I keep losing my ipv6 connectivity after setting ipv6 on my WAN interface.
Here are the steps that I did:
1. Added DHCPV6 as ipv6 type
2. Set my ISP delegated prefix which is 56
3. Set Send ipv6hint to checked (I also tried checking Use IPV4 connectivity)
4. Reboot
After rebooting I get 20/20 from https://ipv6-test.com/. I also allowed ICMPV6 echo request to WAN.
Then after a couple of minutes (I don't exactly know how many minutes, maybe 30+ minutes), I do the ipv6 test again and it says I don't have ipv6. I get 4/20. I also tried testing from other websites and they can't detect my ipv6 address.
Although looking at the Interface settings - Overview - WAN, I can see an ipv6 address. I know there's a flag "Do not wait for RA" but I can't see it. I think this is what my ISP requires. Is this is already enabled in the code?
There's another issue btw, in the Dashboard - gateway_titles widget, DHCP6 gateway doesn't show my ipv6 address all the time, even though there's one in the Overview - WAN.
			
			
			
				Do not wait for RA was removed from the code quite a while back. the wiki obviously needs updating. It's possible you have the radvd/dhcpdv6 issue, seems to affect some people and not others. In services, just try restarting radvd and dhcpdv6, see if that brings v6 back online.
			
			
			
				I restarted radvd and it worked but only if I checked "Use ipv4 connectivity". I'll check again after a few minutes see if I lose it again. I still don't see an ipv6 address from the widget but the tests are working I get 20/20.
			
			
			
				If your WAN is PPPoE then you have to use the IPv4 connectivity, it's a bit of misnomer, it really means send all IPv6 over the PPPoE link, otherwise it will use the parent NIC interface, which will result in it going nowhere. If RADVD restarted the connection then it's likely you have an issue affecting some users where Radvd stops sending RAs to the LAN clients, it's an upstream issue that has yet to be resolved and its not affecting everyone.
			
			
			
				I connect to my ISP via IPoE. PPoE doesn't make sense and it must be a timing issue earlier. Now I lost my ipv6 address again, even after restaring the radvd it didn't fix it.
I get this from the logs:
/usr/local/opnsense/scripts/dhcp/prefixes.php: The command '/sbin/route add -inet6 '<an ipv6 address:/62>' ''' returned exit code '71', the output was 'route: : Name does not resolve'
			
			
			
				Ok after I set the ipv6 type in WAN to none, saving, then set it again to DHCPV6 and save, I got my ipv6 address back. Then I lose it again after a few minutes.
			
			
			
				So your WAN connection is set to use DHCP6? Who's the ISP I'll see if I can dig up some info. In the meantime, go to system logs and enter a filter of 'dhcp6c', see if you see an issue there. Alternatively, download the system.log from /var/log and pm it to me. I suspect that dhcp6c is not getting a renew, could be wrong but need to check that first.
			
			
			
				As discussed via pm, this has something to do with 
kernel	pflog0: promiscuous mode enabled
kernel	pflog0: promiscuous mode disabled
It looks like a software issue. I'll try to use my Edge Router x and Hex-S, see if I still lose ipv6.
Other users seem to experience the same: https://forum.opnsense.org/index.php?topic=22086.0
			
			
			
				I have exactly the same problem.
My ISP provides a /56 prefix over IPv6.
I have a PPPoE connection (FTTH connection).
I also get an IPv6 assigned without any problems when I start OPNsense.
My computer also gets an IPv6 assigned.
Up to here everything is fine.
I only get an IP address assigned via interface logging if I create a WAN rule that allows port 547 -> 546.
I found this hint in the internet.
After about 2-3 minutes, the connection drops for all IPv6 packets.
If I restart the firewall or reboot my PC, I can connect to the internet again via IPv6 for 2-3 minutes.
Both devices still have an IPv6 address assigned.
OPNsense also has an address for the LAN and WAN interface.
Only now comes the strange thing, if I execute a ping command, the result looks like this:
PC -> OPNsense LAN interface = OK
PC -> OPNsense WAN interface = Not ok
PC -> WAN address = Not ok
OPNsense WAN -> WAN address = OK (Ping tool in the web interface)
OPNsense LAN -> WAN address = OK (Ping tool in the web interface)
As it looks, OPNsense suddenly starts dropping the packets.
For whatever reason.
I have a rule for IPv4 and IPv6 each, which is structured as follows:
LAN -> WAN | IPv4 / IPv6 | any -> any
I have no idea how to solve the problem.
 :-[
			
			
			
				I have been having the same issue since mid last year when my isp (Greenlight networks) did updates. They insist nothing they did would affect this and have since just stopped responding to ipv6 issues.  IPv6 works for a few min after a reboot, then it doesn't until the next reboot (and again for only a couple min).  On/off I dig into this, and from what I can tell the route expires.  The issue persists even across different OSs (win 10, server 2016, server 2019).  My isp, although good and I like the FTTH connectivity, their support is seriously lacking. 
			
			
			
				I think it is (at least for me) not a fault of the ISP.
It's a small one, but IPv6 works with a normal router without problems, only OPNsense seems to have a problem here.
I get An IPv6 and this I can also use throughout, only the clients get off.
I made an issue at GitHub, hoping to get a quick solution for the problem.
https://github.com/opnsense/core/issues/5021 (https://github.com/opnsense/core/issues/5021)
			
			
			
				You probably need to show your interface configs and firewall rules to be able to troubleshoot
You shouldn't need to add the 547->546 firewall rule on the WAN interface as OPNsense should add an automatic rule
The LAN -> WAN rule you mention looks odd - would need to see the detail of that
			
			
			
				My first guess is that giving a bot response a thumbs down while ignoring contribution requirements the bot is trying to hint at to be able to help effectively isn't helpful at all. But maybe that's just me. :)
Cheers,
Franco
			
			
			
				Okay, I have made a few screenshots here.
Being German, I have of course activated the German language, but the most necessary settings should be recognizable.
(German is not 100% available anyway).
I need the rule for port 547 -> 546.
OPNsense does not create this automatically.
Interface Overview:
You see 3 interfaces of which currently two are used. WAN and LAN.
(https://hoerli.net/wp-content/uploads/2021/06/Interfaces-Overview.png)
I have 3 NAT rules for SIP telephony.
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-NAT.png)
I have not configured anything special on the firewall from the LAN zone. Therefore everything is allowed.
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-LAN.png)
On the firewall from the WAN zone, I have only created one rule for DHCPv6.
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-WAN.png)
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-WAN-Rule.png)
In the Advanced Firewall setting I have also enabled IPv6. Other than that, I haven't configured anything special there.
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-Settings.png)
I have not enabled DHCP Relay.
(https://hoerli.net/wp-content/uploads/2021/06/Firewall-DHCPv6.png)
Do you need anything else in terms of information?
			
			
			
				Can you also show the configuration pages for Interfaces->[WAN] and Interfaces->[LAN] ?
			
			
			
				Also gotta say that it seems a little coincidental that the WAN and LAN IPv6 addresses end in the same hextet. Are they actually different?
			
			
			
				Is "Fordern Sie nur ein IPv6-Präfix an" (Request only an IPv6 prefix) disabled? It can really mess with delegation when unset since you can't control the addresses assigned to WAN and LAN.
Cheers,
Franco
			
			
			
				Here are the two configurations.
WAN:
(https://hoerli.net/wp-content/uploads/2021/06/Screenshot_2021-03-24-WAN-Schnittstellen-OPNsense-lan.png)
LAN:
(https://hoerli.net/wp-content/uploads/2021/06/Screenshot_2021-03-24-LAN-Schnittstellen-OPNsense-lan.png)
Request only an IPv6 prefix disabled => Yes.
When I enable it, I don't get IPv6.
The LAN interface and WAN interface actually have the same IPv6 address. For whatever reason...
			
			
			
				They definitely should not have the same address. Something funky happening there
What are your RA settings for the LAN interface (Services>Router Advertisements)? Are you using DHCPv6 for the LAN?
			
			
			
				Didn't change anything, but here is a screenshot of it.
I set it to english ;)
(https://hoerli.net/wp-content/uploads/2021/06/OPNsense-Services-RouterAdvertisements.png)
I have left everything possible on default to avoid such problems.
Apparently the wrong way.
			
			
			
				Try setting it to "Unmanaged", so that you can get SLAAC working at least in your network. I am assuming you have not configured DHCPv6 (which is fine if you haven't, but at a minimum you need SLAAC)
			
			
			
				I set it to unmanaged, but the IPv6 is still lost after about 1 minute.
The LAN and WAN interface still has the same IPv6 address.
The other annoying thing I have is that most of the time when I first start and test OPNsense I only have 100Mbit/s upload and download.
The only way to fix this is to completely restart the fiber-RJ45 converter and OPNsense and then it is not guaranteed to work 100%.
I normally have a 400/160Mbits line.
			
			
			
				When I tried to delete the LAN interface (eth1), add it back and configure it with ipv6, I no longer lose ipv6 connectivity.
			
			
			
				That's a good hint, I'll give that a try.
I have not done that yet.
			
			
			
				I tried it once, but it didn't work.
I still lose IPv6 connectivity on the LAN after about 1-2 minutes.
I even installed the latest base kernel once (21.1.7) because before that I had installed 21.7_69 so that my Intel chipset on the motherboard would work.
While I did find that with 21.1.7 my LAN port finally worked as well, it didn't solve the IPv6 problem.
If only I knew where to look to see what the problem was.
Then I could also give better logs.
So it's a bit dumb at the moment.
			
			
			
				Okay.
After a complete reinstallation of OPNsense now the IPv6 remains present and does not fly out after 2 minutes.
No idea what went wrong there.