@Ofloo: Listen, I can understand if you didn't "know", but these issues are there from august we are November, I'm not saying there's any way they should donate their time or whatever, just don't label it stable which was done in September ! Even when there where still issues, regarding ipv6. You certainly come across as very wound-up by this!  I'm nothing to do with the project. I'm just a fellow user, who is also vaguely disappointed by the quality of the IPv6 support in 2.1-release.  I don't have the time to join the project and fix things, either. Stop ranting, because it will achieve nothing, other than possibly to demotivate the one or two people who might be persuadable to actually fix this stuff. If you can't live with pfSense for what it is and always will be (very cheap, not very stable) then you should find something better.

Our rent contract forces us to use this provider and our provider forces the router. Basically we are fucked. I don't want to move just because of this. So I have to live with it.

Sure, I'd thought of the m0n0wall alternative. It looked like a good alternative, until I discovered it does not support the more advanced schedule features that I require.

I just tried to wipe everything and try again but same issue. Nothing is being encapsulated. It's a perfectly new install, latest updates. I followed this guide: http://xtropx.blogspot.cz/2012/07/pfsense.html To get it installed on Hyper-V I obviously had to use the legacy network adapter and added this to rc.local: ifconfig de0 down ifconfig de0 up ifconfig de1 down ifconfig de1 up Oh and I should state that this is Windows 8.1 Hyper-V.

So, after speakign briefly to someone who knows IPv6 very well, I am going about it all wrong. Currently I am trying to NAT my IPv6 traffic, when I should supposedly have a /64 address space from my ISP. I should just set up a DHCP server in that space, and just firewall the traffic. I have alot more research to do before I fully dive in. I am mostly doing this for knowledge sake, I don't hope to obtain anything else by enabling IPv6 just yet. Anyone else with knowledge on the subject, please feel free to chime in.

Sorry for the late reply, I just now noticed a notification for some reason. Anyway here is the command i run C:>nslookup google.com DNS request timed out.     timeout was 2 seconds. Server:  UnKnown Address:  2001:470:20::2 DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. DNS request timed out.     timeout was 2 seconds. *** Request to UnKnown timed-out I get a score of 9/10 on http://test-ipv6.com/ checking my network adapter it says internet for both ipv4 and ipv6, its getting the proper ipv6 DNS server however im not sure that the ipv6 default gateway is correct here is the details of my test on test-ipv6.com Test with IPv4 DNS record ok (0.080s) using ipv4 Test with IPv6 DNS record ok (0.104s) using ipv6 Test with Dual Stack DNS record ok (0.100s) using ipv6 Test for Dual Stack DNS and large packet ok (0.225s) using ipv6 Test IPv4 without DNS ok (0.263s) using ipv4 Test IPv6 without DNS ok (0.253s) using ipv6 Test IPv6 large packet ok (0.231s) using ipv6 Test if your ISP's DNS server uses IPv6 timeout (10.247s) Find IPv4 Service Provider ok (0.211s) using ipv4 ASN 30036 Find IPv6 Service Provider ok (0.132s) using ipv6 ASN 6939 Connection-specific DNS Suffix: Description: Intel(R) 82579V Gigabit Network Connection Physical Address:XX:XX:XX:XX:XX DHCP Enabled: Yes IPv4 Address: 10.0.0.51 IPv4 Subnet Mask: 255.255.255.0 Lease Obtained: Sunday, October 27, 2013 10:56:38 AM Lease Expires: Sunday, October 27, 2013 1:09:45 PM IPv4 Default Gateway: 10.0.0.1 IPv4 DHCP Server: 10.0.0.1 IPv4 DNS Server: 10.0.0.1 IPv4 WINS Server: NetBIOS over Tcpip Enabled: Yes IPv6 Address: 2001:470:XXXX:XX::ff38 Lease Obtained: Sunday, October 27, 2013 11:09:42 AM Lease Expires: Sunday, October 27, 2013 1:09:43 PM Link-local IPv6 Address: fe80::a0e1:b6bd:1eff:72e1%10 IPv6 Default Gateway: fe80::21c:c4ff:fe1c:2eeb%10 IPv6 DNS Server: 2001:470:20::2

@gadams999: In my attempt to obfuscate info, I didn't describe what was in the two fields. The IPv6 address is the same for both the IP Address/Prefix (first two fields) and the same in the unselected user defined prefix. I wish there was more (any) information on that screen, but nothing back from Comcast yet. Oops, my bad; I see now that the "IPv6 address/prefix" fields all refer to the LAN interface on the gateway device. @gadams999: This is the weird part. If the WAN is set to delegation of /56, I have the ability to select 00-ff on the tracked interface segment. But in that mode, the LAN never gets a 2006:: address, radv doesn't run, etc. As I was trying to say earlier, that makes perfect sense: you will use at least part of that /56 on the segment between the Comcast gateway and the pfSense box, so pfSense wouldn't be able to re-delegate the entire /56, and the code doesn't deal well with getting a different prefix size than what's indicated in the prefix delegation size field. @gadams999: However, if I change the WAN delegation back to a /64 and don't change the prefix on the LAN segment, the above addressing is set and radv starts. The reason I cannot modify the LAN interface at this point is that there are not PD's open, only 0-0 available, which also makes sense since the WAN asked for a /64 which it used. If it does actually pick up a valid prefix on the LAN side in this case, I guess I'm not quite sure what the problem is?! @gadams999: If the Comcast router is presenting a /56, can the pfSense box take that full delegation for it's own use while they both still use the negotiated /64. For instance, if the prefix is: The segment between the two is going to use part of the /56, so pfSense will at most be able to further delegate whatever's left after that. @gadams999: Could it look like this and be valid? Internet – Comcast router <-- 2601:0:9:800::/64 --> (WAN) pfsense (LAN) --> 2601:0:9:880/64 Yes, this looks fine. In theory, pfSense could re-delegate up to 2601:0:9:880/57 (the largest sub-prefix of 2601:0:9:800/56 that does not include 2601:0:9:800::/64), any of the sub-prefixes contained therein, or any other sub-prefix of 2601:0:9:800/56 that does not overlap with 2601:0:9:800::/64. @gadams999: What concerns me about this one is that the fe80::1:1 is the only link-local address on the LAN. the EUI-64 link-local address is no longer there. Is it okay that the EUI-64 address has been replaced with just the fe80::1:1 address? Yes; at least that's what I see on my (working) setup.

If you go into the Firewall -> Virtual IP screen and add the entire /48 as an Other type Virtual IP on the tunnel interface, hopefully things will then start to work.

who game you a patch, and where?

In this case you should check the "Use IPv4 connectivity as parent interface" option. Regarding the WAN address display issues, I have pointed out the issue to the devs in one of the bug reports some time before release, but I guess it was not fixed in time.

Finally I reinstall a new PF 2.1, restore the config and its works now

I have the same issue, same hardware and version, different ISP (Hughesnet Gen4).  I have native IPv6, I get a /64 on the WAN side, I can't get the right allocation on the LAN side because they hand out a /61 and that isn't a choice in the pull down menu, but if I pick /62 it all seems to look right.  none of my hosts on the LAN side (pretty much all apple devices at the moment) get an address. radvd is running in services, but because I have track interface for LAN, not a static, I can't set anything for the RA, and I don't know what the defaults are. I see the RAs in tcpdump from fe80::1:1, which is the LAN interface address, and they have a /63 prefix in 2001: that matches the LAN address on the pfsense box,  but the host never gets an autoconfig address.  I use autoconfig on the same laptop at work every day, and it's fine there. I'm new to pfsense, and I've only done IPv6 routing on enterprise-level gear, not home network stuff, but it's the only public address I can get out of Hughesnet, so any ideas are greatly appreciated.

Ah, ok… makes sense then.

I've had this problem for a while, since upgrading beyond 2.1-RC0. I have IPv6 working fine with Internode on an install from pfSense-LiveCD-2.1-RC0-i386-20130528-0427.iso but I can't get it working in 2.1-RELEASE-i386. I've even tried backing up and restoring the pfSense config from the old install to the new one (I run pfSense VMs). Everything works after restoring, except IPv6! The 2.1-RELEASE has more WAN IPV6 options than the 2.1-RC0. In RC0 I select "DHCP6", which then shows the "DHCP6 client configuration" options below it. The only option is the prefix delegation size which I set to /56 and when I apply the settings my WAN interface gets assigned my static IPv4 address from Internode and a global /64 Internode IPv6 address. In the final release 2.1-RELEASE there are three tickboxes in addition to the prefix delegation size drop down box. I'm sure I've tried every combination of these tickboxes to no avail. I'm confident the problem is something that has broken in pfSense since 2.1-RC0 due to the new options for DHCP6. I'm happy to post system logs from both the 2.1-RC0 and the 2.1-RELEASE installs if somebody is a good pfSense troubleshooter, although the only DHCP6 entries I can see in the logs are under the PPP tab. If there's a better log file to be looking at via command line please let me know. Cheers, BieRHeDD.

@razzfazz: Maybe I misunderstand what you're saying, but to do prefix delegation, you set only your WAN interface to DHCP6 and configure a prefix delegation size on it; the WAN interfaces are set to "track interface", each with a different "IPv6 prefix ID". for this setup type I found several howtos… "Problem" is, that we don't use DHCP/ DHCPv6 service from our ISP but we have static IPs which we announce ourself with BGP to our ISP ;) Additional "interesting" is that DHCPv6 service on pfsense have no CARP/replication modus? our Setup (each 2 servers with CARP failover):       ISP-line1                    ISP-line2         |    |                      |    |        (transfer-networks IPv4/IPv6 fixed)   gw1-jws1  gw2-jws1          gw1-zws1  gw2-zws2         |    |                      |    |       [DMZ ----------------------------- DMZ]      (public static IPv4 / IPv6 networks - here BGP announced)         |    |                      |    |   fw1-jws1  fw2-jws1          fw1-zws1  fw2-zws2         |    |                      |    |        (public NAT for IPv4 servers / public IPv6 networks wanted)       [LANs JWS1]                  [LANs ZWS8]

I try a ping to the gateway and a remote IPv6 address (from pfSense) every time I make a change to see if its up, and haven't been able to ping it yet.