@johnpoz
I mostly do, except some university classes require we use it.
R.png

@jbannister

SLAAC .... NPT ....
Never used these, as they are 'not needed' ( ? )

I followed the pfsense documentation as mentioned above, and was a happy IPv6 user for many years.

I advise you to validate the pfsense documentation. There is no SLAAC, even as it promises beautiful things. No NPT.
This boils down to : set up a DHCPv6 server on every LAN - with a pool, so you can static DHCP map, as the old DHCPv4 days, your devices.

I'm saying this with any in depth knowledge, but : as soon as I read NPT, there are issues .... so, it must be a complex thing.
And I tend to keep things "simple", especially my Ethernet networks and everything that is related to it.

@johnpoz
I'm only using 5 of my 256 /64s. However, I think people have learned a lot of bad habits, with having to conserve IPv4 address space. The only place where a smaller prefix makes sense is with a point to point link, where a /127 is all you need.

Thanks @jimp for the fix. I've re-tested with 23.01.b.20221221.1946 snapshot and the issue seems to be resolved.

solved by add a WAN_IGB0 interface and use it in NAT Outbound.

9b2fcfee-c934-445d-b725-d7da11b2337f-image.png

66f43f6c-9d85-4177-a228-fc0e29157020-image.png

784a3a56-3edb-423f-a98d-d4694c7c0e68-image.png

@lolo54000 said in Ipv6 configured but unable to ping internet:

In my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6

To have a router in front, you would need:

an IPv6 for the router WAN an IPv4 for the router WAN OVH to route your other IP addresses to those IPs your servers to use your router LAN IPv4/IPv6 as their gateway

It sounds like they are simply not set up to handle a router, like you're asking for.

@mariog Thanks for the link. I'll keep an eye on this.

So, I found a GUI "bug". I had correctly set the prefix ID's in the "Tracked Interface" for each VLAN, but at the RA page, I mistakenly reinserted the prefix ID in the fields that are for static (full, not delegated) prefixes. Removed the static prefixes and everything now works. GUI should not let you enter static prefixes on a tracked interface, aside from fc00 or fd. And if it does, it should check if they are correct. One of the prefixes was ::1/64.

@unbekannt3 said in LWLcom DSL IPv6 über DHCP kein renewal:

Die Sense bekommt eine Adresse aus einem /64er Subnetz am WAN Interface zugewiesen und darauf dann mein /60er Subnetz geroutet, beides mit einer lifetime von 300.

Warum? 300er Lifetime hört sich für mich nach Quatsch an und viel zu kurz. Wenn ich da auf bspw. einer Fritzbox nachsehe, was da das Default Verhalten ist bei DHCP6 dann sehe ich da Zeiten in der Größenordnung 48h als Lease Time runtertickern. Zumindest wesentlich mehr als 300s. Das hört sich da schon entweder nach einer seltsamen/falschen Konfiguration an oder dass der ISP da Murks macht.

Da würde ich nochmal beim ISP selbst versuchen jemand technischeren an die Strippe zu bekommen, denn das klingt nicht gerade sinnvoll.

Cheers
\jens

@dwren78

Hmmm this is frustrating, could you describe what is happening in more detail? I am confused why it works when you have the Smarthub ahead of the pfsense router. I am not familiar with configuring the smart hub as a bridge, so where is the pppoe authentication done, in the smarthub or pfsense?

Are you getting a v4 address?
Is the v6 interface up?
Are you getting a link-local v6 address?

Dumb question, but I am going to ask it anyway, are you using your bt business pppoe username/password?

cheers

F

@kimble said in IPv6 Gateway monitoring broken in 2.6.0?:

Maybe it's clever enough to bind to a LAN address in that instance? I've no idea.

You have to specify a source address by using the -S option in ping. I just did it, using my LAN global address.

@quasaur said in All IPv6 Home Network:

Enjoying my SG-1100.
I wish to switch everything to IPv6 using each host’s MAC as the last three segments of the interface ID.

Unfortunately, it appears that pfSense requires the DUID of a DHCP client to assign it a static address, and no one on the planet seems to know how to get that from a MacBook running Monterey…not even Apple!

PLEASE HELP!

Screenshot 2022-02-17 at 19.49.55.png

Run the following from the terminal:-

sudo plutil -p /var/db/dhcpclient/DUID_IA.plist

andyk@mac-pro ~ % sudo plutil -p /var/db/dhcpclient/DUID_IA.plist { "DUID" => {length = 14, bytes = 0x000100012743ca95003ee1c1af07} "HostUUID" => {length = 16, bytes = 0x8d4aa329f7175da2ac8fc3e713f04f63} "IAIDList" => [ 0 => "en0" 1 => "en1" 2 => "en2" ] } andyk@mac-pro ~ %

@rvjr said in IPv6 list generated IPv4 rule:

ok, that's weird. No I'm using the standard pfBlockerNG 2.1.4_26 on pfSense 21.05.2-RELEASE. I'll try switching the list action and see if that makes any difference.

Your problem is that you are using an old unsupported version of pfBlockerNG. The maintainer of pfBlockerNG, @BBcan177, does not recommend the use of that old version. The -devel version has been in use for 2 to 3 years now and is very stable and the only version currently being updated.

Make sure that the box is checked to save your current settings and then uninstall your current version of pfBlockerNG 2.1.4.26 and then install the -devel version 3.1.0_1. This should take care of the issues you are seeing, if not, post back to the forum and someone will help you.

@pfsensation

Yep, it's green and showing online.

Thank you all for your answers and discussion. Unfortunately it’s a “real problem”. There is a person who I trusted before but this person is now in suspicion for a bad deed. While changing my passwords (way too late I did that) I saw a log in to my personal account that was definitely not made by myself. It’s possible that that person had an auto login but I also had the hunch this person spied my personal mailbox (which is of great concern because I was in touch with official entities). Well I think the chance is quite low I forgot to logout somewhere and that that device has the same /56 prefix as that person. So I can just hope that was an auto login or that person did not found anything. Thank you all.

@madtrick
The IP variable is the same, but you have to set up a special IPv6 update client so that pfSense takes the IPv6 interface address.
https://dyndns.inwx.com/nic/update?myipv6=%IP%