I don’t understand what you’re getting at. IPv6 is a necessary protocol now and for the future. There is no need for advertising for end customers. It works perfectly. With activated connections, depending on the type of service you use, over 50% of the traffic is transmitted via IPv6 without the customer noticing. That’s enough advertising and proof of the record. Now also available natively for Swisscom customers, without having to be packaged in IPv4 and routed via boarder gateways. So even more direct and better. Nobody advertises IPv6, HTTP/3, TLS 1.3, etc. These are simply newer protocols that replace older ones, faster or slower, until the tipping point at which the old version is no longer supported or very poorly.

Don’t put your hope in NAT, Synfuel or whatever. These are just expensive workarounds that can be considered for special cases.

But what is needed on the CPE is support for the few customers who are already doing port forwarding with IPv4. These are a smart local DNS resolver where you can manage the clients. They are DDNS services for the servers because the prefix is ​​dynamic. And a more manageable firewall is needed because it replaces NAT. Nothing more is actually needed for the basic requirements of an 08:14 Swisscom customer. You could have been watching this slowly for 10 years.

All the rest doesn’t matter at all. This could also be adapted to IPv4. A lack of support for port forwarding etc. would be just as bad. And here too you can say that hardly anyone needs it.

IB2/¾ still constantly receive new FW and therefore also IPv6 when activated in the network. IBP and IBS probably later, but you should switch to a current router anyway. The IBP is also more than 8 years old and the IBS is de facto too.

@scn

It’s the same for me too.

The cascaded router that accepts the IB3 delegation then has a 62 network.

If /60 is delegated but you only get /62, then that would be a mistake. So not normal. Wrong in the software of these Internetz cans….

scn
How exactly did you set it up?

IPv4 and IPv6 on Pfsense:

I get an IPv6 address like this: fe80::20b:XXXXXXXX but that is not a real IPv6 address.

I have a Zyxel AX7501-B0 as a bridge. IPv4 works and also Live and Replay TV.

@gnome2018

fe:: is the v6 link local. Do you have this address from the dashboard / gateways?

Check status/interfaces to see if v6 really isn’t assigned.

mabu1

Yes, that’s where I got it… as you say, it’s the v6 link local.

So I don’t receive IPv6 yet.

@mabu1

Unfortunately it didn’t work, no changes to your settings.

Do you have that with you too?

Things don’t look so bad here?

I worked with “Release WAN” under Interfaces and not with a restart in these tests.

@gnome2018

No, I don’t have that with me. For me it runs over DSL and PPPoE with another provider (BBCS).

Do you have IPV6 enabled in pfSense? You can find it via System/Advanced Tab:Networking / Allow IPv6

Here’s a hint about the problem from your log: [https://forum.netgate.com/topic/130805/default-ipv6-deny-rule-in-system-logs-even-tho-default-is-pass/4?lang=en](https:// forum.netgate.com/topic/130805/default-ipv6-deny-rule-in-system-logs-even-tho-default-is-pass/4?lang=de)

Let’s see if @Tux0ne wants to get involved here.

@mabu1

All right, it’s a little different setup.

Yes, IPv6 is activated there. Hopefully someone else has a good idea?

Yes, well, I don’t want to be like that. But there can be no question of liking it 😅

Only request an IPv6 prefix with 56 on the WAN.

And for the LAN Interfaces Track Interface WAN with the ID you want.

WAN interface release / renew or reboot.

That should be it if Swisscom doesn’t do something strange.

@Tux0ne

Unfortunately no success so far.

I turned off the DHCPv6 server for a round of testing

Has anyone posted this here?

dhcp6c output with debug active:

Networking:

In order to get something other than a fe80::20b:XXXXX Ipv6 on the firewall, do I have to set firewall rules first?

Addition:

As I said, I use a Zyxel Bridge via P2MP. I’m not sure whether I have to set something up for Ipv6 and Bridge on the Zyxel, I didn’t look at that closely at the time.

It always looks about the same in the log. Further input is very welcome.

Yes, you have to activate RA on the LAN interface, you can use assisted.
To start, create a rule on the LAN interface that generally allows IPv6.

Then show me how the LAN interface is configured.

I would also check after refreshing the WAN interface to see if you find any messages that port 546/547 was blocked. Then you can activate this directly from the log using the easy rule, for example.

The question also arises as to whether native IPv6 is already activated on your access. Don’t know if that’s generally the case. You can check it by connecting the original plastic router from Swisscom.

Tux0ne

Here is the LAN interface.

Addition:
So I’m a little afraid of attaching the IB 3 again. I then have to re-register it in the center and then it becomes another procedure to get the Zyxel to work.

I called support once, unfortunately no concrete help. He also didn’t know whether IPv6 was already being delivered to everyone. Normally he said that others have an IPv6 address. Because of course I’m traveling pretty special and he can’t see anything. But it didn’t sound like you could activate anything.

Funny: He said MyServices might also be something, I can hardly imagine someone sitting there who has experience with IPv6 and Pfsense. Then I’d better practice again and see if I can get any information or ideas from somewhere else.

Log:

So far nothing found for the two ports.

@“x”#1120532It is important that you have activated IPv6 with Swisscom’s own router before you connect the Zyxel and the pfSense. I have exactly the same setup as you, Zyxel AX7501-B0 behind it a Netgate firewall. This on an XGSPON P2MP Anschluss. IPv6 works for me. According to your screenshots, my setup is the same.

If you enable debug on the WAN IPv6 you should see the /56 prefix in the DHCP log (filtering by Process dhcp6c).

@em_gerber

I actually hadn’t activated IPv6 yet, I did that today and IPv4 is running again via Zyxel.

I was also able to get an IPv6 address once, but no longer.

Should it show me an IPv6 on the WAN connection? But I was never able to do that. There is always the IPv6 local link.

But on Lan it once showed me a different IP.

It started like this: 2a02:1210:8880 can that be?

I suspect that something is wrong with the firewall or IPv6.

EDIT:

This was because I had activated the “Advanced Configuration” for IPv6 but had not entered anything.

But why do I still have the local link on WAN?

Do I still have to pair the whole thing for IPv6 with Swisscom?