Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Com DAC

Pages: [1] 2 3
IPv6 / Re: 6rd subnet
« on: February 11, 2018, 03:24:53 pm »
my 6rd is with I would expect a /60 subnet for the wan side too but in the interfaces status page it says it is a /28 subnet on the wan side. This is why I'm wondering if that might be what causes the problem.

IPv6 / Re: 6rd subnet
« on: February 11, 2018, 02:09:41 pm »
It isn't really a /28. The prefix for 6rd is a /28 then my ipv4 address adds the next 32 bits to make my ipv6 prefix. But anyone else on my isp using 6rd will all have the same prefix. Because of this I'm wondering if pfsense see's their address as being inside my 6rd prefix and not sending it external even though it is outside my 6rd prefix + ipv4 address?

IPv6 / 6rd subnet
« on: February 11, 2018, 12:27:37 pm »
I'm using 6rd for my ipv6. Because it doesn't look like I'll have native ipv6 any time soon I tried to setup a website on my network to be externally accessible on ipv6 and it would work perfectly fine for external users on different a isp. My issue is any external user who uses 6rd on the same isp as me can't access the site via ipv6. I'm thinking it has something to do with pfSense thinking they are inside my subnet as my ipv6 6rd on the wan has a /28 where my lan ipv6 subnet is /64. I'm thinking pfsense is believes that the external user is inside my subnet (on the wan side). Is my thinking correct or should I be looking somewhere else?

IPv6 / Re: Windows Update failing using 6rd
« on: December 07, 2017, 10:42:31 am »
Incase anyone is following this it appears that Microsoft has fixed the issue.

IPv6 / Re: Windows 10 and RDNSS
« on: December 07, 2017, 10:41:55 am »
Thank you scott83. I've tested and that setting was already enabled on my computer. I ran the enable command again and rebooted and still no DNS via RA. I'm wondering if I've set something somewhere else in pfSense that is stopping it from sending the DNS via RA?

IPv6 / Re: Windows Update failing using 6rd
« on: December 02, 2017, 10:30:51 am »
Here is a work around that seems to be working for me (so far - fingers crossed). Add a reject rule on your lan for any ipv6 packets with destination of: 2a01:111:f307:1790::f001:7a5 and 2a01:111:f335:1792::f001:7a5 this seems to cause it to switch to the ipv4 addresses. I just got these addresses doing a nslookup on

Addresses:  2a01:111:f307:1790::f001:7a5


This might be a temporary fix until Microsoft gets around to doing something.

IPv6 / Windows 10 and RDNSS
« on: December 01, 2017, 08:28:23 am »
Supposidly Windows 10 supports RDNSS as of the Creators Update. In pfSense I've got my router mode set as Unmanaged and have entered my DNS servers at the bottom of that page. Windows still doesn't get them assigned. Have I got something setup wrong? Should I be using a different Router mode? Or does it just not work with Windows 10 yet?

Thank you,

IPv6 / Re: Windows Update failing using 6rd
« on: November 30, 2017, 11:51:28 am »
I saw your post and have tried reducing my MTU but even going to 1280 it didn't make any difference for me. Guess we just have to wait till Microsoft actually thinks this is a problem and addresses it. :(

IPv6 / Re: Windows Update failing using 6rd
« on: November 29, 2017, 08:13:20 pm »
I've now tried 2.3.5 and it didn't make a difference. I'm now pretty sure it isn't pfSense. Does anyone have any ideas for what to test next?

IPv6 / Windows Update failing using 6rd
« on: November 29, 2017, 08:45:15 am »
Since upgrading to 2.4.1 (and 2.4.2) Windows Update (and Microsoft Store app Updates) does not work unless I go into the network adapter and turn off ipv6. After turning off ipv6 the updates work fine. When I turn ipv6 back on Windows update will keep working for a time (best estimates so far is about 12 hours) then it will stop working again. This happens to all computers in the network. If I take one of the computers somewhere else updates work perfectly fine so the problem is in my network. Here is a list of things I've tried:

  • Complete re-install of pfSense 2.4.2
  • Reduced the MTU
  • Removed all Traffic Shaping
  • Rebooted Modem

I'm using Cable Internet ( and 6rd for ipv6. I've been using 6rd for a couple years with them and it has been solid. I've had a colleague who is using the same ISP enable 6rd and do some test and it is working for them. This leads me to believe that it is in pfSense. I have a second location that is using the same ISP and pfSense and they are having the same issue and it happened shortly after the upgrade to 2.4.1. All other sites that I regularly use that are IPv6 work perfectly fine.

This evening I'm going to try installing pfSense 2.3.5 as I know it was working when I was on the 2.3 branch.

Does anyone else have any ideas of what I should test/try next? I've been racking my brain on this one for a couple weeks now and could really use some more ideas. Testing has been a pain since it takes almost a day to know if I have fixed it.

Thank you,

IPv6 / RA second router/subnet
« on: November 17, 2017, 12:19:13 pm »
Is it possible to have the router advertisements advertise as second router for a specific subnet? Currently I've got a gateway/route defined for it in pfsense but if I could advertise the route to my internal network then the traffic wouldn't ever have to hit pfsense.

IPv6 / Re: Weird behavior with 6rd, radvd, wan interface
« on: October 29, 2017, 12:22:05 pm »
don't know if this will make any difference but I am using mac spoofing on my wan connection?

IPv6 / Re: Weird behavior with 6rd, radvd, wan interface
« on: October 26, 2017, 03:31:11 pm »
I too use and their 6rd. I haven't noticed your issue #1 but I too have issues 2 and 3. For issues 2 and 3 after a reboot all I do is go to the wan settings page and click save without changing anything. This seems to get ipv6 working throughout the network.

I was having the problem with earlier 2.3.x builds but it stopped happening on 2.3.3 or 2.3.4 (can't remember which one fixed it for me). I recently clean-installed pfSense with 2.4.0 and have also updated to 2.4.1 and since going to 2.4.x the issue happens again.

IPv6 / Re: IPv6 only on LAN
« on: February 24, 2017, 10:12:13 am »
And the addresses being leased by SLAAC cant't be viewed on the DHCPv6 lease status, right?

SLAAC has nothing to do with DHCPv6.  It gets the prefix via RADVD and provides the rest of the address, using either a MAC based or random 64 bit number.  If DHCPv6 is used, it's generally for providing things like server addresses.  However, it's not needed for DNS servers, as that can be provided by RDNSS.

ok, and is there a way to check what IP addresses have been asigned by SLAAC? (like the way I can see the DHCP Leases)

No such way. The RA daemon that advertises the route and the prefix does absolutely nothing else but those functions, selection of the address from the advertised prefix happens completely on the client (of course assisted with duplicate address detection but even that does not involve the RA daemon).

ok, thanks for your help, I'm learning a lot!!!! :)

Just one more... I cannot make my clients to ping a host on internet, the names resolve ok to the IPv6 addresses, but somehow I guess I do not have a gateway configured properly or something is "closed" at the pfSense box that blocks traffic.

I had this issue when I first setup a 6rd tunnel. The fix for me was to disable gateway monitoring on the ipv6 gateway. It wasn't responding to pings so pfSense would treat it as being down.

General Questions / Re: What hardware is everyone using?
« on: February 22, 2017, 01:42:25 pm »
I'm running on this:

Motherboard / CPU: ASRock Q1900M / Celeron J1900 (
NIC: 2x Intel Gigabit CT Adapters (
HDD: old 400GB WD drive I had sitting around.

The machine idles at ~14 watts and handles everything I throw at it. If I got a better powersupply and replaced the HDD with an SSD I could probably get the power consumption lower but the cost of the new parts would be more than the savings of electricity for the life of the rig.

Pages: [1] 2 3