All my IPv6 Prefixes are on one VLAN

Gamienator 0

Hello everybody,

I'm hosting my pfSense in a VM on Proxmox which has one bridge (vmbr0). This bridge is facing all my Ehterner Ports on my Proxmox Host (enp2s0 - enp7s0). Since my way to WAN is VDSL with PPPoE I added VLAN 7 to vtnet0 and dailing that way in. In addition I have 5 VLANs which are already assigned on vtnet0. The reason for all on vtnet0 is that some clients are directly connected to the proxmox host and not via a network switch. IPv4 is running fine and the VLAN are great seperated. But on IPv6 side there is a weird story ...

My ISP is giving me a /56 Prefix. Since I don't have a static address my settings on WAN side is:

On every of my Assigned interfaces I have this settings with different IPv6 Prefix IDs:

Whats driving me crazy is now: My Client on that VLAN has not only one IPv6, it has 6! Each from this Prefix:

Now I'm asking myself: Why is this happening?

pethson

I have a problem like yours.

My setup, and my problem.

I am running pfsense on a VMWare ESXi host that have 2 Network Interfaces.
VMx1 is my WAN interface
VMx0 is my LAN interface the default VLAN
Then VMx0.100 is my DMZ VLAN
VMx0.200 is my Server VLAN
VMx0.300 is my Client VLAN
VMx0.400 is my Guest network
VMx0.500 is my Camera Network

VMx1 gets one public IPv4 and one IPv6 adress.

As you describe in your post I also get a /56 network, and I have almost the setup as you.

My VMx0.XXXX networks get their own IPv6 /64 subnets and all client/servers get one primary IPv6 adress. And there is a DHCP server serving IPv4 addresses.No problem.

On my VMx0 the DHCP server serves one IPv4 address for host that have DHCP configured. But when it comes to IPv6 all servers get one primary IPv6 adress.
But my Windows 11 computers get one primary IPv6 adress from all the VLANs.
Both from VMx0, VMx0.100, VMx0.200, VMx0.300, VMx0.400 and VMx0.500

That gives the result that my Windows 11 clients can not reach the other VLANs
As the Windows 11 client allready have an IP address in the destination subnet, it do not go through the default gateway via the pfsense filerwall to the destination subnet.

All firewall rules seams OK, as I can communicate from a Windows Server or Linux desktop to the destination subnet. As they go through the default gateway.

Is this a bug in pfsense or in windows?

Anyone know a solution or workaround?

///Peter!

Gamienator 0

@pethson Heyho,

sad to see that someone else deals with this issue again. And I saw that this issue only appeares on Windows Clients. On Mac and Linux there is no issue. So year, it's a Windows Bug. My Workaround was to make the port not untagged. I set my Network device to be a tagged device

pethson

@gamienator-0
It works fine on Windows Servers and Windows 10. It's only Windows 11 that has this problem for me.

///Peter!

pethson

@gamienator-0
Regarding Windows Bug I'm livin with the imagination that pfsense should not not let the request through on that interface for the wrong subnet.

///Peter!