hi

Then get yourself a free tunnelbroker account at HE.net or equivalent and start using it!

I'm not experiencing this with TWC cable modems but I've heard of another user having a similar issue in another TWC market. The dhcp6c client has many options which I wish was changeable via the gui but you can change manually..

maybe these threads can help?

https://forum.pfsense.org/index.php?topic=76322.msg426945#msg426945
https://forum.pfsense.org/index.php?topic=73760.0

dhcp6c.conf man
https://www.freebsd.org/cgi/man.cgi?query=dhcp6c.conf&apropos=0&sektion=0&manpath=FreeBSD+Ports+8.4-RELEASE&arch=default&format=html

I posted an issue in regards to it a while back. Haven't heard anything yet

https://forum.pfsense.org/index.php?topic=77506.0

@hda:

Just use the /56 for configuring your IPv6 connection to world.

You can't just use an address from the delegated /56 for your WAN interface; the routing on the ISP side will be set up to route any traffic to the delegated /56 via an address in the (separate) prefix range assigned to the WAN.

Bumping this instead of starting a new thread.
This bug: https://redmine.pfsense.org/issues/1831

Now it says "Future" instead of 2.2. No news on this matter? Got CP working and then noticed DHCPv6 stopped working, somewhat frustrating. :)
Anyone got ideas for a workaround?

so since i probably can not make ipv6 for the client network work with my current setup i want to get ridd of the ISPs router (speedport w724v) completely and let pfsense handle everything solely (as it was before we switched to voip).

what i need is some sort of DECT base station that does VOIP or can "forward" VOIP to a asterisk (i'm not exactly sure how this would look like, voip is new to me)
are there all-in-one boxes that can do this and don't require to be the main router to the internet?  (so i just have to open the ports for it in the firewall/NAT)
i could also set up an VM with asterisk, but i somehow need the hardware to connect the phones via DECT and if the hardware has to be plugged in the server it has to work when on pci-passthrough on vmware esxi

i understand you.
its just for educational purposes and its easy since it dont require software on the clients.

Just to keep you updated… It works, today morning IPv6 was up and running, but there is one thing strange: The "Dynamic DNS" panel shows the wrong (old) IP in red. But I just saw, that there were some fixes for the upcoming 2.2, so I am relaxed.

@mjtrainor:

Interesting that em0 would have a IPv4 problem, since that's been problem free. Is miniupnpd strictly UPnP? If so, it's possible that's not working, it's not something we use very often.

Yes, that's for UPnP (and NAT-PMP) only, so probably doesn't matter for you. Could just be a timing-related issue.

And suggestions on what to look at for this?

I'd fire up packet captures on your pfSense box's WAN and LAN interface and then try to ping an external address from a LAN client. I'm assuming you do have a firewall rule that allows IPv6 traffic from "LAN network" (as opposed to something hard-coded)?

How do you enable both DHCP-PD and the DHCP6 server? Any interfaces configures as "track interface" (i.e., use delegated prefix) don't even show up in the DHCP6 server configuration for me at all…

@hda:

My understanding of IPv6. Don't route other or larger (i.e. /48) than a /64. And static IP's are a /128.

Nope. Being static has nothing to do with how large a subnet is.

IPv6 must be assigned in /64s per interface. So a /64 for LAN, a /64 for DMZ, a /64 for WIFI. You can assign smaller subnets than that, but it's not recommended (auto configuration breaks, since it expects to be able to fit the mac address in the IP address). And with the large number of /64s in a /48 you'll run out of rack space before you can allocate all the /64s, trust me  ;)

ah, found out the issue.

we have a /56 (256 IPv6 /64 blocks

so I have changed IP6v subnet on lan of pfsense from

2A00:xxxx:xxxx:5:21D:AAFF:FEB9:F000

to

2A00:xxxx:xxxx:4:21D:AAFF:FEB9:F000

I can now ping 2A00:xxxx:xxxx:4:21D:AAFF:FEB9:F000 from the internet

Problem solved.

Turns out it was a setting on my NIC.

I needed to change "Large Send Offload v2 (IPv6)" to disabled.

This is found in Device Manager > Network Adapters > <right click="" your="" adapter="">Properties > Advanced

Hope this helps someone!
Todd</right>

Hi jyppy65

I also have two ipv6 link local address on my pppoe0 interface but I can't report any problems with that.

Do you have any problem with that ?

regards

supermega

Pretty much what it says: When that option is enabled, the DHCP request sent out by pfSense will include info on what size prefix we would like to have delegated to us (which the DHCP server may or may not honor – hence, "hint"); without that option, the DHCP request will just ask for a prefix without specifying the desired length, so the DHCP server will generally just delegate a prefix with some default size, and that obviously may not match what you selected as "prefix delegation size" in pfSense.

You can add it as an IP Alias VIP. It will exist along with the auto-generated version. That can also be disabled with a sysctl, but it's not recommended to do so since it could have unintended consequences.

I know this is an old thread – but I had a similar problem.  I am using DHCPv6;  Windows 7 would obtain an address from DHCPv6 and the default route from the router.  The default route would be there (as seen via "route print") for 30 minutes.  Then it would disappear.

I found that the default Windows Firewall allows ICMPv6 ONLY from fe80::/64.  Normally, this is fine, however, in our infinite wisdom, we set the router's link-local address to be fe80:42::1  (which isnt part of the fe80::/64 subnet).  If we let it pick its own link-local, (the default) it would have been OK.

Thus, the initial default gateway appeared because Windows requested it via Router Solicitation.  But it was unable to hear the periodic Router Advertisement messages after that in order to keep that default route alive.  It timed out after 30 minutes and disappeared.

We've since changed our router's link-local address to be fe80::42:1 (which IS part of fe80::/64).

Well - If you have a default ipv6 gateway, all the IPV6 traffic on the lan will try to go there.

So, I think if you put a pass-all firewall rule on the lan for anything originating from a 2002 ip and then at the bottom in the advanced section of that rule change the gateway from default top the correct gateway, your traffic will go out over the correct gateway.

I have not tried this with IPV6 but seems it should work.