dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9373
share rss forum feed


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:77

1 recommendation

reply to NetDog

Re: [IPv6] Troubleshooting Comcast IPv6 (Start Here)

I added two more sections..

Don't block all ICMPv6 (for the adv users)

You get a v6 address on both your LAN and WAN but no workie


derekivey

join:2006-03-30
San Jose, CA
kudos:1

1 recommendation

reply to NetDog

pfSense supports IPv6. I'm currently using it with a HE tunnel. I know it does DHCP-PD too.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

I went ahead and switched my firewall from Smoothwall to pfSense.

However, I'm not sure how to configure it to pull both a IPv4 and an IPv6 IP from Comcast. I have verified that my area is "IPv6 Ready" by connecting my Windows 7 desktop directly to my cable modem (Arris TM722G/CT), and I do a IPv6 IP back (2001:558:xxxx).

However, I don't see that inside the configuration of PFSense. I check the box " Allow IPv6" on the "System: Advanced: Networking" tab. Once I did that, I did reboot both my PFSense box, and my cable modem.

However, I still only get one IP (an IPv4 one). This is from the "Status: Interfaces" screen on the WAN interface.

If more information is needed, just ask!

Thanks!

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by plencnerb:

However, I'm not sure how to configure it to pull both a IPv4 and an IPv6 IP from Comcast. I have verified that my area is "IPv6 Ready" by connecting my Windows 7 desktop directly to my cable modem (Arris TM722G/CT), and I do a IPv6 IP back (2001:558:xxxx).

Are you running the 2.1 branch?

1. Interfaces > WAN
2. For 'IPv6 Configuration Type' select 'DHCP6'
3. For 'DHCPv6 Prefix Delegation size' select '64', apply
4. Interfaces > LAN
5. For 'IPv6 Configuration Type' select 'Track Interface'
6. For 'IPv6 Interface' select WAN.
7. For 'IPv6 Prefix ID' enter '0', apply
8. Reboot!


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

said by whfsdude:

Are you running the 2.1 branch?

Looks like I'm not. I thought I was, but according to the information on my dashboard, I got this

2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6

Where can I download the 2.1 branch from? I did not see it on their download page.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by plencnerb:

Looks like I'm not.

»snapshots.pfsense.org/

Edit:
32-bit CD:
»snapshots.pfsense.org/FreeBSD_RE···4.iso.gz

64-bit CD: »snapshots.pfsense.org/FreeBSD_RE···4.iso.gz


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

Well alright then! Time to burn another CD and try again!

Unless, there is a way to upgrade from 2.0.1 to 2.1, without doing a full re-install.

--Brian



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by plencnerb:

Unless, there is a way to upgrade from 2.0.1 to 2.1, without doing a full re-install.

In theory, yes. But I'd do a full reinstall to avoid any possible problems.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

Sounds like a plan. The initial install did not take long at all. So, I should have no problems doing it again with this version.

Thanks!

--Brian



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:3
reply to NetDog

Don't forget about the Linksys E900, E1200, E4200v1, EA4500, and EA6500 that I've tested and have verified works correctly.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit
reply to plencnerb

said by plencnerb:

Sounds like a plan. The initial install did not take long at all. So, I should have no problems doing it again with this version.

Please keep us apprised on your pfSense project. I was tempted to load it on a retired Toshiba notebook, but the need to use a "beta" release made me balk (and I found a D-Link DIR655 on sale instead). Even so, I like to have plenty of options, and I may yet install pfSense on that old Toshiba box.

I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by NetFixer:

I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.

Don't think that is necessary. Unless there is a network move (unlikely), or you change your DUID (new router), your IPv6 addresses should not change.

So just add an AAAA record somewhere and forget about it.


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit

said by whfsdude:

said by NetFixer:

I would be especially interested in knowing if it has a DynDNS IPv6 client that can update multiple IPv6 hostnames like my DIR655 does.

Don't think that is necessary. Unless there is a network move (unlikely), or you change your DUID (new router), your IPv6 addresses should not change.

So just add an AAAA record somewhere and forget about it.

It may not happen often on a Comcast DHCP connection, but it does happen. Just a few weeks ago the DHCP address used by my Linux server changed when Comcast did some IP address block shuffling. Unless you have a business class static IP account (and Comcast still does not support IPv6 for those customers), there is no guarantee that your DHCP assigned IPv4 or IPv6 address(es) won't just suddenly change without notice.

One reason that I changed from using the Netgear router as my IPv6 gateway to using the D-Link router was because the Netgear's IPv6 WAN address and its LAN PD prefix was changing every couple of weeks (even though the WAN IPv4 address and the IPv6 prefix did not change). I am hoping that was an anomaly with the Netgear firmware, and/or that the D-Link's IPv6 DDNS client will automatically compensate should that start happening with the D-Link router. So far the LAN PD prefix has not changed in the D-Link router, but it may be too soon to be sure that it won't just arbitrarily change as was happening with the Netgear router.

Here are a few example screen shots of the Netgear router's IPv6 setup/status page showing those unexpected IPv6 address changes:










By using a DynDNS IPv6 client, I can just setup the IPv6 hostnames and forget about it as long as my IPv6 gateway router supports the DynDNS IPv6 client. OTOH, the DIR655 is a new router, and the IPv6 DDNS update is a relatively new feature for both D-Link and DynDNS, so I really don't know yet how reliable that process is.


C:\>dig ipv6.dcs-net.net AAAA
 
; <<>> DiG 9.9.2 <<>> ipv6.dcs-net.net AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31371
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ipv6.dcs-net.net.              IN      AAAA
 
;; ANSWER SECTION:
ipv6.dcs-net.net.       3601    IN      CNAME   ipv6-webhost.dyndns-ip.com.
ipv6-webhost.dyndns-ip.com. 60  IN      AAAA    2601:5:c80:91:e291:f5ff:fe95:a879
 
;; Query time: 156 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sat Dec 08 17:37:55 2012
;; MSG SIZE  rcvd: 113
 
C:\>dig ipv6.dcsenterprises.net AAAA
 
; <<>> DiG 9.9.2 <<>> ipv6.dcsenterprises.net AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42201
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ipv6.dcsenterprises.net.       IN      AAAA
 
;; ANSWER SECTION:
ipv6.dcsenterprises.net. 1800   IN      CNAME   ipv6-dcs-srv.dyndns-ip.com.
ipv6-dcs-srv.dyndns-ip.com. 60  IN      AAAA    2601:5:c80:91:e291:f5ff:fe95:beac
 
;; Query time: 140 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sat Dec 08 17:38:11 2012
;; MSG SIZE  rcvd: 120
 


On your new MetroEthernet derived service, you do get static IP addresses, so set it and forget about it is indeed possible. But not all of us can justify that expense, and that service is available in only a few very select locations.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

Extide

join:2000-06-11
84129
reply to plencnerb

said by plencnerb:

said by whfsdude:

Are you running the 2.1 branch?

Looks like I'm not. I thought I was, but according to the information on my dashboard, I got this

2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6

Where can I download the 2.1 branch from? I did not see it on their download page.

--Brian

Just so you know.... pfSense 2.1 is still being developed/sill in beta. I would not run it somewhere important yet.

I am still running 2.0.1 myself, waiting for 2.1 Release.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by Extide:

Just so you know.... pfSense 2.1 is still being developed/sill in beta. I would not run it somewhere important yet.

I haven't had an issue with it at all and I've been running it since it came out.

Same as running Ubuntu which is essentially Debian unstable.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

I'm not worried about it being in Beta either.

I have not had the chance to take the house off-line yet to install 2.1 (already had it down once to go from Smoothwall to Pfsense 2.0.1). I live with my Uncle and my Mom, both of who use the internet a lot during the day.

If anything does go south with 2.1, I have many other options
• PfSense 2.0.1 (which, I'm currently running)
• Smoothwall Express 3.0 (which I ran for 6 months)
• Netgear RP 114 Router (which I ran for the last 10 years)

Any of which can be up and running in under 15 minutes.

So, when I have some time to install 2.1, I'm going to do so. However, before I do, I have a question. whfsdude See Profile posted a link to the main download site (snapshots.pfsense.org) and then he posted links to the 32 bit and 64 bit ISO's for CD install.

What is the difference between these two ISO's (the 1st is the one that whfsdude See Profile linked to directly?

• pfSense-LiveCD-2.1-BETA0-i386-20121204-1604.iso
• pfSense-LiveCD-2.1-BETA0-i386-20121208-1306.iso

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

1 recommendation

said by plencnerb:

What is the difference between these two ISO's (the 1st is the one that whfsdude See Profile linked to directly?

• pfSense-LiveCD-2.1-BETA0-i386-20121204-1604.iso
• pfSense-LiveCD-2.1-BETA0-i386-20121208-1306.iso

--Brian

The first one was built on December 4, 2021 at 16:04 (4:04PM)

The second one was built on December 8, 2012 at 13:06 (1:06PM)


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

Besides that!


mojo1

join:2006-12-05
Atlanta, GA
reply to NetDog

I finally had some had some time to try to get IPv6 up and running. It looks like I was mostly successful. Here is what I have.

Running a Netgear WNDR3700v3 with original firmware ver. V1.0.0.22_1.0.17. Enabling DHCP IPv6, the router would receive a valid address in the 2001: range and enabled 2601: addresses on the LAN side, but connectivity was very poor. None of the IPv6 tests would show the WAN IPv6 address.

After digging a little, and re-reading Netdog's original post, I tried to enable ICMP6 traffic. There is no setting in my router for this. After trial and error, I determined that there is a "NAT Filtering" option in the WAN settings under the advanced tab. After setting this to OPEN instead of SECURED, I was surfing IPv6 addresses and passing all of the readiness tests. Not sure if I should be worried about this or not. There is no documentation for this router that tells me what the preconfigured security options do.

So far, so good. The only issue I am experiencing right now is on the Netalyzr test. Everything passes except the IPv6 MTU. I get a warning that my system cannot process fragmented packets. The test indicates that the MTU should be 1496. But, when I change MTU in my router from 1500 to 1496, I still get the same error. It appears changing the value in the router has no effect on IPv6 traffic.

Other than that issue, everything seems to be working well. Thanks Netdog for all your valuable info!



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to plencnerb

said by plencnerb:

Besides that!

When I upgrade or do a new install, I always opt the previous beta release because if there is a problem, it's likely to pop up on the forums.

The builds are done automatically fwiw.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

Ok, I'll use the one you referenced. Probably will do the install tomorrow.

Thanks!

--Brian



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to mojo1

said by mojo1:

So far, so good. The only issue I am experiencing right now is on the Netalyzr test. Everything passes except the IPv6 MTU. I get a warning that my system cannot process fragmented packets. The test indicates that the MTU should be 1496. But, when I change MTU in my router from 1500 to 1496, I still get the same error. It appears changing the value in the router has no effect on IPv6 traffic.

I see that same warning in the current Netalyzr test whether I go through my Netgear WNR1000v2, my D-Link DIR655, or a test PC directly connected to my cable modem. That is something that has only recently started happening with the Netalyzr test. At this point I don't know if Comcast has recently done something with their IPv6 implementation, or if the Netalyzr test has changed some parameter.

I also have set the IPv6 MTU on a Windows PC on the NIC doing the IPv6 to 1496 (as shown below), and that did not change the Netalyz test results.


netsh interface ipv6>set interface "Local Area Connection 2" mtu=1496
Ok.
 
netsh interface ipv6>show int
Querying active state...
 
Idx  Met   MTU    State         Name
---  ----  -----  ------------  -----
  8     0   1496  Connected     Local Area Connection 2
  5     2   1280  Disconnected  Teredo Tunneling Pseudo-Interface
  3     1   1280  Connected     6to4 Pseudo-Interface
  2     1   1280  Connected     Automatic Tunneling Pseudo-Interface
  1     0   1500  Connected     Loopback Pseudo-Interface
 


FWIW, I have not had any problems accessing sites that use IPv6 (and many mainstream sites these days do use IPv6), and test-ipv6.com indicates that my connection is able to to do "large packet" transfers using IPv6.




Unless I see some actual real-world problems, I am not really too concerned about this recent development in the Netalyzr test.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

mojo1

join:2006-12-05
Atlanta, GA

Thanks for the reassurance. I was taking the same position of wait and see. Everything seems to be working fine. My pings on speedtest.net went to 15ms from my usual 5ms to a local server, but that isn't a huge deal to me.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by mojo1:

Thanks for the reassurance. I was taking the same position of wait and see. Everything seems to be working fine. My pings on speedtest.net went to 15ms from my usual 5ms to a local server, but that isn't a huge deal to me.

The Netalyzr test tells me that outbound ftp is blocked on most of my PCs, yet I have absolutely no problems accessing any ftp servers. I tend to not take Netalyzr warnings very seriously unless I can verify their results independently.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

34764170

join:2007-09-06
Etobicoke, ON
reply to AVonGauss

said by AVonGauss:

Well, since we're jibbing Cisco, I think it's ironic the one's who often indirectly claim to be the leaders in networking are the ones slackin' on IPv6...

With Cisco and pretty much every other vendor the level of support for IPv6 very much varies from product to product and model to model. They have good if not great support for most of their routers and switches but other products are still very much hit or miss. Cisco is the Microsoft of networking. The 800 lb gorilla. It doesn't mean they're perfect or that every product is the best.


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2
reply to NetDog

Well this morning I went ahead and installed pfsense 2.1 beta. Once installed, I verified the items that whfsdude See Profile pointed out, and then rebooted both my pfsense box, and my cable modem.

Below is the status information on my WAN side

 
Status up
DHCP up  
MAC address 00:40:05:7e:91:5b
IPv4 address 24.13.17.39  
Subnet mask IPv4 255.255.248.0
Gateway IPv4 24.13.16.1
IPv6 Link Local fe80::240:5ff:fe7e:915b  
IPv6 address 2001:558:6033:ad:25e7:534c:e450:d625  
Subnet mask IPv6 64
Gateway IPv6 fe80::201:5cff:fe3d:4e41
ISP DNS servers 127.0.0.1
75.75.75.75
75.75.76.76
2001:558:feed::1
2001:558:feed::2
Media 100baseTX <full-duplex>
In/out packets 4300/3388 (1.59 MB/349 KB)
In/out packets (pass) 4300/3388 (1.59 MB/349 KB)
In/out packets (block) 0/0 (0 bytes/0 bytes)
In/out errors 0/0
Collisions 0 
 
 

However, when I test for ipv6, the test site does not show my ipv6 ip (only shows my ipv4 one), and the test failes with a result of 0/10. Also, when I try to do the tracert test to google, I cannot get past the first hop.

So, I know the problem is what NetDog See Profile mentions below

quote:
If you don't see the first hop check your default route on your desktop, make sure your seeing the RA's.

Don't block all ICMPv6 (for the adv users)
I am a big fan of blocking everything and opening only what I really want. But v6 uses ICMPv6 messages to talk ND's, RA's. If you block all ICMPv6 traffic you will block the important communication to get your DHCPv6 address and PD.


However, I'm not sure where in pfsense I need to go to modify this setting, or how I can verify if I am seeing my RA's.

Thanks!

--Brian

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


whfsdude
Premium
join:2003-04-05
Washington, DC

You might have to add an IPv6 firewall rule under Firewall > Rules. Then click the LAN tab.

Also make sure your LAN interface has a IPv6 address (verify PD is working).



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:2

1 edit

Click for full size
As far as I can tell, IPv6 to the LAN side is working.

ipconfig
 
Windows IP Configuration
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : localdomain
   IPv6 Address. . . . . . . . . . . : 2601:d:4c00:5d:34c8:339c:31d4:729b
   Temporary IPv6 Address. . . . . . : 2601:d:4c00:5d:bdf2:69ed:b924:805b
   Link-local IPv6 Address . . . . . : fe80::34c8:339c:31d4:729b%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::250:4ff:fe21:713d%11
                                       192.168.1.1
 
Tunnel adapter isatap.localdomain:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : localdomain
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:884:3172:3f57:fe9b
   Link-local IPv6 Address . . . . . : fe80::884:3172:3f57:fe9b%19
   Default Gateway . . . . . . . . . :
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 

I've attached a picture of the Firewall rules on the LAN side for further review.

--Brian

--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


whfsdude
Premium
join:2003-04-05
Washington, DC
reply to NetDog

Whoops - just looked at my config. You also need to allow v6 on the "WAN" firewall rule.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to plencnerb

I opened a couple of command prompt windows on an XP workstation and a Windows server so that I could provide examples for your dual IPv6 address question, but I see that when I got back to your post, you had edited the ipconfig display and removed your question. I guess that means that you found out why you were getting the same IP addresses repeated twice.

However, I can still provide some insight on the "Temporary" and "Permanent" IPv6 addresses (and one way to dispense with the "Temporary" IPv6 address if you wish to do it.

Shown below is ipconfig and netsh information from one of my Windows XP workstations that uses DHCP. It has "Temporary" and "Public" IPv6 addresses which correspond to your "Temporary" and "Permanent" entries. Note that the IP address to the right of the prefix is the same for both the "Public" and "Link-local" entries.


C:\>ipconfig
 
Windows IP Configuration
 
Ethernet adapter Local Area Connection 2:
 
        Connection-specific DNS Suffix  . : dcs-net
        IP Address. . . . . . . . . . . . : 192.168.9.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 2601:5:c80:91:900c:4383:6312:b26b
        IP Address. . . . . . . . . . . . : 2601:5:c80:91:e291:f5ff:fe95:b69d
        IP Address. . . . . . . . . . . . : fe80::e291:f5ff:fe95:b69d%8
        Default Gateway . . . . . . . . . : 192.168.9.254
                                            fe80::1e7e:e5ff:fe4c:e6ff%8
 
C:\>netsh int ipv6 show addr
Querying active state...
 
Interface 8: Local Area Connection 2
 
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ -----------------------------
Temporary  Preferred   3d19h54m27s    12h26m25s 2601:5:c80:91:900c:4383:6312:b26b
Public     Preferred   3d19h54m27s  3d19h54m27s 2601:5:c80:91:e291:f5ff:fe95:b69d
Link       Preferred      infinite     infinite fe80::e291:f5ff:fe95:b69d
 
 


Shown below is the same information from my Windows 2003 server which has a IPv4 static IP addresson its LAN interface, and IPv4 DHCP on its WAN interface


C:\>ipconfig
 
Windows IP Configuration
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : dcs-net
   IP Address. . . . . . . . . . . . : 192.168.9.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 2601:5:c80:91:e291:f5ff:fe95:beac
   IP Address. . . . . . . . . . . . : fe80::e291:f5ff:fe95:beac%4
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe4c:e6ff%4
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   IP Address. . . . . . . . . . . . : 174.49.12.155
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 174.49.8.1
 
C:\>netsh int ipv6 show addr
Querying active state...
 
Interface 4: Local Area Connection
 
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ -----------------------------
Public     Preferred   3d19h52m57s  3d19h52m57s 2601:5:c80:91:e291:f5ff:fe95:beac
Link       Preferred      infinite     infinite fe80::e291:f5ff:fe95:beac
 
 


Using a static IPv4 assignment, eliminates the "Temporary" IPv6 address from being assigned. That means that as long as the PD prefix does not change, the server's public IPv6 address will not change. My experience has been that (at least with Windows XP) the "Temporary" IPv6 address can and will change for PCs that use DHCP (and the "Temporary" IPv6 address is used as the preferred IP address). That is possibly due to the fact that Windows XP and Windows Server 2003 do not have a native DHCP6 client, so if you are using Windows 7 or 8, you may not see the frequently changing IPv6 addresses that I see on my DHCP PCs.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.