@gadams999:
In my attempt to obfuscate info, I didn't describe what was in the two fields. The IPv6 address is the same for both the IP Address/Prefix (first two fields) and the same in the unselected user defined prefix. I wish there was more (any) information on that screen, but nothing back from Comcast yet.
Oops, my bad; I see now that the "IPv6 address/prefix" fields all refer to the LAN interface on the gateway device.
@gadams999:
This is the weird part. If the WAN is set to delegation of /56, I have the ability to select 00-ff on the tracked interface segment. But in that mode, the LAN never gets a 2006:: address, radv doesn't run, etc.
As I was trying to say earlier, that makes perfect sense: you will use at least part of that /56 on the segment between the Comcast gateway and the pfSense box, so pfSense wouldn't be able to re-delegate the entire /56, and the code doesn't deal well with getting a different prefix size than what's indicated in the prefix delegation size field.
@gadams999:
However, if I change the WAN delegation back to a /64 and don't change the prefix on the LAN segment, the above addressing is set and radv starts. The reason I cannot modify the LAN interface at this point is that there are not PD's open, only 0-0 available, which also makes sense since the WAN asked for a /64 which it used.
If it does actually pick up a valid prefix on the LAN side in this case, I guess I'm not quite sure what the problem is?!
@gadams999:
If the Comcast router is presenting a /56, can the pfSense box take that full delegation for it's own use while they both still use the negotiated /64. For instance, if the prefix is:
The segment between the two is going to use part of the /56, so pfSense will at most be able to further delegate whatever's left after that.
@gadams999:
Could it look like this and be valid?
Internet – Comcast router <-- 2601:0:9:800::/64 --> (WAN) pfsense (LAN) --> 2601:0:9:880/64
Yes, this looks fine. In theory, pfSense could re-delegate up to 2601:0:9:880/57 (the largest sub-prefix of 2601:0:9:800/56 that does not include 2601:0:9:800::/64), any of the sub-prefixes contained therein, or any other sub-prefix of 2601:0:9:800/56 that does not overlap with 2601:0:9:800::/64.
@gadams999:
What concerns me about this one is that the fe80::1:1 is the only link-local address on the LAN. the EUI-64 link-local address is no longer there. Is it okay that the EUI-64 address has been replaced with just the fe80::1:1 address?
Yes; at least that's what I see on my (working) setup.