On networks with end user devices, yes, it would be a bad practice to use anything other than a /64.

@sheptard: I just updated to 2.3.2-DEVELOPMENT which included a update to dhcp6 and seems things are working better. my internal clients have valid ipv6 addresses and ipv6 dns works just fine. However I can't get any ipv6 traffic to leave my lan, but ipv6 connectivity works just fine on the router. I just installed the DEV version and for me there was no difference. I configured the prefix and other settings as before. I had to manually start dhcp6c as above. After that, everything was the same as it was with the other version. The dhcp6 gateway status is "pending", but ipv6 is working.

Jimp, Many thanks for your reply. The static IP address client (::210) is in the NDP Table but I am not sure if the client is talking to pfSense. Please see the attached NDP Table. Thanks again for your reply! [image: Untitled.jpg] [image: Untitled.jpg_thumb]

Ok … almost that way .. I got a /64 and a /48 from HuricaneElektric The /64 is no between the first PFSense and the CARP-Cluster The /48 is routed to the vIP of the CARP-Clusters WAN-vIP the first /64 out of the /48 is for the LAN now. RA is set to unmanaged for LAN-IPv6 Some stuff with default-GW and firewall arround ... Now it works really fine!

Worked it out, just needed to get my upstream provider to add static routes for those internal LANs to his upstream router. 2222:fc00:0:123::10:21c/64 via 2222:fc00:0:21::10:21c 2222:fc00:0:127::10:21c/64 via 2222:fc00:0:21::10:21c

LOL I was actually just reading through that same post. Seems pretty interesting. I have the old version of the Netgear switch theyre talking about. It has since died. Wonder if I can RMA it! :P Otherwise, I need to pick up a new switch anyway.

ipv6 must be in lowercase https://tools.ietf.org/html/rfc5952#section-4.3 https://forum.pfsense.org/index.php?topic=114173.msg634799#msg634799

Basically - yes. I assign a /64 for each VPN instance, each "LAN" etc etc. As to what you set as the range, it depends completely on what you were assigned by HE. Also, you have to set up the firewall to use IPV6 at all and you have to secure it.

I guess this errormessage is also intressting: From systemlog: /rc.newwanipv6: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid re2_vlan1 re2_vlan2 re2_vlan3' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.3.3-P1 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 15 leases to leases file. Listening on BPF/re2_vlan3/00:0d:b9:33:95:42/192.168.3.0/24 Sending on BPF/re2_vlan3/00:0d:b9:33:95:42/192.168.3.0/24 Listening on BPF/re2_vlan2/00:0d:b9:33:95:42/192.168.2.0/24 Sending on BPF/re2_vlan2/00:0d:b9:33:95:42/192.168.2.0/24 Listening on BPF/re2_vlan1/00:0d:b9:33:95:42/192.168.1.0/24 Sending on BPF/re2_vlan1/00:0d:b9:33:95:42/192.168.1.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that t Command executed via ssh: [2.3.1-RELEASE][root@pfSense.localdomain]/root: /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid re2_vlan1 re2_vlan2 re2_vlan3 Internet Systems Consortium DHCP Server 4.3.3-P1 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 15 leases to leases file. Listening on BPF/re2_vlan3/00:0d:b9:33:95:42/192.168.3.0/24 Sending on  BPF/re2_vlan3/00:0d:b9:33:95:42/192.168.3.0/24 Listening on BPF/re2_vlan2/00:0d:b9:33:95:42/192.168.2.0/24 Sending on  BPF/re2_vlan2/00:0d:b9:33:95:42/192.168.2.0/24 Listening on BPF/re2_vlan1/00:0d:b9:33:95:42/192.168.1.0/24 Sending on  BPF/re2_vlan1/00:0d:b9:33:95:42/192.168.1.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf.  Also make sure you are not running HP JetAdmin software, which includes a bootp server. If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug.  These pages explain the proper process and the information we find helpful for debugging.. exiting.

For improved usability I would suggest noting that either in the description or error message that pops up.

Alright, that makes sense. Thanks for the help.

@hcoin: Re #2…. The firm but gentle encouragement I give along these lines has the same result the cashier at the grocery store gives when I explain "But I contribute to open source software, do I still have to pay?" Not an apt comparison at all. If you're paying someone for connectivity and they aren't routing you an IPv6 block for use internally, they aren't providing what you're paying for.

which field on which page?

this fixed it for me

I'm still having this issue with default settings Modem: SB6183 pfSense: 2.3.1 DHCPv6: Pending this fixed it for me: https://forum.pfsense.org/index.php?topic=87623.0

No idea about your issue but for something similar happening on my cable modem. The work-around until the glitch was fixed by the ISP with new modem firmware was to do a DHCP release/renew on the WAN interface in pfSense, much less aggravation than a reboot! http://your-pfsense-box/status_interfaces.php

Yeah, the PPPoE example is exactly the same situation that you have with a tunnel provider such as HE or SixXS. There has to be a separate tunnel network (sometimes called transfer network) with an address space that does not overlap with any of the other subnets used on your systems, otherwise you just can not route anything. On such tunnel network a /64 is used but only two addresses are ever actually used because link is point-to-point with just two peers.