AFAIK
pfSense can do dhcp6 in the most recent version. Here's what they have:
TODO List for IPv6 support on the pfSense-smos GIT repo. Updated April 25th 2011.
What currently works:
- Static IPv6 addressing on the Interfaces.
- DHCP6 addressing on interfaces
- DHCP6 Prefix Delegation for the LAN or OPT interfaces.
- IPv6 Firewall rules for inbound and outbound traffic.
- Accessing the pfSense machine via the WebUI or SSH on it's IPv6 address.
- Router Advertising for stateless configuration for LAN or OPT clients.
- Carp with IPv6 addresses and config syncing to a IPv6 peer. (kernel hangs snapshots older then jan 18th)
- Static Routes and gateways with IPv6 addresses.
- Network Prefix translation so that people can use a ULA on the LAN and translate to a Global Unicast network prefix.
- RRD graphs show IPv6 traffic
- You can configure IPv6 DNS servers for pfSense.
- IPv6 bogon network blocks and IPv6 reserved ranges blocks (needs documentation range as well?)
- DNS forwarder listens on udp6 socket, should work and resolve? Yes it does.
- IPsec should now work for v6 tunnel over v4 and vice versa, needs testing.
- OpenVPN now has the ability to send a IPv6 network over the link, clients need to be updated to support this. Viscosity does not work, client needs manual updating built from the patched OpenVPN tree.
- Prelimenary DHCP-PD support for the WAN and LAN. (11-05-2011)
What does not work:
- Does not automatically configure the IPv6 DNS servers and domain from the DHCP6 client.
- You can not use IPv6 gateways or groups in firewall rules, it results in filter rule errors if not careful about setting the correct protocol
- The initial console setup does not accept IPv6 addresses. It does show configured IPv6 addresses.
- The firewall logs do not correctly show the IPv6 protocols and ports for blocked or allowed traffic. (Partially fixed, 26-02-2011)
- None of the supported VPN options except IPsec and OpenVPN in pfSense are fixed to accept IPv6 addresses.
What isn't tested:
- A lot really
- WebUI anti lockout rules need testing and/or adjusting
- Check if address spoofing also works for inet6 (firewall rules)
TODO:
- Fix PPtP for IPv6 addresses.
- Fix DynDNS for IPv6
- Fix SNMP for IPv6
- The pfSense PHP module needs support for setting and retrieving ipv6 attributes.
- The rest
It is disabled by default because:
There is currently no IPv6 support available in stable releases, however many networks are using IPv6 in production using 2.1 snapshots. For the latest info, see the IPv6 board on the forum. This is being used in production by a number of locations, including all of our datacenters. This very site as well as all our other sites are reachable via IPv6 going through pfSense 2.1, and have been since mid 2011.
By default, in pfSense 1.2.3 and newer, all IPv6 is dropped by default since overly permissive rulesets can otherwise allow IPv6 traffic and that is likely undesirable in most cases. This behavior can be disabled under System -> Advanced.
Anyway, if you're feeling adventurous, they have a forum for IPv6 users
here.
I really like pfSense. It's been a joy to work with. And properly configured, it's a bulletproof as it gets. But I haven't done anything with IPv6 on the LAN side so far. So I can't offer you much help with that.
Luck!
