@luckman212 Hi, I am using pFsense plus 24.03, I am still having same issue where WAN interface only got a local IPv6 and not a IPv6 assigned by FIOS, is a problem when I configured CoDel Limiters for Bufferbloat, limiters work fine for IPv4 but not for IPv6 since it doesn't have a IPv6 and can identify traffic going through the WAN. I tried your patch and I was unable to make work. Are you aware if pFsense plus 24.03 already fixed this issue, and let me know what is the configuration we have to use to make WAN to obtain and IPv6 or how to make the onfiguring CoDel Limiters for Bufferbloat to work with IPv6 traffic. Thanks.

@SteveITS It's a home account with an owned Netgear Nighthawk CM2000. There were times where it would work AS IS, didn't need to specify the WAN for a /64 and no RA check. But most of the times, I'd have to specify /64 and Don't wait RA checked or else I'd get no IPv6 on LAN. Weird...

I have Fidium fiber they said it’s still on IPv4 so I stated using HE tunnel broker service.

Forgive me if I'm misunderstanding what you're wanting to do, but on pfSense you can set up a Prefix Delegation Pool in the DHCPv6 Server settings for the interface to which the UDM is connected. Assuming the UDM supports PD it should request a prefix from pfSense which will then take care of the routing. Also, as you might already be aware, an easy way to disable NAT for IPv4 is to switch to Hybrid Outbound NAT and add a "NO NAT" rule for IPv4 for the interface the ISP device is connected to.

after a bunch of screwing around, I have it working. I wrote up what I found here: https://forum.netgate.com/topic/188676/ipv6-dhcp-client-with-att-fiber-without-gateway-working In particular: In the instructions at [https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html], section Add Modem-WAN Bridge Rule, the instructions say to set Protocol Any. If you do this, the DHCP6 requests from the modem will be forwarded through PFSENSE to the ONT and cause XID mismatch errors. This should instead be set for Protocol IEEE 802.1X. and a lot of rebooting or it will not work.

If it helps, the 6rd parameters are received in option-212 response of the DHCP server response. I can send tcpdump captures if needed.

@peuga i took your word, and set the ISP device in router mode. apparently it isn't getting ipv6 either, and connecting to it via WI-FI and trying a ipv6 test, it fails. [image: 1716406827486-3c76df44-86a3-44df-9770-aa700610bf4b-tim2.png] imma try calling them, apparently it's a problem on their side (tho, even then, i might have some config problems later)

@marcg Thank you for the tip. When I get some free time, I will check out the auto generated interface addresses prefix's.

Nobody has anything that could help us here? Are we posting in the wrong place?

@Antibiotic said in HE tunnel broker: This is not a native ipv6, its going over ipv4 as understood and increase only latency. Why you using ipv6 tunnel, for what? The traffic is really IPv6. The fact that it goes over pppoe or PPP or radio waves (Wifi or 4G) or VHF (to ISS) or whatever or whatver kind of VPN : it is IPv6. he.net exists because there are ISPs out there that do only IPv4 and if you need IPv6, he.net is a very good plan B. edit : you can se the tunnel as a VPN connection between two points, your pfSense and their POP. This tunnel can only use IPv4, so that is used to encapsulate IPv6.

@Gertjan said in Configure IPv6: The thing is : they have to invest. Their equipment is probably a collection of 'works fine for IPv4' but can not deal with allocating IPv6 stuff That's likely a software issue, not hardware.

@Globaltrader312 I have now also removed the firewall rules under NAT

@michelv I don't recall ever seeing that in my logs, but then again I block a lot of multicast at the switch level, but if I had to guess it would be this https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#ip-options TCP options should only ever be in SYN packets.. That clearly isn't a SYN. when sent to broadcast ff02::fb I would sniff and look at those that are blocked.. If you don't want those logged you could set a non log rule with ip options checked. [image: 1714555623858-options.jpg]

@mike123 Sorry but I don't buy this.. How was windows 11 getting IPv6 if you did not provide it through pfsense? And windows 11 isn't going to share its internet connection without you enabling that feature. Did you enable the mobile hotspot feature? I would like to see these connections you were seeing on thee other servers to IPv6 addresses. Sure if you enabled IPv6 on this machine, or it got internet via IPv6 and you enabled mobile hotspot then yeah it could hand out IPv6 address to other clients. None of which would have anything to do with pfsense. network to get IPV6 via DHCP relay. No not how it would work there would not be a dhcpv6 relay involved. This device that your saying is browsing the internet via IPv6.. Can we see a traceroute from this device to some IPv6 address out on the internet.. If your windows 11 box is sharing its internet connection, I would disable that. And I would prob also just disable IPv6 on it if you don't want it using it either. Its pretty simple to just not provide IPv6 to devices behind pfsense if you don't want to.