WAN and LAN IPv6

So I think this is pretty non-standard and maybe it's even not intended to work how I am using it, I don't know enough about IPv6, but hopefully you guys will be able to point me in the right direction with something I can say to my ISP if necessary.

Basically my ISP supply me with a single /64 IPv6 block.  I realised from many topics on here that this is not really good enough and I opened a ticket with them about getting a larger block (I asked for /63 or /60), basically just anything with that was larger.  Instead they offered me a second /64 block.

So now I have two blocks:
AAAA:XXXX:1:YYY::/64 and AAAA:XXXX:1:ZZZ::/64

I configure DHCP6 on my WAN side and I am assigned an address within AAAA:XXXX:1:YYY::/64 on my WAN.  So far so good, connectivity works from pfSense.

Next step is I set static IPv6 on my LAN to give the LAN an address of AAAA:XXXX:1:ZZZ::1 and to give out remaining addresses to LAN clients.  All clients do receive an address, but IPv6 doesn't work at all.

Pings from pfSense to the outside world work with either the LAN or WAN address set as the source, but the LAN clients don't have any IPv6 connectivity whatsoever.  Any help with why would be much appreciated.

Just got a further response back from my ISP and they said:

"Yes, AAAA:XXXX:1:ZZZ::/64 is a "routed prefix" over WAN Address. You can use it on the LAN side, Just need to configure static route at WAN device for AAAA:XXXX:1:ZZZ::/64 pointing towards your LAN or AAAA:XXXX:1:ZZZ::/64 should be directly connected network according to your LAN interface of WAN device."

Which I think is not worded amazingly but it seems like if it's true then I am just missing a configuration step.

And have you entered a static route and gateway?


And have you entered a static route and gateway?



That's the thing I am struggling with, I am not really sure where I need to make a route from and to in order to fix this.  I can see that I can add static routes in Routing in pfSense, and I have the option of a destination network and a gateway.  Right now though I can't even ping AAAA:XXXX:1:ZZZ::1 from LAN clients with addresses in the AAAA:XXXX:1:ZZZ::/64 range, which seems like it should be fixable from client side as a test?

I tried ip -6 route add default via AAAA:XXXX:1:ZZZ::1 on a linux client but no help.

Look in the System Menu, there's an option called Gateways, make sure you have a Gateway for your IPV6 there.

I run statics on WAN and LAN, admitted I have a /48 I can play with but I have /64 on my WAN  and I pick a /64 on my LAN, the same as you.

Trick is to find your gateway, it's usually the link local address of your ISP's router, the next hop. When you are setting the WAN Static address you had to add an IPv6 Upstream gateway, if you did not have one defined in System->Routing then you need to set the Gateway first, then set it in the WAN Static IPv6 Configuration.


