Reading your diagram that the isp gave you, it looks like a normal static ipv6 configuration.

Basically you configure the ::2 of the /126 prefix on the pfSense wan interface. You then create a gateway to the ::1 address of the /126 subnet. Normally the isp router will reply for ndp requests for this address.

You can configure the 1st /64 prefix on the lan interface. Your isp will just forward the /64 networks to the ::2 address of your /126 subnet.

This really is a basic static config as long as both the isp and pfsense reply to ndp requests. Which i think they will.

If you have any questions or want me to review your configuration i can verify it remotely.

there is a bug in the current ra config mode where it does not set the right mode. That is still open for fixing.

The IAID will have to be saved into the config.xml to make sure it persists, not sure why it needs another file unless the clients needs to have it that way.

Also, I will likely pull the wide client and move to the ISC dhcp6 client at some point. Atleast before 2.1 is released.

That client supports configuring a "pretty" ipv6 address on a prefix delegated. e.g. <prefix>::1

It's not that dhcp6 server is not a priority, but I'd rather get cascading prefix delegation working.</prefix>

Yes, please add the IAID field and I'll be glad to do the testing.  As I say, I'm currently testing against an MS DHCPv6 server and I think there is an inherent incompatibility between the two distributions which may or may not have to do with the server receiving FQDN and vendor class options from the client.  I'm using Wireshark to sniff and I know the Solicit message is being sent.  I've already tested the DUID and IAID functionality with FreeBSD clients and I know those fields are showing up in the right places in the Solicit.  But the MS server does not Advertise in response.  At least, no Advertise shows up in Wireshark as it does when Solicited from a Windows client.  Strangely, though, the DHCP statistics displayed by the MS server always show an equal number of Solicits and Advertises.  The log file generated by the MS server only shows incoming messages (Solicits and Requests), which is equally bizarre.  Sounds like a firewall issue, right?  I disabled it on both machines with the same results.  I have to admit, I'm stumped for now.  If anybody has any ideas, please let me know.  I had hoped to rule out the FQDN-and/or-vendor-class issue by spoofing a Microsoft vendor code and sending the correct FQDN.  I think the ISC client does have this functionality, but then I can't use pfSense as the firewall, which is a deal-breaker.

I think your confusing my setup with running l2tp ipsec on pfsense?

As I thought I clearly stated this is not have anything to do with pfsense acting as any part of the l2tp ipsec connection, not a client not server.  The l2tp server is not setup or on or enabled at all.

This is a client behind pfsense connecting to a server on the public internet outside pfsense.

If I enabled, ie uncheck pfscrub then it works.. If I disable pfscrub then it hangs.  It use to work just fine with pfscrub disabled - but now it is not.

It is currently working, I don't have any issues with pfscrub being enabled.

Problem seems to be with the "managed" option, if u run "unmanaged" it works every time i reconnect, just not with "managed"

anyone else noticed this?

/f

must have the bits set wrong, I'll look into it.

Same error with the new build.

If I edit the restore file with 2 ipv6 dns server, both are configured in pfsense after the restore.

But Package and Update management doesn't work.

Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

DNS Lookup with the both IPv6 DNS Server works fine.

Diagnostic -> DNS Lookup

pfsense.com = 69.64.6.21

2a01:4f8:120:5121:6::53 6 msec
2001:4d88:1ffc:409:1::53 8 msec

Any Idears ?

Thx

Greetings

Unbound integration into 2.1 is a ongoing project.

Hello databeestje:

When I performed the resync the first time, my shell session got "terminated" (got kicked back to local prompt) and I had to login again so I thought the router had rebooted.  I resynched it just a moment ago and rebooted it again after my session got terminated and it looks like everything's working.  I can access ipv6.google.com and a test site so all appears well now.

Thank you for your assistance.

FIRESTORM_v1

Note to newbies:  If you're planning on implementing IPv6, it's best to use a v6/v4 dual-homed network.  Running IPV6-only will leave you with very little to do on the Internet.  (example:  www.v6.facebook.com only works halfway.  Facebook's fault. :P )

Without the rtadvd the router will not announce itself. I have made a number of changes that could have caused it.

Investigating.

Are you referring to the dhcpv6 server here? For the server part you can already choose.

For the wan slaac is not supported currently since it does not work for a router.

Ah, thanks jimp! I was using the userid from the other method instead of my username. Works now.

OK. So I solved this by deleting my tunnel and assignment with the tunnel broker. I then created a new tunnel and routed assignments, and replaced those in my non-working configuration and they worked. I have to surmise it was something at the other end (tunnelbroker).

ipv6 gateway came right up, once I changed the ipv6 assignment for LAN/DHCP and refreshed, it all worked.

I've managed to fix his installation and committed a few patches to the repo.

The biggest issue is that the bogonsv6 table might be lagging on your installation, although we update that table very frequently at files.pfsense.org it might still be out of date.

If you do run into issues with the dhcp6 client not aquiring a address and the dhcp6 requests ending up in the firewall logs as [fe80::something]:547 or [fe80::something]:546 it is probably hitting the bogons filter.

After disabling the bogons on the WAN interface it succesfully acquired a DHCP-PD prefix for the LAN.

you gitsynced but did not perform a config upgrade. Please reboot and it should upgrade your configuration and thus your rrd files.

their reasoning is that the amount of directly connected users is not trivial. So this should be a fairly harmless afair.

Also, if the DHCP6 client is activated on the WAN interface pfSense will pick a DHCP6 address but there will be no prefix delegated when requested from the DHCP6 server.

In the near future you can request a prefix delegation from the DHCP6 server and that should provide you with a routed subnet for the LAN.

From my understanding from talking to Comcast they want to have generic devices from Netgear and D-link that work with DHCP-PD. They are not going the route that Ziggo in .nl is with the UBEE modems/routers/wifi gateways.

i already thought of that over the weekend. thanks again

ticket: http://redmine.pfsense.org/issues/1996

I've still for a couple Alix boxes sitting around here, maybe I'll try IPv6 on one of those again soon in a test environment.  I'm done on my primary box at home though until it goes gold.  My main computer bought it during the same power outage this past weekend and it was hell trying to get the thing working without a working internet connection for research…

EDIT:  Also, file.pfsense.org/jimp/ipv6 is a bad link, I think you meant "http://files.pfsense.org/jimp/ipv6/"

we only have the rrd graphs at this point which have v4 and v6 counters for pass and block in both directions

@jimp:

I just posted a new set of images a few days ago, give it a try with up-to-date code.

Same problem with the latest snapshot, (2.1-DEVELOPMENT (amd64) built on Fri Oct 21 12:51:15 EDT 2011). The bridge iface only gets assigned the global IPv6 IP and not a (generated) link-local IP. Since my gateway is a link-local address (due to HSRP), I don't have IPv6 connectivity.