Looking at the 0.0ms RTT and Monitor "none" on HENETv6_TUNNELv6 GW… Are you absolutely sure you did NOT tick the "Disable Gateway Monitoring" instead of "Default Gateway"?

There's really no point in dropping MTU to 1280 on LAN.

split to its own thread since it had no relation at all to where it was originally posted.

@jpp:

However, I noticed that pfSense assigns the client mac address as the local part of the IP6 address.

No, your clients are doing that themselves. They should be using privacy addressing, so the v6 IP with the MAC in it is assigned, but not actually used for Internet traffic. Check on privacy addressing with your client OS(es) of choice. It's on by default in every recent mainstream OS (Windows, Linux, OS X, iOS, BSDs, etc.).

Also there is a bug when prefix length is not 32 for 6rd.
Check this section of the forum for a  fix.

To add: MTU values must be in alignment.

Test if you need 1492 with the PPPoE (not the 1500). So in pfSense Interfaces WAN & LAN set MTU 1492.
Assure with rebooting in line with the MoDem.

Expectation:
if MoDem in bridge > if MoDem/PPPoE(IPv4) on WAN-iface > if WAN-DHCP6 > then a fe80…. on WAN-iface and a 2001:44b8:etc/64 on LAN-iface.

The ISP is useless. Get a tunnel from HE and ditch the ISP's IPv6 clusterfuck.

It would add some latency - yes.

Good for you. So a lack of register  ;)

Suggestions ?
Post explicit configuration (data, pictures) like:
Interfaces: WAN, : LAN and Services: Router advertisements.

First of all thanks! it is working now

for future reference the changes i have made:

System: Advanced: Networking: Allow IPv6
Firewall:
  Wan Allow DHCP6 UDP from port 547 to 546 (would be nice to make it more specific/secure..)
  LAN  Allow IPV6 from LAN to any

hardware lineup:
Fiber NTU > HP 1810 switch to split up Vlan's to TV's (vlan4) and pfSense (Vlan6 PPPoE)
then the pfSense is running on VMware esxi using 2 vswitches (one connected to the HP1810)

@hda:

Why is it reporting, where to look and adjust ?

Found a factor for the sendmsg:

When created a IPv6-static LAN with a switch plugged-in,
and set Services: Router advertisements: (Router Only),
but no hosts active/connected.

Solution: change to Services: Router advertisements: (Disabled).

Retry with 2.2 release, still have to run it manually?

I don't have much expectations from dhcpv6/radvd
I don't think they are important for me. I can even disable them and configure each VM with static IPv6.

All I want to do is to implement the following:
"routable doesn't mean reachable"

Just need the pfsense box to be a ipv6 firewall/gateway for VMs on LAN

Thanks!!

@balubeto:

@hda:

@balubeto:

… Enable IPv4 NAT encapsulation of IPv6 packets ...

WHY do you need IPv6 ?
IPv6 is meant as a public addressing system that you manage with inbound/outbound allowances.

Because I have some programs that also use the IPv6 protocol.

Can you mention an example, a typical program that wants to go public while there is no public IPv6, but that will refuse to take the IPv4 instead ?

What brand-type of MoDem-Router/Switch do you have ?
Is your Internet Service Provider able to offer you IPv6 ?

Here's the feature request for it…

https://redmine.pfsense.org/issues/3029

Since this morning the LAN interface had no public IPv6 address, and now I returning on pfSense and the LAN interface has received its IPv6 address ..
Why must wait several hours before the interface obtains its IPv6 address?

Now :

But if I reboot pfSense now I know I should not have IPv6 address on my LAN interface for some hours…

@Maarten90:

… some say that setting a MTU of 1492 fixes this...

Salvation of (jumbo) MTU issues for IPv6 are actually beyond control of the end-user; RFC4638 must come into effect first at all locations. The other problem is that many global server-admins block IPv6 ICMP signals. So the test is useless or excluded.

The best you can do, I think, is maybe set the value to 1492 at the first host which is your FB. [see FB>Internet>Account Info>IPv6>Addtional Settings>] So then the FB announces the right thing to pfSense (and you let that box to the default 1500)

(Sofar I experience no webpage problems, my ISP FB-config ships max MTU 1492 as a temp. solution)

N.B. some config changes require a reboot in download sequence of the 2 cascading boxes, and then a DHCP6(PD) ISP refresh-cycle (upto 1 or 2 hrs). So look & wait until your pfSense-LAN IPv6 number is back and up…

Hi Leeph,
I've exactly the same issue as you! Suddenly, my IPv6 connectivity dropped and I also detected that outgoing packets are sent to the ovpns1 interface!?
Could you please give more details about your fix?

<update>Here is the route which affects my traffic:

ff02::%ovpns1/0 fe80::200:24ff:fed0:6950%ovpns1 U 0 78423 1500 ovpns1</update>

Tx!
@xme

Ended up opting out and getting a Cisco EPC3825 that can do both pure bridge and "IP Address Pass-through " feature. In other word no double NAT issues and Fritz!Box half locked config from operator.