@JonathanLee said in IPv6 HE tunnel broker and Netflix quick fix idea:

This fixed my issues 100% anyone else parse AAAA and A dns records like this?

That issue is very old.

Hit the search button - its just above :

979fea0f-8b0a-4338-afa4-9be21a3aeefa-image.png

The issue has even a pfBlockerng solution made for it :

99d7ab85-cb14-44e3-958e-e48648d7256f-image.png

Check the check box.
Add all the host names that should not be resolved to AAAA.
Done.

@jbannister

SLAAC .... NPT ....
Never used these, as they are 'not needed' ( ? )

I followed the pfsense documentation as mentioned above, and was a happy IPv6 user for many years.

I advise you to validate the pfsense documentation. There is no SLAAC, even as it promises beautiful things. No NPT.
This boils down to : set up a DHCPv6 server on every LAN - with a pool, so you can static DHCP map, as the old DHCPv4 days, your devices.

I'm saying this with any in depth knowledge, but : as soon as I read NPT, there are issues .... so, it must be a complex thing.
And I tend to keep things "simple", especially my Ethernet networks and everything that is related to it.

@steveits OK, thanks. If I can ever get registered on Redmine, I'll file a bug report.

@Jxck

Well, it certainly won't work, without it being configured on the VPN.

@jimp If states are not to be preserved, then a disable/enable (via a heartbeat mechanism or otherwise) might do the trick.. of course with a disruption of the IPv6 connectivity while the tunnel is re-establishing itself.