To answer some of my own questions.

Till now I have not been able to use DHCP-PD on the LAN side of pfSense. Well the client routers (CPEs) get the info but I do not know if the DHCP-PD service of pfSense actually works in creating some dynamic routes, but right now I have kind of given up on trying.
If any of you know how to utilize DHCP-PD correctly as well as "Services - Router Advertisements - RA Subnet(s)" (from Services - DHCPv6/RA - Router Advertisements) then I will be thrilled to hear about it! :-)

But in my pursuit in getting the D-LINK DIR-860L to work I have this to report:
A) I have changed the LAN from a /48 to a /64 network.
B) I have created an alias for a /56 network (a subnet of the /48 network).
C) I have created a firewall rule, so that the /56 network can gain access from the LAN of pfSense and out in the world
as well as a firewall rule on the WAN so traffic can get into that network.
D) Then I have made a route from the LAN of the pfSense router and onto the /56 network. I have used "System - Routing - Routes".
E) And then I statically configure the d-link router (meaning no use pfSenses DHCPv6/DHCP-PD).

You can see me write about it here in some posts:
http://forums.dlink.com/index.php?topic=57422.msg225586#msg225586

So the d-link router works. I have however one outstanding issue:
That is the d-link router can only gain access to the world (=Internet) and not the LAN of pfSense, which is kind of annoying, because it is then unable to access local services like other servers or computers through IPv6.

Does anyone of you have some suggestions about how to fix that without using more routers, NICs or VLANs?
And do you have an idea if the culprit is pfSense, the d-link router or me? ;-)

Hi Zeon,
Thank you for your reply!
However, to enable SLAAC on LAN side, pfSense tells me that the LAN interface must have static IP addresses.
My ISP provides me dynamic addresses (also configured via SLAAC on the WAN side). I'm confused!?

/x

On my box it doesn't work at all for IPV6, and I had to resort to traffic shaping queues which are much less practical in my application.

I compared the PPP and IPv6 exchanges between the connection with pfSense and the connection with Debian.

The PPP client is sending a PPP IPV6CP Configuration Request with 5043:b158:000:0000 in both case and the PPP server 0000:0000:0000:0001.
Then the server is sending a "Router advertisement from" fe80::1 to ff02::1

For Debian :
PPP client is sending a "Router Solicitation" from fe80:5043:b158:0:0 to ff02::2
PPP server is sending a "Router advertisement" from fe80::1 to fe80:5043:b158:0:0

For pfSense
PPP client is sending a "Neightbor Solicitation" from fe80:200:24ff:fecf:28f4 to fe80::1
PPP client is sending a "Router Solicitation" from fe80:200:24ff:fecf:28f4 to ff02::2
I don't see any new "Router advertisement" from the PPP server.

The issue seems coming from the fact there are 2 IPv6 local link  on pfSense pppoe interface:
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu2
        inet6 fe80::200:24ff:fecf:28f4%pppoe0 prefixlen 64 scopeid 0xd
        inet6 fe80::5043:b158:0:0%pppoe0 prefixlen 64 scopeid 0xd

I don't how to fix it.</up,pointopoint,running,noarp,simplex,multicast>

"Your CMTS is not supported at this time."

Oh well…

You're right… sure I've made a mistake the first time I tried...

But, there are still some updates problems. When my box reboots, for example, dynamic IP updates fail. So the tunnel doesn't work without my intervention.
DNS updates fails two.

Another message that appears and need acknowledge is: There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads {0}

@clinta:

After struggling with this thinking I was having the DHCP6 won't renew issue others are seeing, I discovered that the firewall was actually blocking the DHCPv6 responses from my ISP (Comcast). Checked the firewall logs and it was the block bogon networks rule. Disabled that option on the wan interface and immediately got my DHCPv6 address and and my internal track interface started working.

Just wanted to save anyone else the trouble of discovering this.

THanks for letting me in on that tip. I will have to try this tonight when I get home. I was also having other issues with my Comcast device and that is now fixed. So hopefully I can get this working as I would love to start playing with some firewall rules.

More Updates:

I'm also seeing this error occasionally now as well. It's under my System Logs > General.

"php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid em0 gif0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.5-P1 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 leases to leases file. Bound to *:547 Unsupported device type 240 for "gif0" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them"

No idea what this error message is trying to tell me, or if it's even causing a problem.

I took a few screenshots. The only thing I keep reading is that if you can ping an ipv6 address from your pfsense machine everyone keeps saying you don't have a ipv6 allow rule set under firewall rules.

I have set an ipv6 allow all rule under my WLAN ruleset. My WLAN network is what i'm trying to configure for IPv6.

IPv6 ping from pfsense box - success:

My WLAN network, showing IPv6 allow all rule:

My WAN ruleset, I put an IPv6 allow all rule, though it shouldn't be needed as i'm using a HE tunnel, WAN shouldn't see any IPv6, only IPv4, mabye?

Checked Diagnostics > pfInfo, this em0 interface is my WLAN network. It shows v6 out working, but v6 in isn't having any data/traffic. I think this is the problem here, problem is I don't know what would control that v6 in flow, as I said I already have an ipv6 allow all rule set on my WLAN firewall ruleset.

Any ideas based off these images?

ETA:You may now notice different IPv6 address structure in this post than previous post. I found a post, sorry closed link & don't know where it is anymore, but someone was having trouble with a HE tunnel & he had to delete his tunnel & remade it & his issue was magically fixed. My original tunnel was made Sept 2011, so i deleted it & made another w/o success.

Update:Tried setting up IPv6 on a server I have on a wired interface to rule out equipment problems. My WLAN uses a powerline network adapter which then runs to the wireless router. I think the powerline network adapter isn't playing nice with IPv6. I believe it's blocking IPv6 communication. I'm going to try running my router w/o that to fix that particular problem. However now on the server I can see the link local talking to my router, but it's still not getting a IPv6. Here is a packet capture of what I see.

Yes, checked my powerline network adapter. It doesn't support IPv6. So that's why WLAN was having issues. However I can see my server talking to the pfSense router about LL addresses. So i'm not sure why the server isn't getting ipv6.

For reference the "d0a8" address is the LL of the server. Also now the pfinfo chart shows ip6 in on the server interface. So that's fixed. Any possibilities why i'm still not getting IPv6?

09:59:02.395087 IP6 fe80::b5e8:eb2c:47d1:d0a8 > ff02::2: ICMP6, router solicitation, length 16 09:59:02.395296 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:02.414326 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:03.413791 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:05.413737 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:09.030341 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:09.413743 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:14.740678 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:17.419506 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:23.399642 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:33.423158 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:35.516024 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:45.561251 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:05.152375 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:05.422338 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 10:00:20.486835 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:36.010342 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:48.593356 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:01:00.057210 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120

That is a huge topic.  It would probably be best to do a little background reading, then come back if you have specific questions related to pfSense.

To get you started:

IPv6 Comparison with IPv4: http://en.wikipedia.org/wiki/IPv6#Comparison_with_IPv4
IPv4 and IPv6: A Comparison: http://www.myitforum.com/articles/1/view.asp?id=6720
Side-by-Side Difference: http://www.techsutram.com/2009/03/differences-ipv4-vs-ipv6.html

@Ofloo:

Listen, I can understand if you didn't "know", but these issues are there from august we are November, I'm not saying there's any way they should donate their time or whatever, just don't label it stable which was done in September ! Even when there where still issues, regarding ipv6.

You certainly come across as very wound-up by this!  I'm nothing to do with the project. I'm just a fellow user, who is also vaguely disappointed by the quality of the IPv6 support in 2.1-release.  I don't have the time to join the project and fix things, either.

Stop ranting, because it will achieve nothing, other than possibly to demotivate the one or two people who might be persuadable to actually fix this stuff.

If you can't live with pfSense for what it is and always will be (very cheap, not very stable) then you should find something better.

Our rent contract forces us to use this provider and our provider forces the router. Basically we are fucked. I don't want to move just because of this. So I have to live with it.

Sure, I'd thought of the m0n0wall alternative. It looked like a good alternative, until I discovered it does not support the more advanced schedule features that I require.

I just tried to wipe everything and try again but same issue. Nothing is being encapsulated. It's a perfectly new install, latest updates.

I followed this guide:
http://xtropx.blogspot.cz/2012/07/pfsense.html

To get it installed on Hyper-V I obviously had to use the legacy network adapter and added this to rc.local:
ifconfig de0 down
ifconfig de0 up
ifconfig de1 down
ifconfig de1 up

Oh and I should state that this is Windows 8.1 Hyper-V.

So, after speakign briefly to someone who knows IPv6 very well, I am going about it all wrong. Currently I am trying to NAT my IPv6 traffic, when I should supposedly have a /64 address space from my ISP. I should just set up a DHCP server in that space, and just firewall the traffic.

I have alot more research to do before I fully dive in. I am mostly doing this for knowledge sake, I don't hope to obtain anything else by enabling IPv6 just yet.

Anyone else with knowledge on the subject, please feel free to chime in.

Sorry for the late reply, I just now noticed a notification for some reason.

Anyway here is the command i run

C:>nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:470:20::2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

I get a score of 9/10 on http://test-ipv6.com/ checking my network adapter it says internet for both ipv4 and ipv6, its getting the proper ipv6 DNS server however im not sure that the ipv6 default gateway is correct

here is the details of my test on test-ipv6.com
Test with IPv4 DNS record
ok (0.080s) using ipv4
Test with IPv6 DNS record
ok (0.104s) using ipv6
Test with Dual Stack DNS record
ok (0.100s) using ipv6
Test for Dual Stack DNS and large packet
ok (0.225s) using ipv6
Test IPv4 without DNS
ok (0.263s) using ipv4
Test IPv6 without DNS
ok (0.253s) using ipv6
Test IPv6 large packet
ok (0.231s) using ipv6
Test if your ISP's DNS server uses IPv6
timeout (10.247s)
Find IPv4 Service Provider
ok (0.211s) using ipv4 ASN 30036
Find IPv6 Service Provider
ok (0.132s) using ipv6 ASN 6939

Connection-specific DNS Suffix:
Description: Intel(R) 82579V Gigabit Network Connection
Physical Address:XX:XX:XX:XX:XX
DHCP Enabled: Yes
IPv4 Address: 10.0.0.51
IPv4 Subnet Mask: 255.255.255.0
Lease Obtained: Sunday, October 27, 2013 10:56:38 AM
Lease Expires: Sunday, October 27, 2013 1:09:45 PM
IPv4 Default Gateway: 10.0.0.1
IPv4 DHCP Server: 10.0.0.1
IPv4 DNS Server: 10.0.0.1
IPv4 WINS Server:
NetBIOS over Tcpip Enabled: Yes
IPv6 Address: 2001:470:XXXX:XX::ff38
Lease Obtained: Sunday, October 27, 2013 11:09:42 AM
Lease Expires: Sunday, October 27, 2013 1:09:43 PM
Link-local IPv6 Address: fe80::a0e1:b6bd:1eff:72e1%10
IPv6 Default Gateway: fe80::21c:c4ff:fe1c:2eeb%10
IPv6 DNS Server: 2001:470:20::2