I compared the PPP and IPv6 exchanges between the connection with pfSense and the connection with Debian. The PPP client is sending a PPP IPV6CP Configuration Request with 5043:b158:000:0000 in both case and the PPP server 0000:0000:0000:0001. Then the server is sending a "Router advertisement from" fe80::1 to ff02::1 For Debian : PPP client is sending a "Router Solicitation" from fe80:5043:b158:0:0 to ff02::2 PPP server is sending a "Router advertisement" from fe80::1 to fe80:5043:b158:0:0 For pfSense PPP client is sending a "Neightbor Solicitation" from fe80:200:24ff:fecf:28f4 to fe80::1 PPP client is sending a "Router Solicitation" from fe80:200:24ff:fecf:28f4 to ff02::2 I don't see any new "Router advertisement" from the PPP server. The issue seems coming from the fact there are 2 IPv6 local link  on pfSense pppoe interface: pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu2         inet6 fe80::200:24ff:fecf:28f4%pppoe0 prefixlen 64 scopeid 0xd         inet6 fe80::5043:b158:0:0%pppoe0 prefixlen 64 scopeid 0xd I don't how to fix it.</up,pointopoint,running,noarp,simplex,multicast>

"Your CMTS is not supported at this time." Oh well…

You're right… sure I've made a mistake the first time I tried... But, there are still some updates problems. When my box reboots, for example, dynamic IP updates fail. So the tunnel doesn't work without my intervention. DNS updates fails two. Another message that appears and need acknowledge is: There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads {0}

@clinta: After struggling with this thinking I was having the DHCP6 won't renew issue others are seeing, I discovered that the firewall was actually blocking the DHCPv6 responses from my ISP (Comcast). Checked the firewall logs and it was the block bogon networks rule. Disabled that option on the wan interface and immediately got my DHCPv6 address and and my internal track interface started working. Just wanted to save anyone else the trouble of discovering this. THanks for letting me in on that tip. I will have to try this tonight when I get home. I was also having other issues with my Comcast device and that is now fixed. So hopefully I can get this working as I would love to start playing with some firewall rules.

More Updates: I'm also seeing this error occasionally now as well. It's under my System Logs > General. "php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid em0 gif0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.5-P1 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 leases to leases file. Bound to *:547 Unsupported device type 240 for "gif0" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them" No idea what this error message is trying to tell me, or if it's even causing a problem. I took a few screenshots. The only thing I keep reading is that if you can ping an ipv6 address from your pfsense machine everyone keeps saying you don't have a ipv6 allow rule set under firewall rules. I have set an ipv6 allow all rule under my WLAN ruleset. My WLAN network is what i'm trying to configure for IPv6. IPv6 ping from pfsense box - success: [image: ping_zpseb7dc6e5.jpg] My WLAN network, showing IPv6 allow all rule: [image: WLANRules_zpsa565cefa.jpg] My WAN ruleset, I put an IPv6 allow all rule, though it shouldn't be needed as i'm using a HE tunnel, WAN shouldn't see any IPv6, only IPv4, mabye? [image: WANRule_zps4e286682.jpg] Checked Diagnostics > pfInfo, this em0 interface is my WLAN network. It shows v6 out working, but v6 in isn't having any data/traffic. I think this is the problem here, problem is I don't know what would control that v6 in flow, as I said I already have an ipv6 allow all rule set on my WLAN firewall ruleset. [image: ipv6in_zpsef664080.jpg] Any ideas based off these images? ETA:You may now notice different IPv6 address structure in this post than previous post. I found a post, sorry closed link & don't know where it is anymore, but someone was having trouble with a HE tunnel & he had to delete his tunnel & remade it & his issue was magically fixed. My original tunnel was made Sept 2011, so i deleted it & made another w/o success. Update:Tried setting up IPv6 on a server I have on a wired interface to rule out equipment problems. My WLAN uses a powerline network adapter which then runs to the wireless router. I think the powerline network adapter isn't playing nice with IPv6. I believe it's blocking IPv6 communication. I'm going to try running my router w/o that to fix that particular problem. However now on the server I can see the link local talking to my router, but it's still not getting a IPv6. Here is a packet capture of what I see. Yes, checked my powerline network adapter. It doesn't support IPv6. So that's why WLAN was having issues. However I can see my server talking to the pfSense router about LL addresses. So i'm not sure why the server isn't getting ipv6. For reference the "d0a8" address is the LL of the server. Also now the pfinfo chart shows ip6 in on the server interface. So that's fixed. Any possibilities why i'm still not getting IPv6? 09:59:02.395087 IP6 fe80::b5e8:eb2c:47d1:d0a8 > ff02::2: ICMP6, router solicitation, length 16 09:59:02.395296 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:02.414326 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:03.413791 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:05.413737 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:09.030341 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:09.413743 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:14.740678 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:17.419506 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:23.399642 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:33.423158 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 09:59:35.516024 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 09:59:45.561251 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:05.152375 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:05.422338 IP6 fe80::b5e8:eb2c:47d1:d0a8.546 > ff02::1:2.547: UDP, length 86 10:00:20.486835 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:36.010342 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:00:48.593356 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120 10:01:00.057210 IP6 fe80::20e:4ff:feb7:6c77 > ff02::1: ICMP6, router advertisement, length 120

That is a huge topic.  It would probably be best to do a little background reading, then come back if you have specific questions related to pfSense. To get you started: IPv6 Comparison with IPv4: http://en.wikipedia.org/wiki/IPv6#Comparison_with_IPv4 IPv4 and IPv6: A Comparison: http://www.myitforum.com/articles/1/view.asp?id=6720 Side-by-Side Difference: http://www.techsutram.com/2009/03/differences-ipv4-vs-ipv6.html

@Ofloo: Listen, I can understand if you didn't "know", but these issues are there from august we are November, I'm not saying there's any way they should donate their time or whatever, just don't label it stable which was done in September ! Even when there where still issues, regarding ipv6. You certainly come across as very wound-up by this!  I'm nothing to do with the project. I'm just a fellow user, who is also vaguely disappointed by the quality of the IPv6 support in 2.1-release.  I don't have the time to join the project and fix things, either. Stop ranting, because it will achieve nothing, other than possibly to demotivate the one or two people who might be persuadable to actually fix this stuff. If you can't live with pfSense for what it is and always will be (very cheap, not very stable) then you should find something better.

Our rent contract forces us to use this provider and our provider forces the router. Basically we are fucked. I don't want to move just because of this. So I have to live with it.

Sure, I'd thought of the m0n0wall alternative. It looked like a good alternative, until I discovered it does not support the more advanced schedule features that I require.

I just tried to wipe everything and try again but same issue. Nothing is being encapsulated. It's a perfectly new install, latest updates. I followed this guide: http://xtropx.blogspot.cz/2012/07/pfsense.html To get it installed on Hyper-V I obviously had to use the legacy network adapter and added this to rc.local: ifconfig de0 down ifconfig de0 up ifconfig de1 down ifconfig de1 up Oh and I should state that this is Windows 8.1 Hyper-V.

So, after speakign briefly to someone who knows IPv6 very well, I am going about it all wrong. Currently I am trying to NAT my IPv6 traffic, when I should supposedly have a /64 address space from my ISP. I should just set up a DHCP server in that space, and just firewall the traffic. I have alot more research to do before I fully dive in. I am mostly doing this for knowledge sake, I don't hope to obtain anything else by enabling IPv6 just yet. Anyone else with knowledge on the subject, please feel free to chime in.

Sorry for the late reply, I just now noticed a notification for some reason. Anyway here is the command i run C:>nslookup google.com DNS request timed out.     timeout was 2 seconds. Server:  UnKnown Address:  2001:470:20::2 DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. *** Request to UnKnown timed-out I get a score of 9/10 on http://test-ipv6.com/ checking my network adapter it says internet for both ipv4 and ipv6, its getting the proper ipv6 DNS server however im not sure that the ipv6 default gateway is correct here is the details of my test on test-ipv6.com Test with IPv4 DNS record ok (0.080s) using ipv4 Test with IPv6 DNS record ok (0.104s) using ipv6 Test with Dual Stack DNS record ok (0.100s) using ipv6 Test for Dual Stack DNS and large packet ok (0.225s) using ipv6 Test IPv4 without DNS ok (0.263s) using ipv4 Test IPv6 without DNS ok (0.253s) using ipv6 Test IPv6 large packet ok (0.231s) using ipv6 Test if your ISP's DNS server uses IPv6 timeout (10.247s) Find IPv4 Service Provider ok (0.211s) using ipv4 ASN 30036 Find IPv6 Service Provider ok (0.132s) using ipv6 ASN 6939 Connection-specific DNS Suffix: Description: Intel(R) 82579V Gigabit Network Connection Physical Address:XX:XX:XX:XX:XX DHCP Enabled: Yes IPv4 Address: 10.0.0.51 IPv4 Subnet Mask: 255.255.255.0 Lease Obtained: Sunday, October 27, 2013 10:56:38 AM Lease Expires: Sunday, October 27, 2013 1:09:45 PM IPv4 Default Gateway: 10.0.0.1 IPv4 DHCP Server: 10.0.0.1 IPv4 DNS Server: 10.0.0.1 IPv4 WINS Server: NetBIOS over Tcpip Enabled: Yes IPv6 Address: 2001:470:XXXX:XX::ff38 Lease Obtained: Sunday, October 27, 2013 11:09:42 AM Lease Expires: Sunday, October 27, 2013 1:09:43 PM Link-local IPv6 Address: fe80::a0e1:b6bd:1eff:72e1%10 IPv6 Default Gateway: fe80::21c:c4ff:fe1c:2eeb%10 IPv6 DNS Server: 2001:470:20::2

@gadams999: In my attempt to obfuscate info, I didn't describe what was in the two fields. The IPv6 address is the same for both the IP Address/Prefix (first two fields) and the same in the unselected user defined prefix. I wish there was more (any) information on that screen, but nothing back from Comcast yet. Oops, my bad; I see now that the "IPv6 address/prefix" fields all refer to the LAN interface on the gateway device. @gadams999: This is the weird part. If the WAN is set to delegation of /56, I have the ability to select 00-ff on the tracked interface segment. But in that mode, the LAN never gets a 2006:: address, radv doesn't run, etc. As I was trying to say earlier, that makes perfect sense: you will use at least part of that /56 on the segment between the Comcast gateway and the pfSense box, so pfSense wouldn't be able to re-delegate the entire /56, and the code doesn't deal well with getting a different prefix size than what's indicated in the prefix delegation size field. @gadams999: However, if I change the WAN delegation back to a /64 and don't change the prefix on the LAN segment, the above addressing is set and radv starts. The reason I cannot modify the LAN interface at this point is that there are not PD's open, only 0-0 available, which also makes sense since the WAN asked for a /64 which it used. If it does actually pick up a valid prefix on the LAN side in this case, I guess I'm not quite sure what the problem is?! @gadams999: If the Comcast router is presenting a /56, can the pfSense box take that full delegation for it's own use while they both still use the negotiated /64. For instance, if the prefix is: The segment between the two is going to use part of the /56, so pfSense will at most be able to further delegate whatever's left after that. @gadams999: Could it look like this and be valid? Internet – Comcast router <-- 2601:0:9:800::/64 --> (WAN) pfsense (LAN) --> 2601:0:9:880/64 Yes, this looks fine. In theory, pfSense could re-delegate up to 2601:0:9:880/57 (the largest sub-prefix of 2601:0:9:800/56 that does not include 2601:0:9:800::/64), any of the sub-prefixes contained therein, or any other sub-prefix of 2601:0:9:800/56 that does not overlap with 2601:0:9:800::/64. @gadams999: What concerns me about this one is that the fe80::1:1 is the only link-local address on the LAN. the EUI-64 link-local address is no longer there. Is it okay that the EUI-64 address has been replaced with just the fe80::1:1 address? Yes; at least that's what I see on my (working) setup.

If you go into the Firewall -> Virtual IP screen and add the entire /48 as an Other type Virtual IP on the tunnel interface, hopefully things will then start to work.

who game you a patch, and where?

In this case you should check the "Use IPv4 connectivity as parent interface" option. Regarding the WAN address display issues, I have pointed out the issue to the devs in one of the bug reports some time before release, but I guess it was not fixed in time.