I don't think it sounded strange :-) Just found it interesting that they are now starting a push and saying the norm now should be IPv6 and IPv4 is just and option. The logic is clear enough, the problem has always been when they would do something like this.

What are ISPs like comcast doing for IPv6 customers in the residential market? They use DHCPv6 with a /128 on the WAN side and a /64 for the LAN. [1] http://forum.pfsense.org/index.php?topic=49575.0 [2] http://ipvsix.me/?p=220

2.0.1 does not have IPv6 support, never has. 2.1 does. There used to be some old gitsync instructions that would turn a 2.0.1 box into a 2.1 box but those haven't been valid for at least the last 5-6 months or so. If you want IPv6, you need 2.1.

Wow yeah, that's one heck of a path. Judging by the latency, I suspect that is accurate. I'm in Austin at the moment and I have basically the exact same connectivity and latency to that .42 host as you have, about 50 ms, +/- 5 ms. I'm going ATX > DAL > LA > PHX > DAL. Terrible path… One of our developers is about 40 miles outside of Chicago, to get to the Chicago HE.net endpoint, his traffic goes to NYC and back. At home I'm about 300 miles away from Chicago using the same one, and my latency is about the same if not a little better than his. Not always the best routing in the world on those, unfortunately...

I'm sorry but enabling privacy extensions on a router does not make any sense. You will want to enable these on your clients.

NAT64 allows an IPv6 only client to reach an IPv4 server [1]. There exists an implementation for OpenBSD [2] but probably not yet for FreeBSD. If I remember correctly the targeted version was once FreeBSD 9, but Ermal might know better as he is/was involved [3,4]. [1] http://www.slideshare.net/IOSHints/nat64-and-dns64-in-30-minutes [2] http://ecdysis.viagenie.ca/ [3] http://lists.freebsd.org/pipermail/freebsd-pf/2011-February/006011.html [4] http://lists.freebsd.org/pipermail/freebsd-pf/2012-January/006411.html

After talking with my ISP, wondering why it is that the tunnel to them doesnt work They informed me I did have IPV6 enabled in the control panel when I log in to check my account ::) Just need to swap some details over once i get home, makes me wonder why it is I went through the hassle of the one for SixXS, lol

Regardless of NAT or no NAT, you can still firewall it so that only connections to the ports you allow through to each system will pass through the router.

@johnpoz: ^ so your quoting http://www.ipv6now.com.au/primers/benefits.php Why??  Your other post is gibberish as well.  Thinking your going to start spamming some sort of nonsense as soon as you can post links? Better to use the option to notify moderators so we know about them.

I tried to ping even the firewall and there's no response. yes rules are in place to allow all v6 to all and nothing I double checked again today the v6 tunnels functionality… ran a ping to google from my pf box... PING google.com (173.194.33.35) from 68.150.1xx.xxx: 56 data bytes 64 bytes from 173.194.33.35: icmp_seq=0 ttl=56 time=74.204 ms 64 bytes from 173.194.33.35: icmp_seq=1 ttl=56 time=75.006 ms 64 bytes from 173.194.33.35: icmp_seq=2 ttl=56 time=73.949 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 73.949/74.386/75.006/0.450 ms PING6(56=40+8+8 bytes) 2001:470:x:xxx::x --> 2607:f8b0:400a:801::1007 16 bytes from 2607:f8b0:400a:801::1007, icmp_seq=0 hlim=59 time=57.728 ms 16 bytes from 2607:f8b0:400a:801::1007, icmp_seq=1 hlim=59 time=59.010 ms 16 bytes from 2607:f8b0:400a:801::1007, icmp_seq=2 hlim=59 time=58.224 ms --- google.com ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 57.728/58.321/59.010/0.528 ms

This already happen. I find a pfsense Bugtrack. Maybe this is the Problem http://redmine.pfsense.org/issues/2483 I'm trying to set a IP alias for the WAN Interface. Is there a workaround ? Like over the CLI ?? I found this Link  but I can't find the rc.conf file in pfsense. http://lists.freebsd.org/pipermail/freebsd-questions/2009-February/192845.html The IPv4 and IPv6 that i get over DHCP from the ISP are working. The IPv6 that I get from the DHCP is in the same Range (/64). Update I upgraded to the newest Version of pfsense (BETA 0 ) now the Virtual IP Addresses for v6 are working Closed

lol alwas something simple. thank-you rody

I finally got all my stuff configured tonight, and had this issue at first but I have been able to make rules that allow my systems to be accessible from the internet.  I followed thishttp://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker ipv6 guide to setup my connection with HE and then added a rule like you see below, before putting in the rule I was unable to ping my ipv6 address or connect to anything on my ipv6 address (going outbound was fine).  Basically it is a rule for the opt interface i created for the ipv6 that is an allow everything ipv6 with a desitination of my server ipv6 address. Here is a paste of HE portscan and ping test for my ipv6 ip after i put this rule in. Starting Nmap 5.00 ( http://nmap.org ) at 2012-07-24 21:07 PDT Interesting ports on 2001:470:x:xx::ff78: Not shown: 999 closed ports PORT  STATE SERVICE 22/tcp open  ssh Nmap done: 1 IP address (1 host up) scanned in 1.70 seconds [image: ipv6ruleed.png] [image: ipv6ruleed.png_thumb]

i think they are suggesting using prefix delegation with dhcp 6. Set the wan to dhcp6 and set the prefix size to 56. On the lan page you can select track interface for ipv6 and fill in a number. 0 is fine too. That should be it although you might need a reboot. I think the current version goes about it better.

There might be a race condition here where it has not yet set the LAN address to ::1. I'm still considering switching out the wide dhcp6 client since others have reported it going away without any logs. It's been on the roadmap for a while, looks it needs to happen. The intention is to always configure <prefix>::1 on the router for the sake of simplicity.</prefix>

Hey thanks, see, important info!  ;D

Just did a gitsync, and checked the doc - yup that should work, thanks!

I tried to enable track interface on a couple of my LAN-interfaces. What happens, is that both interfaces get the same link local address, fe80::1:1 (loopback ip?) Even when i disable IPv6 on both these interfaces, fe80::1:1 is still the active link local address. I have two physical interfaces, one for WAN and one where all my LAN interfaces are VLAN-tagged. All LAN and OPT-interfaces are renamed. The log also outputs this when i track the WAN-interface: Jul 7 12:38:57 php: /interfaces.php: Accept router advertisements on interface re0_vlan112 Jul 7 12:38:57 check_reload_status: Reloading filter Jul 7 12:39:00 dhcp6c[4326]: dhcp6_ctl_authinit: failed to decode base64 string Jul 7 12:39:00 dhcp6c[4326]: dhcp6_ctl_authinit: failed to decode base64 string Jul 7 12:39:00 dhcp6c[4326]: client6_init: failed initialize control message authentication Jul 7 12:39:00 dhcp6c[4326]: client6_init: failed initialize control message authentication Jul 7 12:39:00 dhcp6c[4326]: client6_init: skip opening control port Jul 7 12:39:00 dhcp6c[4326]: client6_init: skip opening control port

Hey John, When are you guys planning on rolling IPv6 out to Business Class customers? I've been dying to implement IPv6 at work haha. We have a SMCD3G-CCR modem, which doesn't appear to be certified for IPv6 yet on your mydeviceinfo site. Thanks, Derek

Now that I know what to look for, I might be able to catch whatever caused the problem next time it happens. I'll post here again if I can get this info. I did notice a problem with connectivity today. Inbound connections were not being routed to hosts behind pfsense. The packets would arrive but pfsense would drop them. Outbound connections worked so it was like being under NAT. After I rebooted pfsense, all inbound connections worked and the /128 address of pfsense shows up in traceroutes. The /128 definitely seems needed for normal operation at least with my config with Comcast.