80::2a0:a50f:fc78:5530%pppoe0 UGS      pppoe0 ::1                              link#7                        UH          lo0 2001:981:41db::/64                link#2                        U          re1 2001:981:41db:0:2e0:4cff:fe68:27dc link#2                        UHS        lo0 fe80::2a0:a50f:fc78:5530          pppoe0                        UHS      pppoe0 fe80::%re0/64                    link#1                        U          re0 fe80::2e0:4cff:fe68:27db%re0      link#1                        UHS        lo0 fe80::%re1/64                    link#2                        U          re1 fe80::1:1%re1                    link#2                        UHS        lo0 fe80::%lo0/64                    link#7                        U          lo0 fe80::1%lo0                      link#7                        UHS        lo0 fe80::%re0_vlan6/64              link#8                        U      re0_vlan fe80::2e0:4cff:fe68:27db%re0_vlan6 link#8                        UHS        lo0 fe80::%pppoe0/64                  link#9                        U        pppoe0 fe80::2e0:4cff:fe68:27db%pppoe0  link#9                        UHS        lo0 fe80::2e0:4cff:fe68:27dc%pppoe0  link#9                        UHS        lo0 ff01::%re0/32                    fe80::2e0:4cff:fe68:27db%re0  U          re0 ff01::%re1/32                    2001:981:41db:0:2e0:4cff:fe68:27dc U          re1 ff01::%lo0/32                    ::1                          U          lo0 ff01::%re0_vlan6/32              fe80::2e0:4cff:fe68:27db%re0_vlan6 U      re0_vlan ff01::%pppoe0/32                  fe80::2e0:4cff:fe68:27db%pppoe0 U        pppoe0 ff02::%re0/32                    fe80::2e0:4cff:fe68:27db%re0  U          re0 ff02::%re1/32                    2001:981:41db:0:2e0:4cff:fe68:27dc U          re1 ff02::%lo0/32                    ::1                          U          lo0 ff02::%re0_vlan6/32              fe80::2e0:4cff:fe68:27db%re0_vlan6 U      re0_vlan ff02::%pppoe0/32                  fe80::2e0:4cff:fe68:27db%pppoe0 U        pppoe0 [2.3.2-RELEASE][admin@fw.home]/root: pfctl -sa TRANSLATION RULES: no nat proto carp all nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on pppoe0 inet from 127.0.0.0/8 to any port = isakmp -> 82.161.239.242 static-port nat on pppoe0 inet from 192.168.178.0/24 to any port = isakmp -> 82.161.239.242 static-port nat on pppoe0 inet from 127.0.0.0/8 to any -> 82.161.239.242 port 1024:65535 nat on pppoe0 inet from 192.168.178.0/24 to any -> 82.161.239.242 port 1024:65535 no rdr proto carp all rdr-anchor "relayd/*" all rdr-anchor "tftp-proxy/*" all rdr-anchor "miniupnpd" all FILTER RULES: scrub on pppoe0 all fragment reassemble scrub on re1 all fragment reassemble anchor "relayd/*" all anchor "openvpn/*" all anchor "ipsec/*" all block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" block drop in log inet all label "Default deny rule IPv4" block drop out log inet all label "Default deny rule IPv4" block drop in log inet6 all label "Default deny rule IPv6" block drop out log inet6 all label "Default deny rule IPv6" pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0" block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0" block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0" block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0" block drop log quick from <snort2c>to any label "Block snort2c hosts" block drop log quick from any to <snort2c>label "Block snort2c hosts" block drop in log quick proto tcp from <sshlockout>to (self) port = ssh label "sshlockout" block drop in log quick proto tcp from <webconfiguratorlockout>to (self) port = https label "webConfiguratorlockout" block drop in log quick from <virusprot>to any label "virusprot overload table" pass in quick on pppoe0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" pass in quick on pppoe0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" pass out quick on pppoe0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" block drop in log quick on pppoe0 from <bogons>to any label "block bogon IPv4 networks from WAN" block drop in log quick on pppoe0 from <bogonsv6>to any label "block bogon IPv6 networks from WAN" block drop in log on pppoe0 inet6 from fe80::2e0:4cff:fe68:27db to any block drop in log on pppoe0 inet6 from fe80::2e0:4cff:fe68:27dc to any block drop in log on ! pppoe0 inet from 82.161.239.242 to any block drop in log inet from 82.161.239.242 to any block drop in log quick on pppoe0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8" block drop in log quick on pppoe0 inet from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8" block drop in log quick on pppoe0 inet from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12" block drop in log quick on pppoe0 inet from 192.168.0.0/16 to any label "Block private networks from WAN block 192.168/16" block drop in log quick on pppoe0 inet6 from fc00::/7 to any label "Block ULA networks from WAN block fc00::/7" block drop in log on ! re1 inet6 from 2001:981:41db::/64 to any block drop in log inet6 from 2001:981:41db:0:2e0:4cff:fe68:27dc to any block drop in log on re1 inet6 from fe80::1:1 to any block drop in log on ! re1 inet from 192.168.178.0/24 to any block drop in log inet from 192.168.178.1 to any pass in quick on re1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" pass in quick on re1 inet proto udp from any port = bootpc to 192.168.178.1 port = bootps keep state label "allow access to DHCP server" pass out quick on re1 inet proto udp from 192.168.178.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" pass quick on re1 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server" pass quick on re1 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server" pass quick on re1 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server" pass quick on re1 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server" pass in quick on re1 inet6 proto udp from fe80::/10 to 2001:981:41db:0:2e0:4cff:fe68:27dc port = dhcpv6-client keep state label "allow access to DHCPv6 server" pass out quick on re1 inet6 proto udp from 2001:981:41db:0:2e0:4cff:fe68:27dc port = dhcpv6-server to fe80::/10 keep state label "allow access to DHCPv6 server" pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" pass out route-to (pppoe0 194.109.5.175) inet from 82.161.239.242 to ! 82.161.239.242 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out on pppoe0 route-to (pppoe0 fe80::2a0:a50f:fc78:5530) inet6 from fe80::2e0:4cff:fe68:27dc to ! fe80::/48 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass in quick on re1 proto tcp from any to (re1) port = https flags S/SA keep state label "anti-lockout rule" pass in quick on re1 proto tcp from any to (re1) port = http flags S/SA keep state label "anti-lockout rule" pass in quick on re1 proto tcp from any to (re1) port = ssh flags S/SA keep state label "anti-lockout rule" anchor "userrules/*" all pass quick inet6 proto ipv6-icmp all keep state label "USER_RULE" pass in quick on pppoe0 reply-to (pppoe0 194.109.5.175) inet proto icmp all keep state label "USER_RULE" pass in quick on pppoe0 reply-to (pppoe0 fe80::2a0:a50f:fc78:5530) inet6 proto ipv6-icmp all keep state label "USER_RULE" pass in quick on re1 inet from 192.168.178.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" pass in quick on re1 inet6 from 2001:981:41db::/64 to any flags S/SA keep state label "USER_RULE: Default allow LAN IPv6 to any rule" anchor "tftp-proxy/*" all No queue in use STATES: ---8<--- SNIP ---8<--- ---8<--- SNIP ---8<--- INFO: Status: Enabled for 0 days 23:20:46          Debug: Urgent Interface Stats for re1              IPv4            IPv6   Bytes In                      212632837        283813782   Bytes Out                    1492315433      5846016430   Packets In     Passed                        1142930          2278495     Blocked                          2744            5972   Packets Out     Passed                        1257149          4286970     Blocked                              0                0 State Table                          Total            Rate   current entries                      436   searches                        18603154          221.3/s   inserts                          182085            2.2/s   removals                          181649            2.2/s Counters   match                            216006            2.6/s   bad-offset                            0            0.0/s   fragment                              0            0.0/s   short                                11            0.0/s   normalize                            18            0.0/s   memory                                0            0.0/s   bad-timestamp                          0            0.0/s   congestion                            0            0.0/s   ip-option                            17            0.0/s   proto-cksum                            0            0.0/s   state-mismatch                      1114            0.0/s   state-insert                          0            0.0/s   state-limit                            0            0.0/s   src-limit                              0            0.0/s   synproxy                              0            0.0/s   divert                                0            0.0/s LABEL COUNTERS: Block IPv4 link-local 212229 0 0 0 0 0 0 0 Block IPv4 link-local 125632 0 0 0 0 0 0 0 Default deny rule IPv4 125632 26832 7404811 26832 7404811 0 0 0 Default deny rule IPv4 193922 0 0 0 0 0 0 0 Default deny rule IPv6 212231 5978 952881 5978 952881 0 0 0 Default deny rule IPv6 86600 15 996 0 0 15 996 0 Block traffic from port 0 199428 0 0 0 0 0 0 0 Block traffic from port 0 197965 0 0 0 0 0 0 0 Block traffic to port 0 171550 0 0 0 0 0 0 0 Block traffic to port 0 170884 0 0 0 0 0 0 0 Block traffic from port 0 199431 0 0 0 0 0 0 0 Block traffic from port 0 197345 0 0 0 0 0 0 0 Block traffic to port 0 27884 0 0 0 0 0 0 0 Block traffic to port 0 27758 0 0 0 0 0 0 0 Block snort2c hosts 199430 0 0 0 0 0 0 0 Block snort2c hosts 199428 0 0 0 0 0 0 0 sshlockout 199434 0 0 0 0 0 0 0 webConfiguratorlockout 34150 0 0 0 0 0 0 0 virusprot overload table 139234 0 0 0 0 0 0 0 allow dhcpv6 client in WAN 136973 0 0 0 0 0 0 0 allow dhcpv6 client in WAN 24831 21 3801 21 3801 0 0 0 allow dhcpv6 client out WAN 84300 24 3696 0 0 24 3696 0 block bogon IPv4 networks from WAN 89023 0 0 0 0 0 0 0 block bogon IPv6 networks from WAN 87735 0 0 0 0 0 0 0 Block private networks from WAN block 10/8 127716 0 0 0 0 0 0 0 Block private networks from WAN block 127/8 126622 0 0 0 0 0 0 0 Block private networks from WAN block 172.16/12 126622 0 0 0 0 0 0 0 Block private networks from WAN block 192.168/16 126622 0 0 0 0 0 0 0 Block ULA networks from WAN block fc00::/7 126926 0 0 0 0 0 0 0 allow access to DHCP server 124287 98 33136 98 33136 0 0 1 allow access to DHCP server 217 434 165597 217 94421 217 71176 2 allow access to DHCP server 139832 0 0 0 0 0 0 0 allow access to DHCPv6 server 88724 0 0 0 0 0 0 0 allow access to DHCPv6 server 0 0 0 0 0 0 0 0 allow access to DHCPv6 server 0 0 0 0 0 0 0 0 allow access to DHCPv6 server 3220 0 0 0 0 0 0 0 allow access to DHCPv6 server 2633 0 0 0 0 0 0 0 allow access to DHCPv6 server 2633 0 0 0 0 0 0 0 pass IPv4 loopback 199120 40 3768 20 1268 20 2500 0 pass IPv4 loopback 40 0 0 0 0 0 0 0 pass IPv6 loopback 62 24 3696 24 3696 0 0 0 pass IPv6 loopback 42 0 0 0 0 0 0 0 let out anything IPv4 from firewall host itself 199096 96 8338 47 4807 49 3531 1 let out anything IPv6 from firewall host itself 62436 6537294 6113385103 4265755 5831145973 2271539 282239130 493 let out anything from firewall host itself 62427 2199794 1645496455 1183552 1451981118 1016242 193515337 796 let out anything from firewall host itself 62437 0 0 0 0 0 0 0 anti-lockout rule 202715 3175 2203691 1421 117700 1754 2085991 0 anti-lockout rule 199961 3175 2203691 1421 117700 1754 2085991 0 anti-lockout rule 199961 4734 2329089 2187 164329 2547 2164760 1 USER_RULE 202669 295 16008 116 5584 179 10424 0 USER_RULE 202605 36 1853 23 1351 13 502 0 USER_RULE 199922 36 1853 23 1351 13 502 0 USER_RULE: Default allow LAN to any rule 138935 2291258 1659445059 1087388 204607559 1203870 1454837500 1090 USER_RULE: Default allow LAN IPv6 to any rule 6767 6516204 6109716448 2260226 281068737 4255978 5828647711 304 TIMEOUTS: tcp.first                  120s tcp.opening                  30s tcp.established          86400s tcp.closing                900s tcp.finwait                  45s tcp.closed                  90s tcp.tsdiff                  30s udp.first                    60s udp.single                  30s udp.multiple                60s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          115800 states adaptive.end            231600 states src.track                    0s LIMITS: states        hard limit  193000 src-nodes    hard limit  193000 frags        hard limit    5000 table-entries hard limit  200000 TABLES: bogons bogonsv6 snort2c sshlockout virusprot webConfiguratorlockout OS FINGERPRINTS: 710 fingerprints loaded</bogonsv6></bogons></virusprot></webconfiguratorlockout></sshlockout></snort2c></snort2c></performnud,accept_rtadv,auto_linklocal></up,pointopoint,running,noarp,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></performnud,auto_linklocal></promisc></performnud,auto_linklocal></broadcast,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

strange thing this dhcpv6..

lost the reservation again.

Thanks to /dev/null for pointing me in the right direction, based on his notes I was able to get it working.

This thread had the solution:

https://forum.pfsense.org/index.php?topic=90699.msg508549#msg508549

I had to setup the prefix delegation in the advanced section on the WAN page

send options: ia-pd 0

prefix delegation: checked

That was all that was required. I originally tried the options /dev/null provided but it didn't work. Once I cleared the fields so it was like the screenshot c0re had in the other post it worked straight away. Even after rebooting the pfSense box in continued to work OK.

Frustrating how it all works though.

It's been brought up in several places on the forum already. It's actually a Chrome bug.

You can use the System Patches package to apply https://patch-diff.githubusercontent.com/raw/pfsense/pfsense/pull/3127.patch which will allow the validation to work with the latest Chrome. The Chrome regex parser has a bug in that it does not allow escaped characters inside a list, even though it is a valid – but not required -- regex expression.

Because that /112 (which isn't a real /112, it's a shared /64 where i'm simply only allowed to use /112 without it being an actual subnet) is the dynamic standard for single-server-single-link in their provisioning system,

That makes more sense.  They give you a 65K block of addresses and you're supposed to do a static config or possibly mapped DHCP for your systems.  That means there could be 2^48 other systems in there sharing that /64.  ;)

You have to switch to non aiccu mode.

Hi everyone, just an update regarding this issue.  I posted in a Teksavvy dslreports forum about the issue I'd been having and got some interesting feedback.  They recommended allowing IPv6 ICMP packets to hit the WAN interface of the firewall.  After doing this, my IPv6 connectivity to my LAN has remained constant and is at 5 days straight now vs losing it after 2 days.  So either something has changed on the Teksavvy side to monitor the CPE/FW of their customers to ensure that the DHCP /56 that is handed out is still valid and should stay in their routing tables vs removing it.  Or something on the pfsense configuration changed in that Teksavvy is no longer able to tell whether the FW is alive or not via some kind of ND or whatever.  This started about a year ago so it's not something recent.  Others seem to have experienced similar problems with one person using a cron job to reset the DHCP6 session nightly.

I'll post back if things change and I lose connectivity again.

LoboTiger

@rancid-lemon:

@bimmerdriver:

@rancid-lemon:

I tried to install patch 3102 for this issue, but I run into a 'this patch can't be applied cleanly' error.

Can anyone advise how to install on 2.3.2?

PR 3102 hasn't been backported to 2.3.2 (yet, I hope). If you want to run the patches, you need to run the development snapshot. I'm running PRs 3102/1, 3102/2, 3103, 3105, 3106 and 3107 and they are working quite well. The only patches that are specifically for the RA issue are 3102/1 and 3102/2. The rest are for dhcp6. Refer to https://redmine.pfsense.org/issues/5993 and https://github.com/pfsense/pfsense/pulls. The shapshot already has an earlier version of the fix, so it should get a prefix even without the PRs.

Understood, thank you for the explanation. I will give the snapshot a go and see how I get on before installing the patches, will keep an eye on this thread too.

In case you didn't notice, if you upgrade to the latest 2.3.3 development snapshot, all of the pertinent patches have already been merged.

You're not missing it. It's not supported. I believe it should be, however. If you want to set up a reservation for a host, such as a laptop, with wifi and wired interfaces, it's needed to prevent an address clash.

@johnpoz:

"the provider actively blocks 6in4 on their RGs"

So they are blocking protocol 41?  You ask them this and they gave you reason why?  This is AT&T

http://www.dslreports.com/forum/r30137020-AT-T-U-Verse-Protocol-41-IPv6-Net-Neutrality-Complaint-with-FCC

What equipment do you have from them?

I've got a Pace 5268AC.  Disappointingly, there is native v6 available, but it doesn't support the /60 they hand out when you use it in DMZ+ (with pfSense).

I've thought about filing a net neutrality complaint, but I can likely see them citing security issues with allowing 6in4.  Based on my research, they either deny or act confounded when asked (or served).

I called the support line and advised them.  They said IPv6 isn't officially supported yet, so there may still be issues.  They said they'd forward my probelm to the appropriate people.  Hopefully, it's just a teething problem that will be resolved shortly.  At least the person I was talking to knew what the DUID was and what it's supposed to do.