I tried to enable track interface on a couple of my LAN-interfaces.
What happens, is that both interfaces get the same link local address, fe80::1:1 (loopback ip?)
Even when i disable IPv6 on both these interfaces, fe80::1:1 is still the active link local address.

I have two physical interfaces, one for WAN and one where all my LAN interfaces are VLAN-tagged. All LAN and OPT-interfaces are renamed.

The log also outputs this when i track the WAN-interface:

Jul 7 12:38:57 php: /interfaces.php: Accept router advertisements on interface re0_vlan112
Jul 7 12:38:57 check_reload_status: Reloading filter
Jul 7 12:39:00 dhcp6c[4326]: dhcp6_ctl_authinit: failed to decode base64 string
Jul 7 12:39:00 dhcp6c[4326]: dhcp6_ctl_authinit: failed to decode base64 string
Jul 7 12:39:00 dhcp6c[4326]: client6_init: failed initialize control message authentication
Jul 7 12:39:00 dhcp6c[4326]: client6_init: failed initialize control message authentication
Jul 7 12:39:00 dhcp6c[4326]: client6_init: skip opening control port
Jul 7 12:39:00 dhcp6c[4326]: client6_init: skip opening control port

Hey John,

When are you guys planning on rolling IPv6 out to Business Class customers? I've been dying to implement IPv6 at work haha. We have a SMCD3G-CCR modem, which doesn't appear to be certified for IPv6 yet on your mydeviceinfo site.

Thanks,
Derek

Now that I know what to look for, I might be able to catch whatever caused the problem next time it happens. I'll post here again if I can get this info.

I did notice a problem with connectivity today. Inbound connections were not being routed to hosts behind pfsense. The packets would arrive but pfsense would drop them. Outbound connections worked so it was like being under NAT. After I rebooted pfsense, all inbound connections worked and the /128 address of pfsense shows up in traceroutes. The /128 definitely seems needed for normal operation at least with my config with Comcast.

Which I do but it does become a bit of a pain to click through roughly 50 rules when you have those nice check boxes right beside each one that could be tied to a disable/enable button.

@databeestje:

Do you even see a ipv6 autoconfigured address on the wan?

Nope, my problem is not that i cant communicate via ipv6, but that i dont get one at all on the wan interface.

Could be that whatever segment i am on from my ISP, ipv6 is just not enabled at all.

Well.. some day :)

C

The combined protocol rules are pretty new, so if it doesn't work let us know.

Finally, the problem was resolved by deleting the HE tunnel and creating a new tunnel as suggested by databeestje (thanks).

Never touched that part. Add a redmine ticket for it. i hope i can get to it next week. Might be small. Don't know.

@jimp:

Netflix turned on IPv6 for streaming, so I bet he.net and friends are really feeling a bit of a bandwidth spike. :-)

I've been expecting the day that happens is the day they stop offering free IPv6 tunnels (as tons of people outside the US will start using it to have US IPs), so we'll see. They do appear to put a 1 Mb limit on the tunnels at least at times, sometimes I can get 10+ Mbps, sometimes it flatlines right at 1 Mb, so that's not all that useful for Netflix given the highest quality SD stream seems to be around 3-4 Mbps continuous.

I did a whitelist for pfBlocker, will test when it changes IP (is working fine atm).

Also, Snort isn't showing any IPv6 attack, only IPv4.  So it needs to gets updated.

Got my fiber installed today, finally. 6RD worked like a charm, so obviously my problems were related to PPP for some reason. I'm happy, but if you'd like to continue to pursue this and need any more data from me, just let me know.

Thanks.

@cmb:

NAT is the most common solution there. Or if you have a requirement for public IPs directly on servers, a separate private subnet on a VLAN. Best to isolate hosts that are publicly reachable and those that aren't anyway.

Thanks fort he advice - added in a separate NIC onto PFsense and made a separate network for servers requiring public IPs. Works fine. Only thing is I needed to set a manual oubound NAT rule for the private IPv4 interface range

Yes there are now official snapshots, we have not blessed a particular one for general consumption though, although we do have fixed a largish list of bugs.

You can find them at http://snapshots.pfsense.org

Yup should work fine  :D

To update this:

I think it ended up being the IPv6 Ping website I was using located in Denmark. I've since tried other ones and the ping seems to be working correctly.

Thank you for your responses.

Known issue

http://redmine.pfsense.org/issues/2129

ls -l /usr/local/pkg see if there is a file there that you don't recognize.

now I have setup Multi-ipv6 tunnels in adsl.  using config the Static Routes and NTP show all ipv6 tunnels online.

but only out visit work, the second ipv6 can't visit from internet. I want to setup multi-ipv6 network, when one ipv6 slow then change use the second ipv6 for my web server etc.

I think should allow setup multi ipv6 network address for the same LAN?

I can offer login my router account. if your need it.

:-[
I think i must wake myself up… [slaps myself in the face]

Thanks for the quick replay…