Need help enabling IPv6 w/Android Devices on 2.3.2
- 
 I am having issues with IPv6 and Android as well. On my network, we have a Nexus 5, a Nexus 5X and a Nexus 7. All of them work except for my Nexus 5. For some reason, my Nexus 5 cannot connect to my pfSense box using the global address. It can connect using the local-link just fine. Unfortunately, the phone puts the global address as the primary DNS on the phone. So I have to wait for a timeout before the phone will try the dns query on the router's IPv4 address. I figured that this was an Android issue (perhaps even phone model specific), but it looks like JKnott has a Nexus 5 working. My pfSense box is set to assisted and the phone is getting a IPv6 address and putting the router IPv6 address in the DNS list. Any advice on debugging this would be helpful. Chris. 
- 
 What is that "assisted" you're referring to? I don't have any special configuration. It just worked. BTW, this is one example of why it would be nice to be able to run Wireshark on pfSense. It's hard to fix a problem, if you can't see what's happening. 
- 
 Under the router mode set to "Assisted" under Services > DHCPv6 Server & RA > LAN > Router Advertisements You can run "Packet Capture" under Diagnostics and then download the file for under analysis in wireshark. Unfortunately, I don't know enough to know what I am looking for in the packet capture. Chris. 
- 
 ^^^^ 
 Do you have DHCPv6 enabled? With SLAAC, it's normally used just for handing out servers addresses for DNS etc. What happens if you set "router only"? DNS will still work through IPv4.I know there is packet capture available. However, with Wireshark, you can watch in real time and then click on a frame to see all the details. 
- 
 I do have dhcpdv6 enabled. If I set the router advertisement daemon to "router only", will my local network even be using IPv6 if I don't give all of my systems static IPv6 addresses? 
- 
 Unlike IPv4, DHCPv6 is not needed to hand out IP addresses. That's normally done with SLAAC and Router Advertisements (RA). A host can also request an prefix with Router Solicitations (RS). In this situation, DHCPv6 is only used to point to servers, such as DNS, WINS, NTP etc. Since your devices already have DNS via IPv4, they will work fine, as it can deliver both A & AAAA records for IPv4 and IPv6 addresses. 
- 
 As I understand it, if you only want SLAAC, the router advertisement needs to be set to "unmanaged" and not "router only". https://doc.pfsense.org/index.php/Router_Advertisements Chris. 
- 
 Give unmanaged a try and see what happens. 
- 
 Unamanged made no difference to me, the Android phone would always report a link-local address only (maybe that's what happens if you're only using SLAAC, not sure?), but I was still getting the DNS timeouts. Maybe it's possible to get the DNS server to listen on the link-local address? Not sure that's ideal though. The thing I struggle with is… this can't be a "me only" thing and this almost has to be something related to my setup/configuration, or else a LOT more people would be complaining. Like I said, there are people posting that Unamanged or Assisted resolves the issue for them but it seems to make no difference to me. I have the capability of running a Wireshark capture using port mirroring on the switch my LAN port is connected to, if it would be helpful. I did have a couple questions about the General Setup DNS server screen, however... Should I always populate that with two IPv4 and two IPv6 DNS servers? Should I put IPv4 before IPv6? What gateways should I select? The webGUI mentions selecting a unique gateway per server, but I am using gateway groups / multi-wan, so I wasn't sure. I even tried specifying "none" for all four but it had no real impact either way. 
- 
 The phone should have both a link local and global unicast address. If it has only a link local address, then you won't be able to go beyond your local network. Your phone should be responding to the router advertisements by creating an address from the advertised prefix and the MAC address or a random number. For whatever reason, it's not doing that. One work around for those Samsung phones is to get a WiFi router, with the WAN side connected to the local LAN and use it's WiFi only for those phones. That way you'll only get an IPv4 connection. It's not ideal, but it may be a way to get the phones working. 
- 
 I am having the same problem with my Samsung Note 4 (developer edition). I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck! 
- 
 I had to download a program to disable ipv6 support on my device - now I no longer have the DNS issues with ipv6 and I can keep my RA Announcement configuration to Assisted. I realize that disabling IPv6 on my device is just a patch and not a fix to this problem. Good luck! I have thought about that as well, but I haven't wanted to go through rooting my phone. Chris. 
- 
 Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one? The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences. Thanks, 
 Chris.
- 
 For what it's worth, my GS7 is getting ipv4 and ipv6 addresses (two global and one link-local) from my pfsense router. I ran test-ipv6.com and ipv6-test.com and both were fine. The only issues were that former noted a tunnel is being used for ipv6 and the latter noted there is no ipv6 hostname. Speedtest and ping test both work fine. I'm using assisted mode. 
- 
 Is there any reason that I cannot change my RDNSS entry so that it uses the router's local IPv6 address instead of the global one? The RFC says that using the local-link is ok, but I wasn't sure if there are any unintended consequences. Thanks, 
 Chris.I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN. 
- 
 I'm guessing that the global address is used because a downstream IPv6 router could pick the RDNSS entry up and re-use it for its own LAN, this won't work if the address is a link-local address because the address wouldn't be reachable outside the original LAN. In my case, I don't have any routers downstream. Thanks, 
 Chris.


