I'm having the same issue where the WAN IPv6 address does not show up anywhere in the GUI or the SSH menu and also the "WAN address" alias can not be used for firewall rules. At the same time, doing an ifconfig on the WAN interface shows there is a public IPv6 address bound to it. This has been the same for the last month of the 2.1-RC builds and is also the same in 2.1-RELEASE. Supposedly the fix will arrive in 2.1.1-RELEASE.

ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500         options=80000 <linkstate>inet6 fe80::20d:b9ff:fe2c:f47c%ovpns1 prefixlen 64 scopeid 0xb         inet 10.0.88.1 --> 10.0.88.1 netmask 0xffffff00         inet6 2001:470:xxx:xxx::1 prefixlen 64         nd6 options=3 <performnud,accept_rtadv>Opened by PID 21993</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

Maybe the browsers on the client machines are preferring DHCP with IPV4 DHCP servers.

You're right - link local addresses end with the interface name they're connected via/to.  The % is the delimiter char. Because fe80:: is a /64 there is no way for a host to know which interface its out unless that info is stored with the IP…. think arp tables for each interface in v4-speak. So you can do things like this to source your ping from em0_vlan200 ping6 fe80::xxxx:xxxx:xxxx:xxxx%em0_vlan200 Or just this to let the host pick the best ipv6 address to source from. ping6 fe80::xxxx:xxxx:xxxx:xxxx

I'm having a similar issue on the current 2.1 RELEASE.  I set my lan interface as static IPv6, fe80::1/64 and when I bring up the DHCPv6/RA page it is completely blank.  Am I configuring this wrong?  I'm use DHCPv6 on my Comcast interface and it gets an IP just fine.  Just not sure how to get IP's out to my clients with radvd going. EDIT:  I got this going.  I switched to using track interface on the LAN and  DHCP6 with /64 prefix delegation request  on the Comcast WAN and everything came up.

SPF is not the same as a PTR, and how would that solve your problem when you just stated that gmail doesn't accept email from servers that don't have PTR. "FYI - google won't accept email via smtp over IPv6 if you don't have a reverse DNS v6 record for your mailserver's v6 address." You stated that spf is not sufficient - now your saying it is? "Having a valid SPF record with IPv6 included isn't sufficient." "I managed to work around it by updating my SPF record to specifically include a v6 address." If your isp supplies you with a /64 then they should provide the the ability to update your own ptr.  Hurricane electric allows for this with the /48 or /64s they give you for free. Who is your isp?

Hi I have been doing lots of tests and the problem is solved. 1. if you are in different subnets then activate System > Advanced > Networking: Allow IPv6. After that enable proper Firewall rules to allow traffic. 2. If you are in the same subnet pFsense does not interfere with AirPlay. In my case the problem was my WiFi Router that didn’t hade enable the IPv6 traffic for internal network. Sergio Handal.

Ok i guess ill give more info to see troubleshoot the problem. My setup is re0 is my local lan ethernet and re1 is my connection to my adsl modem. I use PPPoE  on my wan(re1) interface. From what i managed to check so far is that instead of checking pppoe0 interface for my ipv6 address it checks re1. Maybe i understood wrong when i was selecting re1 as my wan interface? Should i have checked pppoe0? But its not created till i logging thru pppoe so it cant be. Maybe my set up is not supported for ipv6? And my re1 should have access to ipv6? i.e. I turn my modem back again to a router, it gets an ipv6 address and re1 gets an ipv6 address and everything works?

I access firewalls frequently over IPv6 by hostname (Firefox won't connect to an SSL-enabled IPv6 host by IP address… it's been that way for years and they need to fix that already) and have had no issues. Do you have the same issue accessing by IPv6 on the LAN? Or just WAN? I can access a VM here by IP in Chrome over IPv6 and it was OK. If it was a general POSTing issue, you wouldn't be able to login. Are you sure you didn't login with an account that you gave the "deny config write" permission to?

Well, managed or assisted, depending on what you need. (E.g., the Bitten Fruit machines still use radvd for the privacy IPv6 addresses even with DHCPv6, IIRC.)

Okay thank you.

Hi Maurice, As far as I can tell 6RD is still (still!) broken…..at least I haven't seen a build come through in the last 8 months that works with Charter. Here's the link to the ticket I opened back when I first noticed that something had changed and the builds were no longer working with 6RD: http://redmine.pfsense.org/issues/2882 The last answer i got from the devs was that "I have only seen that on misconfigurations of pfSense" but I have no idea where that misconfiguration might be and have not gotten any hints as to where to look. -Will

That text shouldn't have been there, it's a copy/paste from the v4 page. I removed it from the page. That option isn't applicable with prefix delegation, should be no need nor desire for it.

Hi podilarius, Updating to the latest (Fri. 8/16) build has allowed my WAN interface to once again get an ipv6 address. 6RD still doesn't function, sorry to say. -Will

@athurdent: I think you would need an extra /64 (or bigger) IPv6 subnet routed to your WAN IPv6 IP by your provider. You should use the /64 only as transport net between your VM and the provider router. You can use that extra /64 net on the LAN side for DHCP then. He is indeed correct. You need a subnet routed to an address in your linking subnet. Typically here in New Zealand we are given a /64 or /112 linking subnet between our router and the ISP. The ISP then tells us what /48 or /56 subnet they will route us and to which IP address in the linking range. We then set the PFsense WAN to that address and it works great.

@athurdent: As far as I know, German T-Com's IPv6 capable lines are dual-stack, not 6to4. I think the OP means IA-PD. Here's a link to the other topic regarding his setup: http://forum.pfsense.org/index.php/topic,65123.0.html Right, but that is another access I use.  German Telekom does not equip every access with dual stack, the older ones are only IPv6 by 6to4. Cheers, 4920441

Goes nowhere. From my POV, blocking ICMP is a pretty useless and as far as IPv6 goes, also completely broken idea. So, we'll agree to disagree.

I talked to CMB a few weeks ago and he probably will consider NAT66… There really are use cases for NAT66. As i told earlier especiallay if you have to use ISP hardware that cannot be changed, doesn't get reconfigured, too small delegated prefix etc... Thanks for the bridging Firewall info, that could be of help. Didn't think of that :-) Allthough NAT is bad in general it wouldn't be too hard to implement it in pfSense; PF supports NAT66 and it would only require small change to the GUI. There has been even code for the pfSense GUI https://github.com/pfsense/pfsense/pull/427   <- even discussed on the forum here…

We are in talks with QSC. They will setup correct Prefix Delegation, so that we hopefully have autoconfiguration pwith pfsense.