Judging by your description initially, it seemed like you had a PD-assigned subnet, and were sending traffic out your WAN, but it was just disappearing somewhere upstream. Probably was something on the modem that flaked out from the sounds of it, or maybe Comcast missed adding a PD route for your delegated subnet and power cycling the modem fixed that upon your next DHCPv6 request. Glad that worked. Might want to try rebooting only pfsense to make sure it comes up clean after a reboot.

Upgraded to 2.3 and I can confirm that radvd doesn't start when it is marked as disabled in the GUI.  :D

Upgrading to pfSense v2.3 broke my IPv6-connectivity. :-)  Need to take a look at it when I get home tonight. EDIT: Sorry. A new reboot was needed. Everything working again. Not sure why it never came up the first time.

@cmb: Guessing maybe you were just trying ICMP? There was a bug in the GUI's firewall log display for ICMPv6 in versions pre-2.3, where it'd be in the log but not displayed in the GUI. No, I was running a web-based IPv6 SMTP test, and also trying to access IMAP via my phone (also IPv6). Both attempts always timed out, but when I moved my rules over to the tunnel ruleset they started working… never saw any block messages.

DNS can return both types of records (A and AAAA) and it's completely up to the application that requested the DNS resolution to decide which ones it's going to use. Availability of IPv6 connectivity and set up preferences in the operating system (such as ip6addrctl(8) in FreeBSD) can also affect the decision whether to use the IPv4 or IPv6 address for the connection.

Ah… Those are some weird ass boxes to be sure.. Sorry off the top I do not think you can announce RA out the wan.. That could be a dangerous thing to do if you were directly connected to the ISP that is for sure. You could prob do it via manual manipulation of the configs..  But I don't see a way to do it in the gui.  RA gui is tied to having static on the interface, since its under the dhcpv6 server tab..  Try setting static ipv6 on your wan interface connected to your fritz.. Then you should be able to enabled dhcpv6 and get the RA gui tab..

I tried lots of different combinations of configurations including the suggested ones. Without any luck. Monitoring the pppoe interface as well as my local interface I've registered the following: pppoe not seeing dhcpv6 pd requests local Not seeing any router advertisements whatsoever by the router My feeling is that pfsense is flawed in some place, but I'm too new to BSD and pfsense in order to pinpoint the source of the problem. Maybe the problem is that I'm also using 6in4 with he.net. But even when I delete all configuration parameters of that config problems persist. Might this be a concern? Mar 28 02:10:14 pfsense php-fpm[34291]: /interfaces.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em0_vlan5 em0_vlan10' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.8 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 21 leases to leases file. Listening on BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Sending on  BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Listening on BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Sending on  BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf.  Also make sure you are not running HP JetAdmin software, which includes a boo What other configuration files can I post to help solve this?

thanks guys, it seems to have worked.

So far I was able to make the update in a bind DNS dunning on another server. The issues I found are that with the release of IP. It is working fine as far as I have only IV6 configured. If I am playing with double stack there isn't any update in my bind servers. Still playing to find if I can detect where is the issue (client, pfsense, bind server….)

I'm not sure if they are giving out static or dynamic v6 addresses.  My original problem wasnt that v6 addresses were changing on my domain controllers and causing dns issues.  I'm just trying to get it to work the first time.  I'm used to IPv4 and memorizing private IPs.

Sucess :) In the event someone else comes across this here is what I did :) Assign an IPv6 address to your pfSense WAN. For me, I added an IP address to the virtual interface on my Router. Make sure you can ping an ipv6 address from the WAN interface using Diagnostics > Ping. interface ve 10 ip address 155.x.x.1 255.255.255.240 ipv6 address 2607:x:x:8200::1/64 ipv6 enable Create a static route on your router to you pfSense WAN IP. ipv6 route 2607:x:x:8201::/64 2607:x:x:8200::2 Assign the gateway IP to your pfSense LAN without a gateway. You should now be able to ping an ipv6 address from your LAN interface using Diagnostics > Ping. Setup DHCPv6 (if you are using it) and RA. Set any firewall rules that are needed for the outside world to communicate with your LAN side server You should be able to speak to the internet and back to your LAN side server :)

@hda: (Your ISP-box must delegate-on-request with use of its DHCP6-server, to pfSense) Not if they're static. They actually seem to be part of some bigger net block anyway. Just need to add a static route to send it to the other device in that case.

Don't manually modify anything. Either disable logging of default block rules, which will disable that logging, or uncheck "Allow IPv6" so your floating rule can match and block without logging.

Or just use the resolver. It's not that I need 256 /64s here at the house but I can easily see myself needing more than 16. The whole point of IPv6 is to never worry about it again. There are enough /56 networks to give every person on earth 10.1 million of them (in general, not counting reserved space etc (2^56 / population of earth @ wolframalpha)). It's a non-issue. Just get a /56.

THX! The Problem was an impropper configuration of the IPV6-LAN-Interface. I just forgot to set an vIP and different IP's for the two pfSense. So both of the DHCP gave their very best to provide even more adresses that the other one. As I fixed that the battle stopped and now this is working fine

I'm bridging because the way my house is set up I have APs in different spots around the house, I need seamless transition from one AP to the next and if you change network ports I change networks.  A bridge lets it be one flat network between the three 802.11ac points so as devices transition as they move throughout the house network connectivity doesn't go goofy. VPN clients will disconnect, etc if I change underlying networks. This is the way I've done it since early 1999 or so, and if it wasn't broke not in a hurry to fix it but Is there another method besides bridging that will allow me to continue a flat network on each port?  Based on my knowledge I have to create four subnets and have four different DHCP ranges and this causes issues.  I'd prefer to have a single device that does both my network switching & internet firewall/routing. I'd prefer not to step it down to a single LAN as my connectivity via wifi sucks without distributed hot spots, and also to be honest what I'm doing was handled just fine by my lower performance router i replaced because of my update to faster internet.  It's not that I'm having trouble distributing the IPV6, I'm not getting one and DHCLIENT6 is not running.  It'd be one thing to me if I was getting an IPV6 on my WAN port, but I'm not even getting that.  If I do get that, my IPV4 stack crashes and requires a reboot to recover.    The WAN port isn't bridged in anyway, its' off by itself. My Network Diagram of the physical layer. [image: b89hWe3.png] Based on everything I've read about the way TWC works for IPV6 is they give you a /64, so that's what I was going with. Screen shots of my extremely basic configuration (checkboxes checked) is here http://imgur.com/a/EyljQ

@hda: Hi David, great to read from you again :) <github.com pfsense="" commit="" ec0643f7f1537ab6a18ed05fc015ecba598fcffc="">does yield, but from head on: From 682d280755ee7bd2140dca84b5ee21659a4ae580 Mon Sep 17 00:00:00 2001 From: David Wood <david@xxxx.org.uk>Date: Thu, 24 Dec 2015 05:50:16 +0000 Subject: [PATCH 1/8] Make ppp-ipv6 the only way interface_dhcpv6_configure() is called on PPP interfaces ... snipped</david@xxxx.org.uk> And following code content is very different from your last patch (4th)  ;)</github.com> For some reason, System Patches chooses to use the .patch GitHub URL, which gives all the history including the many code snippets I later reversed. If it used the .diff GitHub URL, that produces a flat patch with no history, which is really what you want. In this case, I suggest using https://github.com/pfsense/pfsense/commit/ec0643f7f1537ab6a18ed05fc015ecba598fcffc.diff as the URL.