Topics tagged with ipv6

IPV6 Custon Rules Snort and HE tunnel broker

tinfoilmatt — Invalid Date

@JonathanLee Interesting. What we're living through now is the partial realization of what I somewhat mistakenly believed Web 3.0's 'semantic web' concept from a quarter-century ago was all about. I.e., tell the 'search engine' what you're looking for in natural human language, and it will deliver. Berners-Lee originally expressed his vision of the Semantic Web in 1999 as follows: I have a dream for the Web [in which computers] become capable of analyzing all the data on the Web – the content, links, and transactions between people and computers. A "Semantic Web", which makes this possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade, bureaucracy and our daily lives will be handled by machines talking to machines. The "intelligent agents" people have touted for ages will finally materialize.

Re-delegate delegated prefix

Alphaphi-by — Invalid Date

Hi all,

from my ISP I get a /56 prefix, out of which I can cut 16 /60 prefixes. I would like to delegate two of these to two downstream routers, so that they again can build two or three subnets each.

Unfortunately the ISP's prefix changes every now and then, which means I cannot do a static setup. Instead I need to track the WAN interface for changes.

Here is a diagram:

                                Internet-Provider
                                       ^   
                                       |WAN
         +-----------------------------+----------------------------+
         |                       PREFIX:fb00::/56                   |   
         |                                                          |   
         |                           pfSense                        |   
         |                                                          |   
         | tracked            tracked            tracked            |   
         | interface: WAN     interface: WAN     interface: WAN     |   
         | IPv6 prefix ID: 10 IPv6 prefix ID: 20 IPv6 prefix ID: 30 |
         |                                                          |   
         +----------------------------------------------------------+
                   | igb0               | igb1         | igb2
                   |                    |              +------+
                   |                    |                     |   
                   |                    |                     |   
         +------------------+  +------------------+  +------------------+
         | downstream       |  | downstream       |  | LAN              |   
         | router 1         |  | router 2         |  |                  |
         | PREFIX:fb10::/60 |  | PREFIX:fb20::/60 |  | PREFIX:fb30::/64 |
         +------------------+  +------------------+  +------------------+
             |          |           |          |              |
             v          v           v          v              v
          clients    clients      clients    clients        clients
         :fb11::/64 :fb12::/64   :fb21::/64 :fb22::/64     :fb30::/64

I've been reading a lot, and spent a long time today to find a working configuration, to no avail. It looks to me as if this setup is not possible. I can only pick one subnet out of the 256 possible subnets a /56 provides, and assign it to a interface.
I'm surprised, because the whole point about prefix delegation is that you can cut a big chunk into pieces, and re-delegate again, which is what providers are doing. So why isn't it possible to re-delegate a smaller portion of what I get from the provider?

Am I missing or misunderstand something?

Any ideas and hints are much appreciated.

Seeking Insight on IPV6 Suricata Alerts – "Excessive Retransmissions" and "Wrong Direction First Data"

bmeeks — Invalid Date

@JonathanLee said in Seeking Insight on IPV6 Suricata Alerts – "Excessive Retransmissions" and "Wrong Direction First Data": SURICATA Applayer Wrong direction first Data Here is the link in the Suricata docs for this stream rule alert: https://docs.suricata.io/en/latest/rules/app-layer.html#applayer-wrong-direction-first-data. The short version of the story is that even today, after several attempted fixes within Suricata, the coders of client/server software apps seem to still be able via crappy coding to craft network flows that trip up the Suricata parser. This is basically a harmless error. As @SteveITS said, the best thing is to disable all the Suricata stream event rules. They are informational anyway and don't necessarily indicate malicious traffic.

Snort and GIF0 for HE tunnel broker

JonathanLee — Invalid Date

@SteveITS It looks like it is detecting ipv6 better already is showing alerts [image: 1752342154032-screenshot-2025-07-12-at-10.39.56-resized.png] It sees some ipv6 going to my interface. Again snort also would spot stuff every once a a while. My son got a bad bug on his tablet and it had a Russian email server running I checked it on virus total and it was spot on as malware known abuses so I reported it

Port 0 and IPv4 Great... but hey what about IPv6 or inet6?

JonathanLee — Invalid Date

@johnpoz This even does this with the newest CE edition inside of UTM virtualized environment outside of the 2100s [image: 1752772658328-screenshot-2025-07-17-at-10.15.51-resized.png] It is not just the 2100s this is set up for standard stuff everything else works with it just the status page

Router Advertisements

JonathanLee — Invalid Date

@Gertjan Fixed it. I had on the interface address both an IPv6 address and an "IPv4 address embedded in the IPv6 address (this is known as IPv6-mapped IPv4 addresses or IPv6 embedded IPv4 addresses)" before that is normally not for interfaces only the static device assignments so that is corrected my Pv6-mapped IPv4 addresses or IPv6 embedded IPv4 addresses are now only on the Lan devices and not on the firewall interfaces. [image: 1752100262620-screenshot-2025-07-09-at-15.29.37-resized.png]

How do I enable IPv6 traffic on VLAN for IoT Matter traffic?

dennypage — Invalid Date

@Seeking-Sense said in How do I enable IPv6 traffic on VLAN for IoT Matter traffic?: @dennypage … Do you have any experience with the Tapo switches? I don’t have direct experience with Tapo. However I do have experience with Kasa, and I can attest that TP-Link goes out of its way to push / force you onto cloud services.

IPv6 Firewall rules for external internet access only

Destari — Invalid Date

@Bob-Dig That looks like it worked! Is there a limitation I should be aware of with how quickly those rules will update? I just don't want to leave an open hole in my firewall whenever my ISP drops the ball.

Alias tables don't contain IPv6 addresses anymore

IonutIT — Invalid Date

@JonathanLee said in Alias tables don't contain IPv6 addresses anymore: Is your zone transparent ? I had an issue with mine set to (type transparent) and it was causing issues Zone type is at default "transparent" not "type transparent".

pfSense installation into an IPv6 only environment?

stephenw10 — Invalid Date

Hmm, that's a good question. Let me run some tests.... You can install using the legacy installer and upgrade if needed: https://atxfiles.netgate.com/mirror/downloads/ Steve

Dynamic DNS client "extracted from local system"

SteveITS — Invalid Date

@Gertjan said in Dynamic DNS client "extracted from local system": To know if the WAN IP really changed ? Easy. Store the latest succeeded updated WAN IPv4 address locally. This is the cache file. Compare the actual WAN IPv4 with the cache ;: Just going to take this opportunity to point out that this causes a problem in the case where we restore to a replacement router in our lab before delivery. DDNS is updated to our office IP. Live router will not update because its cached IP didn’t change. (Workaround is to manually modify the file on disk to fool it, as I recall)

Interested

stephenw10 — Invalid Date

Did you have a specific question? If you're unsure I would first try installing CE on whatever hardware you have to test it. Steve

IPv6 HE tunnel broker and Netflix quick fix idea

Gertjan — Invalid Date

@JonathanLee said in IPv6 HE tunnel broker and Netflix quick fix idea: This fixed my issues 100% anyone else parse AAAA and A dns records like this? That issue is very old. Hit the search button - its just above : [image: 1721814205482-979fea0f-8b0a-4338-afa4-9be21a3aeefa-image.png] The issue has even a pfBlockerng solution made for it : [image: 1721814277228-99d7ab85-cb14-44e3-958e-e48648d7256f-image.png] Check the check box. Add all the host names that should not be resolved to AAAA. Done.

Squid and IPv6

JonathanLee — Invalid Date

A thing of beauty HE tunnel brokered IPv6 + Squid SSL intercept

Anyone else attempt this?

Recurring internet disconnect when using iPV6

Globaltrader312 — Invalid Date

Hello

i have the following problem i have been having recurring internet disconnects for about 2 days when IPV6 is enabled via DHCP with prefogx delegation and samrt DHCPDv6.

there are packetloss and disconnetcs up to 40 seconds every 1-2 minutes.

I have deactivated IPV6 once for testing on WAN 1 Vodafone Cable and WAN 2 PPPOE and DHCPv6 on LAN since then it works.

Is there a BUG that causes this?

global IPV6 addresses are not routed into the LAN and to the client

Globaltrader312 — Invalid Date

@Globaltrader312 I have now also removed the firewall rules under NAT

IPv6 Slow Upload Speed

AlmanAchim — Invalid Date

Hi,
I have a very strange problem with the IPv6 upload on my server.

First of all, the important informations:
Hardware: Dedicated server (Hetzner)
Hypervisor: Proxmox
CPU: AMD Ryzen 5950x
RAM: 128GB DDR4 ECC
SSD: 2x 4 TB Datacenter SSD
Connection: 1 Gbit uplink
pfSense: ZFS & VirtIO. Proxmox & VM firewall are deactivated.

Now to my problem:
When I run a speedtest (iperf3 or browser speedtest) I get first in download, 930 Mbits, but in upload only 0,20 Mbits.
I tried it with Linux and Windows VMs - same result.

If I switch off the firewall with "pfctl -d", then it works and the full 1 Gbit is available with IPv6.
VM IPv6-Iperf3 speed test with the firewall switched off (pfctl -d): https://pastebin.com/g5V2j49w
VM IPv6-Iperf3 speed test with activated firewall (pfctl -e): https://pastebin.com/V21ByqTB

What I already tried and activated:

Hardware Checksum Offloading, Hardware TCP Segmentation Offloading & Hardware Large Receive Offloading deactivated
AES-NI activated
Proxmox CPU-Type on Host, kvm64 & x86-64-v2-AES (mainly host)
Proxmox > pfSense > tried E1000 driver
reinstalled pfSense with UFS

It ONLY affects IPv6. IPv4 works fine.
Even if I create an ANY - ANY rule for the firewall rules (WAN and LAN), it does not work.

Perhaps again for a better overview:
IPv4 Download: 1 Gbit
IPv4 Upload: 1 Gbit
IPv6 Download: 1 Gbit
IPv6 Upload: 0-10 Mbit

I have absolutely no idea what else I can try... or what is causing the problem. If any of you have any ideas what else I can try, please let me know.

IPv6 over pfSense 802.1q VLAN limits ICMP6 data size to 1240 bytes

ChrisJenk — Invalid Date

UPDATE: This issue is not specific to the use of large mtg (jumbo frames). It affects ICMP6 generally in this configuration. I don't know if the issue is due to the VLAN or the combination of a VLAN on a bridge. IPv4 is not affected and ICMP message sizes (with do-not-fragment set) respect the configured mtu.

ISP ipv6 request is accepted via dhcp6c but not applied to my interface???

keyser — Invalid Date

@sloopbun Me to :-)

Setting up ipv6 with one /64 allocation

JKnott — Invalid Date

@tmoore said in Setting up ipv6 with one /64 allocation: For what it's worth my ISP is Teksavvy. I phoned in to them this morning and asked them to give me a /56 address delegation which they have done. So now I have a /56. Are you connected via Bell or Rogers? If Rogers, you might want to check the Rogers config. A friend of mine is with Teksavvy on Rogers. Another friend used be be with them on Bell. As for that pending gateway, you have to provide a monitor address that responds to pings. For mine, I ran traceroute to Google and picked the first address that responded. That address is 2607:f798:10:10d2:0:241:5615:217. It might be different for you, depending on where you are.

Cannot enable the "Allow IPv6" setting

onceler — Invalid Date

@Gertjan Correct.

Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?

bearhntr — Invalid Date

@bmeeks said in Why do I have to 'Track Interface' on LAN to WAN for IPv6 to work?: The correct way to handle this is to use a separate sub-domain for your internal AD setup. Something like mydomain.com for the public IP domain name and internal.mydomain.com for the Windows AD network in RFC1918 space. That can work. A quick Google search will lead you to a Microsoft best practices and how-to article on this configuration. I highly recommend you restructure you AD configuration to match what is described at this older Microsoft link here: https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx. And here is a slightly newer document showing the same thing: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772970(v=ws.10). Thanks for the links - one of them I had looked already (as a Google search pointed to it). My public domain name has a - {dash} in it, and apparently my old ass NAS does not like that. I have tried and tried to get it to recognize the domain-name that I first setup as ad.{mypublicdomain} - even a chat session with them for over an hour (nothing worked - they plan no updates to it. It also only does CIFSv1/SMBv1 - FTP (no sFTP) and NFS (but only to Linux boxes) - and some form of iSCSI. I have over 6TB of files and stuff on there, and they "SEAGATE" is not even willing to 'help' me with another NAS to replace it. One of my IT buddies said I should use {mypublicdomain}.loc for my AD/DS...but still going to resolve the - {dash} in there unless I remove it completely. I have considered creating (renaming my public-facing-domain) as only HomeAssistant uses it (well their app on my phone and the ALEXA and GOOGLE links do too). My older post you referenced was assuming the network was IPv4 only with no IPv6 in use. You want to use IPv6, but your ISP is not guaranteeing you a static assignment (they use prefix delegation which means the IPv6 space might change unexpectedly). That's going to be an issue unless you use both ULA and GUA IPv6 addresses. My post also assumed that your Active Directory domain was never going to be accessed from outside. Sounds like that is not what you intend as you mentioned somewhere up above about using some type of home automation with LDAP authentication I believe (unless I'm confusing this thread with another one). Pretty much what I am going to. Every guide that I have read says not to DISABLE the IPv6 on a DC. I am going to leave it at its default settings and let pfSense take care of it. Same for DHCPv4 - going to only do DNS on AD/DS and I am guessing that pfSense is RESOLVER with the FORWARDING option turned on. I would also need a Domain Override setup to point to AD/DS name and IPv4 address as well. Still trying to grasp the REV LOOKUP (setup in pfSense) thing and the HOST OVERRIDE too. The LDAP stuff that I want to do is not really for Home Automation, per se. I do have HomeAssisitant - what I want to do is sign-ins to the various parts with LDAP credentials so that I do not have to keep up with (currently 22) separate login accounts. All of that stuff is 'inside' my pfSense Firewall - only Alexa and Google can access from outside and their app. I got that working, and hoping that I do not have to go through that again. WHEW!!!

chrome://net-internals/dns#dns ???

JonathanLee — Invalid Date

@johnpoz I mostly do, except some university classes require we use it. [image: 1688851689003-r.png]

HE Tunnel, pfSense gateway rejecting internal addresses

Gertjan — Invalid Date

@jbannister SLAAC .... NPT .... Never used these, as they are 'not needed' ( ? ) I followed the pfsense documentation as mentioned above, and was a happy IPv6 user for many years. I advise you to validate the pfsense documentation. There is no SLAAC, even as it promises beautiful things. No NPT. This boils down to : set up a DHCPv6 server on every LAN - with a pool, so you can static DHCP map, as the old DHCPv4 days, your devices. I'm saying this with any in depth knowledge, but : as soon as I read NPT, there are issues .... so, it must be a complex thing. And I tend to keep things "simple", especially my Ethernet networks and everything that is related to it.

Difficulty routing IPv6 traffic between local interfaces

JKnott — Invalid Date

@johnpoz I'm only using 5 of my 256 /64s. However, I think people have learned a lot of bad habits, with having to conserve IPv4 address space. The only place where a smaller prefix makes sense is with a point to point link, where a /127 is all you need.

Upgraded from 22.05 - DHCPv6-PD / IPv6 no longer works

adam.lantos — Invalid Date

Thanks @jimp for the fix. I've re-tested with 23.01.b.20221221.1946 snapshot and the issue seems to be resolved.

Outbound NAT not work if pppoe have been used in WAN

axot — Invalid Date

solved by add a WAN_IGB0 interface and use it in NAT Outbound. [image: 1670056555355-9b2fcfee-c934-445d-b725-d7da11b2337f-image-resized.png] [image: 1670056599435-66f43f6c-9d85-4177-a228-fc0e29157020-image-resized.png] [image: 1670056514929-784a3a56-3edb-423f-a98d-d4694c7c0e68-image-resized.png]

Randomly losing IPv6 DHCP-PD from ISP

IonutIT — Invalid Date

I have my IPv6 setup on pfSense with a /56 from my ISP using DHCPv6-PD.

My WAN interface get a /128 assignment and my LAN interface that is set to track interface gets a /64 and I use SLAAC (RA Unmanaged) to push IPv6 to my devices.

When things are working, everything is just fine, but at random intervals of time, it can be 3 hours, 3 days or even 3 weeks, all of the sudden my /64 on LAN and my /128 on WAN is simply gone.

The router itself still can communicate with ISP gateway through link-local IPs but all my devices are basically stuck. Resetting the WAN interface fixes this with a new allocation, but it will work until the next time it all stops. It's like the allocation from my ISP simply goes away, even though the PPPoE connection doesn't fail, and my IPv4 setup stays the same (connection time doesn't reset).

I've tried my best to try to check the logs when this happens to see if I can catch what is going on but nothing is really happening. I've set dhcp6c in debug mode and the only output it outputs is:

dhcp6c RELEASE, REQUEST or EXIT on pppoe0 running rc.newwanipv6

Nothing else in the logs give any hint on why this is happening. Can anyone help my in guiding through troubleshooting this?

Ipv6 configured but unable to ping internet

SteveITS — Invalid Date

@lolo54000 said in Ipv6 configured but unable to ping internet: In my ovh account i have 6 physical server and each have it's own ipv4 and it's own ipv6 /64 ipv6 To have a router in front, you would need: an IPv6 for the router WAN an IPv4 for the router WAN OVH to route your other IP addresses to those IPs your servers to use your router LAN IPv4/IPv6 as their gateway It sounds like they are simply not set up to handle a router, like you're asking for.

Getting IPv6 SLAAC to work in my network

IonutIT — Invalid Date

@mariog Thanks for the link. I'll keep an eye on this.

Could this be a bug? Radvd cannot start.

NightlyShark — Invalid Date

So, I found a GUI "bug". I had correctly set the prefix ID's in the "Tracked Interface" for each VLAN, but at the RA page, I mistakenly reinserted the prefix ID in the fields that are for static (full, not delegated) prefixes. Removed the static prefixes and everything now works. GUI should not let you enter static prefixes on a tracked interface, aside from fc00 or fd. And if it does, it should check if they are correct. One of the prefixes was ::1/64.

LWLcom DSL IPv6 über DHCP kein renewal

JeGr — Invalid Date

@unbekannt3 said in LWLcom DSL IPv6 über DHCP kein renewal: Die Sense bekommt eine Adresse aus einem /64er Subnetz am WAN Interface zugewiesen und darauf dann mein /60er Subnetz geroutet, beides mit einer lifetime von 300. Warum? 300er Lifetime hört sich für mich nach Quatsch an und viel zu kurz. Wenn ich da auf bspw. einer Fritzbox nachsehe, was da das Default Verhalten ist bei DHCP6 dann sehe ich da Zeiten in der Größenordnung 48h als Lease Time runtertickern. Zumindest wesentlich mehr als 300s. Das hört sich da schon entweder nach einer seltsamen/falschen Konfiguration an oder dass der ISP da Murks macht. Da würde ich nochmal beim ISP selbst versuchen jemand technischeren an die Strippe zu bekommen, denn das klingt nicht gerade sinnvoll. Cheers \jens

IPv6 PPPoE Telmex/Telnor WAN Interface Configuration (Continued...)

abcdefabcdef — Invalid Date

Re: IPv6 PPPoE Telmex/Telnor WAN Interface Configuration

Still no IPv6 in bridge mode. I was able to postpone IPv6 implementation before, but now it is necessary. Any ideas?

usb iphone ipv6 WAN dhcp6

jeremyj — Invalid Date

hello,
Apologies if this is the wrong forum.

I have been experimenting with using my iphone as a WAN with pfsense.

I have two iphones: one on (UK) o2 and the other on (UK) ee network. The iphone on o2 seems to work just fine. I set the interface up using DHCP and all is well.

However, the other phone, on ee, seems to use only ipv6. I hoped that merely setting the ipv6 config type to DHCP6 would work but it doesn't. The interface/gateway never goes online and I can't use it as a WAN. I have tried using SLAAC and that doesn't work either.

I wonder if anyone has any advice/recommendations. I am not familiar with how ipv6 works so I may be making some simple error with the set-up. For example, I also looked up the ipv6 network address and tried using that as the static ipv6 address but that doesn't work.

It is a shame as my ee mobile is the one I would like to use as a failover WAN. I set-up the o2 phone just to make sure I was getting the basics right. That phone works as a usb tether, so I know the issue is something to do with the way ee is dealing with DHCP/DHCP6. It's not to do with the usb set-up, which is working just fine (i can see the usb network address for both phones, can assign interfaces to each phone's network port, etc).

Many thanks
Jeremy

pfSense unter Qemu-KVM bei Hetzner mit /65 IPv6-Subnetz, ist meine Konfiguration so korrekt?

robin24 — Invalid Date

Moin zusammen,

ich habe mir vor ein paar Tagen bei Hetzner einen dedizierten Root Server besorgt, auf welchem VMs unter Qemu-KVM mit Libvirt betrieben werden sollen.

Als Routing-VM kommt pfSense zum Einsatz, welches ich auch bei mir daheim auf einem APu-Board seit vielen Jahren einsetze und damit vollauf zufrieden bin.

Der Server wurde ursprünglich mit einer IPv4-Adresse sowie einem /64 IPv6-Subnetz bereitgestellt, sodass ich hier für die VM-Gäste noch eine weitere v4-Adresse sowie ein /56 V6-Subnetz, 2a01:XXX:XXX:7800::/56 dazu bestellt habe.
Im Hetzner Robot habe ich nun die zugebuchte IPv4-Adresse sowie das /56er IPv6-Subnetz auf die MAC-Adresse der pfSense-VM geroutet, welche per Bridge verbunden ist.```
Das Hostsystem beansprucht also nur die ursprüngliche IPv4 sowie das /64 Subnetz für sich, alles Andere wird direkt an die pfSense-VM durchgereicht.

Nun habe ich das Ganze zwar bereits ans Laufen gebracht, sprich die pfSense-VM hängt bereits mit ihrer IPv4-Adresse sowie dem /56-Subnetz im Internet, es werden V6-Adressen an die dahinter liegenden VMs per Router Advertisement verteilt und sowohl pfSense als auch die anderen VMs kommen sowohl per IPv4 als auch IPv6 ins Internet.

Allerdings hatte ich persönlich bisher recht wenig mit IPv6 zu schaffen, mein heimischer Kabelanschluss (Vodafone Business mit statischer IP) unterstützt es nicht.
Mein Server soll aber natürlich trotzdem IPv6-tauglich sein mit einer sauberen Config, nur bin ich mir aufgrund meiner fehlenden Erfahrungswerte einfach nicht sicher, ob ich dies zum jetzigen Zeitpunkt so korrekt umgesetzt habe und würde mich daher über ein Feedback der V6-Profis hier wirklich sehr freuen.

Die V6-Einstellungen meines pfSense WAN-Interfaces sehen aktuell so aus:

IPv6 Configuration Type: Static IPv6
IPv6 Address: 2a01:XXX:XXX:7800::1/127
IPv6 Upstream gateway: WAN_GW6 - fe80::1

Meine LAN-Config:

IPv6 Configuration Type: Static IPv6
IPv6 address: 2a01:XXX:XXX:7801::1/64
IPv6 Upstream gateway: None

Meine Einstellungen unter Services > DHCPv6 > Router Advertisements für LAN:

Router mode: Unmanaged - RA Flags [none], Prefix Flags [onlink, auto, router]
Router priority: Normal
Default valid lifetime: 86400
Default preferred lifetime: 14400
Minimum RA interval: 200
Maximum RA interval: 600
Router lifetime: 1800
RA subnets: keine Angabe

Wie gesagt läuft es nun so und alles scheint prima, bin mir aber einfach unsicher, ob das so handwerklich sauber ist...

Für eine sachkundige Meinung dazu wäre ich also wirklich sehr dankbar, falls sich da jemand ein paar Minuten Zeit für nehmen möchte :-).

Viele Grüße,
Robin
P.S.: Da ich blind bin ist es für mich leider schwierig, ein Diagramm meiner Netzwerktopologie zu erstellen - sonst hätte ich dies natürlich sehr gern gemacht um alles etwas anschaulicher darzustellen.

BT Business FTTP IPv6 help

FollyDude 0 — Invalid Date

@dwren78 Hmmm this is frustrating, could you describe what is happening in more detail? I am confused why it works when you have the Smarthub ahead of the pfsense router. I am not familiar with configuring the smart hub as a bridge, so where is the pppoe authentication done, in the smarthub or pfsense? Are you getting a v4 address? Is the v6 interface up? Are you getting a link-local v6 address? Dumb question, but I am going to ask it anyway, are you using your bt business pppoe username/password? cheers F

IPv6 Gateway monitoring broken in 2.6.0?

JKnott — Invalid Date

@kimble said in IPv6 Gateway monitoring broken in 2.6.0?: Maybe it's clever enough to bind to a LAN address in that instance? I've no idea. You have to specify a source address by using the -S option in ping. I just did it, using my LAN global address.

All IPv6 Home Network

NogBadTheBad — Invalid Date

@quasaur said in All IPv6 Home Network: Enjoying my SG-1100. I wish to switch everything to IPv6 using each host’s MAC as the last three segments of the interface ID. Unfortunately, it appears that pfSense requires the DUID of a DHCP client to assign it a static address, and no one on the planet seems to know how to get that from a MacBook running Monterey…not even Apple! PLEASE HELP! [image: 1645127681956-screenshot-2022-02-17-at-19.49.55.png] Run the following from the terminal:- sudo plutil -p /var/db/dhcpclient/DUID_IA.plist andyk@mac-pro ~ % sudo plutil -p /var/db/dhcpclient/DUID_IA.plist { "DUID" => {length = 14, bytes = 0x000100012743ca95003ee1c1af07} "HostUUID" => {length = 16, bytes = 0x8d4aa329f7175da2ac8fc3e713f04f63} "IAIDList" => [ 0 => "en0" 1 => "en1" 2 => "en2" ] } andyk@mac-pro ~ %

IPv6 list generated IPv4 rule

jdeloach — Invalid Date

@rvjr said in IPv6 list generated IPv4 rule: ok, that's weird. No I'm using the standard pfBlockerNG 2.1.4_26 on pfSense 21.05.2-RELEASE. I'll try switching the list action and see if that makes any difference. Your problem is that you are using an old unsupported version of pfBlockerNG. The maintainer of pfBlockerNG, @BBcan177, does not recommend the use of that old version. The -devel version has been in use for 2 to 3 years now and is very stable and the only version currently being updated. Make sure that the box is checked to save your current settings and then uninstall your current version of pfBlockerNG 2.1.4.26 and then install the -devel version 3.1.0_1. This should take care of the issues you are seeing, if not, post back to the forum and someone will help you.

Weird dpinger and IPv6 issue?

JKnott — Invalid Date

@pfsensation Yep, it's green and showing online.