I've managed to fix his installation and committed a few patches to the repo.

The biggest issue is that the bogonsv6 table might be lagging on your installation, although we update that table very frequently at files.pfsense.org it might still be out of date.

If you do run into issues with the dhcp6 client not aquiring a address and the dhcp6 requests ending up in the firewall logs as [fe80::something]:547 or [fe80::something]:546 it is probably hitting the bogons filter.

After disabling the bogons on the WAN interface it succesfully acquired a DHCP-PD prefix for the LAN.

you gitsynced but did not perform a config upgrade. Please reboot and it should upgrade your configuration and thus your rrd files.

their reasoning is that the amount of directly connected users is not trivial. So this should be a fairly harmless afair.

Also, if the DHCP6 client is activated on the WAN interface pfSense will pick a DHCP6 address but there will be no prefix delegated when requested from the DHCP6 server.

In the near future you can request a prefix delegation from the DHCP6 server and that should provide you with a routed subnet for the LAN.

From my understanding from talking to Comcast they want to have generic devices from Netgear and D-link that work with DHCP-PD. They are not going the route that Ziggo in .nl is with the UBEE modems/routers/wifi gateways.

i already thought of that over the weekend. thanks again

ticket: http://redmine.pfsense.org/issues/1996

I've still for a couple Alix boxes sitting around here, maybe I'll try IPv6 on one of those again soon in a test environment.  I'm done on my primary box at home though until it goes gold.  My main computer bought it during the same power outage this past weekend and it was hell trying to get the thing working without a working internet connection for research…

EDIT:  Also, file.pfsense.org/jimp/ipv6 is a bad link, I think you meant "http://files.pfsense.org/jimp/ipv6/"

we only have the rrd graphs at this point which have v4 and v6 counters for pass and block in both directions

@jimp:

I just posted a new set of images a few days ago, give it a try with up-to-date code.

Same problem with the latest snapshot, (2.1-DEVELOPMENT (amd64) built on Fri Oct 21 12:51:15 EDT 2011). The bridge iface only gets assigned the global IPv6 IP and not a (generated) link-local IP. Since my gateway is a link-local address (due to HSRP), I don't have IPv6 connectivity.

@asterix:

Would be a good idea to include this info in pfSense IPv6 install doc

It is already there, and was there before you posted this :-)

http://doc.pfsense.org/index.php?title=Using_IPv6_on_2.0&diff=4171&oldid=4168

You can use the pfSense 2.0 image and then overlay the ipv6 tree via gitsync

When there is no status file we show gathering data. When we 1st write out the status file it is online until apinger marks it down after 10 timeouts.

There already is a open ticket in redmine for importing a newer upnpd binary that supports some bare ipv6 and the ipv6firewallcontrol function from the igd 2.0 specification.

@iFloris:

The above code works fine for me. I had to add "; to the end of line 2337.```
   $ipfrules .= "table <bogonsv6>persist file "/etc/bogonsv6"\n</bogonsv6>

I'm sorry, ";" was eaten by copy-paste.

@Michael:

because of this: http://forum.pfsense.org/index.php/topic,40953.msg215068.html#msg215068

Thanks for the catch, I've fixed that line and everything seems fine so far.

Thanks for the info.  I just realized that after I got console connectivity into the device.  Boooo.  I managed to install the 2.0 official release but it was just not usable at all.  I'll probably wait to get myself one of the ALIX setups instead.

LoboTiger

Because ip4 and ip6 are entirely seperate you can operate entire carp clusters seperately.

There have been no binary changes since 2.0 was released so at this point you can still overlat the code with git sync.

We will be merging more ip6 changes soon that will require newer binaries. That means you will need to track the ipv6 images tree. It is always safe to gitsync to the ip6 tree on those images.

You might want to mention your full setup when asking for help, you made no mention of using squid until I brought it up.  You sure you not bouncing off some other proxy?  And what it reports is that your local squid setup?

I believe there is a log you can check to see what dns squid adds – I believe it is /var/squid/log/

You should see it adding nameservers from your squid.conf, etc.

But for troubleshooting dns related issues, I would most likely remove squid from the equation -- how do you know its not just squid that is not working, and actually related to a dns issue?

I don't see where you actually did a direct query to pfsense for dns to verify it did not resolve, etc.

@johnpoz

Pardon me for making you confused on my problem. I'd try my best to explain in future regarding my problem, please do accept my sincere apologies.

@asterix ,@johnpoz and all

Actually my assigned tunnel (not the Routed /64 or /48) address is 2001:470:35:bd::1 and ::2 (server and client address). Referring to my post #1, i can surf ipv6 websites using the 2001:470:35:bd::XXXX without any problem but i can't figure out how to use my 2001:470:36:bd: address nor the Routed /48 .

After fiddling much and head-banging on the desk, i've managed to figure it out as per outlined below :

1. Follow the guide using http://doc.pfsense.org/index.php/Using_IPv6_on_2.0
2. Stop at step no 7 http://doc.pfsense.org/index.php/Using_IPv6_on_2.0#Setup_LAN_for_IPv6 . READ throughly and READ IT AGAIN. It says you need to get the Routed IPv6 /64 Address which is in my case is 2001:470:36:bd: NOT the 2001:470:35:bd: .

Of course this is where i assign my LAN interface with 2001:470:35:bd and the whole DHCPv6 Server range to my client. It works, but not the expected result in the end. And also this is where my mistakes whereby i've misread the guide, pardon me again, my bad.

I hope my case can help somebody out there if they every stumble upon such thing. And also, i've managed to get my rDNS working and "bind it" to my domain name. So to the newbies, pfsense team has made a very comprehensive guide and it's a good one, do read it and this time if you ever come across any problem, read and read it again because somewhere along the lines lies the answer to your question.

Thank you pfsense team, dev and moderator! thanks to all especially databeestje, johnpoz, asterix and trmentry you guys rocks!

This is not fatal. But here I needed to send the route to a single host through a specific Gateway and that's noticed.
Temporarily increased the option to start cycle.

    if(is_ipaddrv4($pconfig['network'])) {         $size = 33;     } else {         $size = 129;     }     for ($i = $size; $i >= 1; $i--): ?>

Thank you !!

Not sure if I need to start a different thread but I have a new issue with 2.1-DEVELOPMENT (amd64) built on Tue Sep 13 17:05:32 EDT 2011

At least once every day the DNS functionality dies. The service itself is started but it ceases to function. Re-starting the DNS forwarder service does not work. Only way is to reboot the machine. No logs about anything failing.

This is really getting irritating now as the DNS dies any time with no prior warnings. Any clues?

My DNS is the following order. Earlier I just kept IPv6 DNS but adding IPv4 DNS doesnt make a difference.

2620:0:ccc::2
2620:0:ccd::2
208.67.222.222
208.67.220.220

IPv6 code will not break anything on the IPv4 front because it is a entirely seperate address family.

That said, there have been moments during the development that broke one thing, the other, or the entire tree. Which is to be expected really. There are busy and quiet periods every now and then, the last month was quiet.

Expect a flurry of activity soon though, hackathon is coming up which should bring up something.