@Gertjan Fixed it. I had on the interface address both an IPv6 address and an "IPv4 address embedded in the IPv6 address (this is known as IPv6-mapped IPv4 addresses or IPv6 embedded IPv4 addresses)" before that is normally not for interfaces only the static device assignments so that is corrected my Pv6-mapped IPv4 addresses or IPv6 embedded IPv4 addresses are now only on the Lan devices and not on the firewall interfaces.

Screenshot 2025-07-09 at 15.29.37.png

@jimp thank you for the clarification. Yes, I think it must have been very late at night when that got added...

@JonathanLee said in IPv6 HE tunnel broker and Netflix quick fix idea:

This fixed my issues 100% anyone else parse AAAA and A dns records like this?

That issue is very old.

Hit the search button - its just above :

979fea0f-8b0a-4338-afa4-9be21a3aeefa-image.png

The issue has even a pfBlockerng solution made for it :

99d7ab85-cb14-44e3-958e-e48648d7256f-image.png

Check the check box.
Add all the host names that should not be resolved to AAAA.
Done.

@jbannister

SLAAC .... NPT ....
Never used these, as they are 'not needed' ( ? )

I followed the pfsense documentation as mentioned above, and was a happy IPv6 user for many years.

I advise you to validate the pfsense documentation. There is no SLAAC, even as it promises beautiful things. No NPT.
This boils down to : set up a DHCPv6 server on every LAN - with a pool, so you can static DHCP map, as the old DHCPv4 days, your devices.

I'm saying this with any in depth knowledge, but : as soon as I read NPT, there are issues .... so, it must be a complex thing.
And I tend to keep things "simple", especially my Ethernet networks and everything that is related to it.

@steveits OK, thanks. If I can ever get registered on Redmine, I'll file a bug report.

@Jxck

Well, it certainly won't work, without it being configured on the VPN.

@jimp If states are not to be preserved, then a disable/enable (via a heartbeat mechanism or otherwise) might do the trick.. of course with a disruption of the IPv6 connectivity while the tunnel is re-establishing itself.