Take note that iOS and Android dislike DHCPv6 Server, your phone wont received IPv6, it's advisable to use NDP instead

What is NDP ?

What is NDP ?

Anyone tested for Maxis fibre with the above ipv6 configuration? Currently I am using Opnsense as well but without ipv6.

i tested with maxis fibre
ping on opnsense diagnostic ipv6 works but when check on ipv6 test site not working

i tested with maxis fibre
ping on opnsense diagnostic ipv6 works but when check on ipv6 test site not working

this sounds like whichever client you’re testing on isn’t getting the ipv6 address handout from Opnsense

I see, I have another box coming in next week and will test it out. Thanks for the information.

Currently I'm using 6 lan ports i5-7200u mini pc which bought from taobao 2 years back, actually it's too powerfully for my needs, iperf test with IPS enabled getting max throughput around 940Mb and cpu max @60%. I'm getting a J4125 4 lan port mini pc now for another project from taobao also, it's cheaper but there is a risk if want to claim warranty, seems like it's impossible to send back the item for warranty claim.

Currently I'm using 6 lan ports i5-7200u mini pc which bought from taobao 2 years back, actually it's too powerfully for my needs, iperf test with IPS enabled getting max throughput around 940Mb and cpu max @60%. I'm getting a J4125 4 lan port mini pc now for another project from taobao also, it's cheaper but there is a risk if want to claim warranty, seems like it's impossible to send back the item for warranty claim.

where can i buy it? i am lazy to find a mini pc then have to buy another pcie network card for additional ports. prefer one come with the ready made additional ports

I bought from taobao, here is the link https://detail.tmall.com/item.htm?id=612335...d=4736682625948
More products on their main page: https://cnction.tmall.com/index.htm?spm=a22....553b640aDHONHI
I'm using 3rd party forwarder to get it shipped to here.

where can i buy it? i am lazy to find a mini pc then have to buy another pcie network card for additional ports. prefer one come with the ready made additional ports

I use IPv6 to put some hexspeak:







My /64:


My Server Address: [2001:d08:e6:7a1b:dead:daff:feed:f00d]:8080

I use IPv6 to put some hexspeak:







My /64:


My Server Address: [2001:d08:e6:7a1b:dead:daff:feed:f00d]:8080

noice. man of culture

rajin bos setup haha. Me myself just use EUI64 to configure for the interface

is like DHCP, either randomly generated or using EUI64 (MAC Address as IPv6 Address)

IPv6 has 2 type to hand out Address:
1. DHCPv6
2. NDP

DHCPv6 akin to IPv4 DHCP. Router are responsible to giving out address that you set.

NDP is different. Device ask router prefix and set own address either Randomly or EUI64.

EUI64 is Extended Unique Identifier, it using device MAC Address as IPv6 Address, good for Device Service like Printer & Server, NDP play well with EUI64, this way you can have Static IPv6

Plus, EUI64 + Link Local IPv6 will make your life easier, no matter what router/switch you choose or change, you still can connect without set anything.

I been using EUI64 + Link Local IPv6 on DBKL HP Printer, when they move other place, no need to configure even on new Router/Switch

EUI64 like Pendrive, Plug n Play.

sorry, a bit confused. i'm using pfsense fyi.

has the settings to enable ipv6 for tmnut unifi been updated from this article?
https://advanxer.com/blog/2015/03/configuri...on-pfsense/amp/
in the article they mention using dhcpv6, but comments here seem to allude that this is no longer the recommended setting? 

Go to [WAN] > ipv4 = PPPoE, ipv6 = DHCPv6. under PPPoE configuration, enter your Unifi username and password.
Scroll down under DHCPv6 client configuration, check > Use IPv4 connectivity

Go to [LAN] under IPv6 configuration type > Track Interface.
Track IPv6 interface > select WAN.
to use NDP, check [Allow manual adjustment of DHCPv6 and Router Advertisements]
then go to [Services] > Router Advertisements. select Stateless for Router Advertisements

May have to reboot system to bring DHCPv6 server up and running.

enjoy

hm.....

i sorta get what ur saying, but trying to translate that to how to configure pfsense to work with tmnut unifi ipv6 is a separate matter xd whether i managed to configure as u mentioned.

i mostly use this as a clue by the ts
https://forum.lowyat.net/topic/5204701
as for the lan, all i could find was the dhcpv6 server RA, which i enabled.

Then i tested on mobile android, now ipv6 works whereas before it didn't.

I'm assuming this is the NDP you were talking about? cause thats the only option i could find in pfsense :{
from desktop, i get a 8/10 score here (the 2 parts it said had issue with was dns, and ICMP. for the dns portion, there is no dns hostname shown, not sure why  )

https://ipv6-test.com/
and a perfect score here

https://ipv6test.google.com/
https://test-ipv6.com/

Yes you are right, it should be under Router Advertisements.
using Stateless DHCP correct?

looking at netgate docs under DHCPv6/RA there’s a part about being unable to receive DNS info, can see if that helps solve it

happened twice again, i suspect may be an issue with IPV6.

TM technician say on their side my username seems to freeze up. so unable to drop or connect.

my internet also suddenly didn't work.

equipment and wiring all ok. rebooted everything still didn't work. modem showed no issues connecting ppoe, but log shows there is authentication issue.

so the technician just connected the default router and logged in fine.

after re-adding the cable back to pfsense, wan could connect fine.
so firstly excuse the layman talk, but i suspect the issue has something to do with how pfsense is communicating to unifi to login for internet access which somehow got stuck which resulted in no internet. so when using the default unifi router equipment to login, this somehow unstucked the login, which would explain why reconnecting the ethernet back to the pfsense router why wan could work fine now (because the account connection to unifi was unstuck).

i don't know the technical explanation for this, but this is what i discovered.

Theory #1, could be that my ip4/ip6 pppoe settings is done incorrectly which is why it resulted in this odd behaviour resulting in internet authentication failure. or the #2nd theory, could be some sort of bad stuff with tmnut end which results in this odd issue. thats all i could deduce from this  but it's definitely not a hardware or wiring issue (in my case) cause i checked.
so no, i did not have to resort to resetting unifi password (fyi calling tmnut to reset the port didn't work, neither did restarting modem). just simply connecting to wan using the default unifi router, then replacing back the ethernet to the pfsense router (to connect to wan) seemed to fix the problem.
anyway i think u were spot on in regards to your comment
i'm not using opnsense, but my pfsense setting is roughly similar to yours    if u figure out if the setting was done incorrectly somehow (which is causing this weird account froze/stuck behaviour, assuming the issue is on the pfsense/opnsense router settings side), i would love to know 

but for now, my temporary solution is to have the default router on standby to temporary login to wan to unstuck, then switch back to pfsense, if i encounter this issue again (thkfully this doesn't seem to occur very often afaik), before i bother calling up tmnut to look into it 

lucky you. I tried using TMNut stock router no joy. still getting authentication error and had to call them. technician said if i face this error again to call TM and ask them to “release HSI”.
suspect IPv6 because i was messing around with turning IPv6 on/off.

did you update pfsense recently for this to happen?

I tried using TMNut stock router no joy

i''m not sure but i think ur right. i've used pfsense for years using ipv4 only, no issue. only recently i added the ipv6 based on your guide, but then i run into this issue where the unifi pppoe login gets stuck.

so the technician explained was, the pfsense router gets stuck for some reason (he doesn't elaborate why). So his solution was, use the stock unifi router and don't use back pfsense, if get stuck will void warranty (though that makes no sense if u don't tamper with their own equipment when switching back).

But his point was, the pfsense gets stuck, i suspect like u its something to do with ipv6.

i noticed when setting up the original stock unifi router, he asked to reset password. i think he did that to unstuck it (also based on what i read online. though he did not want to admit he had to do that to unstuck it).

i tried asking them what “release HSI” is, he claimed he don't know    but i'll try that next time. did doing so fix your issue though?

is it possible to reset ur unifi password yourself? so don't have to call the technician over to do that? becauz seems like that would solve the issue if i encounter this next time 
so anyway, i switch pfsense back to an older config where i used ipv4 only (no ipv6). This old setup worked fine for many years, so hopefully i won't encounter this stuck pppoe issue (which resulted in unable to relogin to pppoe again)


hm i'm using the latest pfsense, no idea if that is the reason for the recent issues    the only setting changed recently was just adding ipv6 to get that working, which is why i suspect that was the culprit.
eh rely? i managed to get the stock tmnut router upon request the same day, didn't know this was hard to get    had to pay for it though cauz warranty for old one expired    i had an asus router i don't use but it's not using the stock firmware, so i could not use the unifi Isp requirements from the preselect list. So i'll have to reflash back to stock firmware, so i can use that as a backup for emergency to test the internet 

I have been using Opnsense IPv4/IPv6 for almost a year without issues actually. just the recent 22.1.9 update and reboot then start to have this issue.

I don’t think it is possible to reset Unifi password yourself.
the last time i tried talking to customer service to reset password, they say will send sms of new password. didn’t get it at all then technician came the next day to solve it, so I’m not sure if it can solve the issue, logically yes.

So mine got stuck 3 times, first time they change password.
then 2nd and 3rd time technician just make a phone call to solve it and he didn’t even have to come, no password change too

you mean you request new router from TM?
l thought you meant use the one given by TM in the beginning, mine still in good condition since the beginning of contract so just took it out to try.

i use the regular pfsense 1 year + but only using ipv4 without issue. only recently when added ipv6 then i started having this freeze issue at least once a month or 2-3 month roughly, when before i never had this issue
o like this? well hopefully customer support will be enuff. i rather not call the technician over. is it true there is such warranty if u use ur own networking gear like router? technician claim should i decide to use my own router like the pfsense, if it resulted in tmnut account getting stuck/frozen again, then he claims warranty expire. But how does that work? it's not like i am flashing third party firmware onto the default tmnut router which i am not using. i keep the default router so i can use that to relogin because it should work, because by their logic, at that point i am using their own gear/setup so it should connect to the internet, so then they can't blame pfsense for why i cannot connect .

But he claims that for whatever reason, pfsense is causing the account login to get stuck (this part we can at least agree), there is no opinion why or any effort to troubleshoot this apparently (although i saw to fix this issue, he had to reset the tmnut password for isp    ) This part we disagree, because since the issue seems to be on their end why my isp relogin seems to get stuck for whatever reason, they can't just simply deny to solve this issue (i assume password reset or whatever it is like they did for u but didn't what exactly?) under the basis u decide to connect using pfsense that gets it stuck yet again, can they? 

i alrdy switch config to an old working one which only connects to ipv4 (but no ipv6), so hope i won't get this issue again, but i can't be completely certain until i've tested this for a while 
mine got lost ages ago. had to pay to get issued a new one 

that void warranty thing sounds like BS, probably dont want you to simply mess around and call them over for something so "simple".

technician saw my network rack, but don't know what a nas is.... (probly didn't even know what a server rack switch is either from the looks of it as well)    that's why hard to take seriously. i'm not a full fledged expert but even i know enuff    i also thought it was bs....

so if they refuse fix internet, can i refuse pay my bill? 

to uncomplicate during troubleshoot, i even just connect the modem to standard unifi router (this is very easy to do so wasn't a bother, just removed 2 ethernet cables and rewire accordingly), and hook direct to desktop pc, so can illustrate the networking in network rack has no relevance at that point, if the internet isn't functional.

the part i agreed with somewhat, was that perhaps something with the pfsense config was probly causing some issue during reconnect which made the unifi account frozen/stuck which results in unsuccessful login, even if u switch back to default tmnut router to do so.

but i never heard before u can void warranty using ur own gear?    (i never even said i was going to reflash their tmnut router. maybe he got confused?)

also tried to get me to rewire all the cabling to use default tmnut router fulltime right then and there, but i declined citing i will do later, but i later put back own my pfsense router after first using a working config i had no issue with for many years    internet confirmed working again no issue for now 

though i still haven't figured out why the isp relog is stuck/frozen 
but like u mentioned, seemed like they can fix on their end without sending anyone over. how come they don't train their technician to diagnose and troubleshoot this issue? save everyone time 

...

Better do not enable IPv6 on unifi before 2024/2025...
Routing not optimized for 50-60% connection.

did u check out this thread?

https://forum.lowyat.net/topic/2978208/+1340
seems there rely might be something up with tmnuts ipv6 implementation 
anyway right now i'm using old pfsense config when i only had ipv4 only setup. so far haven't had any internet issue. but it's only been a month... so that hardly says much. i'll report back next year or if i have an issue occur for it before then.
https://forum.lowyat.net/index.php?showtopic=5285577&
but at some point not many years from now, we probly need this ipv6 sorted out    but for now using just only ipv4 seems to be ok.

i run speedtest i still max out on my subscribed speed. latency is roughly same so basically not rely much diff when using ipv6 afaik. also since i use vpns, it's even more of a reason not to use it.

There's 2 ways to solve this:

1* reduce IPv6 DHCP leasetime to say 3 mins or lower in your router(troublesome)

2* TM assign static-prefix(best option)

i have not seen it. but maybe this is the culprit?
my machine got fried so I am havent been using OPN for a while 
did you see if recent PF updates made any changes in the ipv6 department?

DHCP (IPv6)
Fixed: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces #12277

Dynamic DNS

Fixed: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records #11816

Gateways

Fixed: Default IPv4 gateway may be set to IPv6 gateway value in certain cases #12282

IPv6 Router Advertisements (RADVD)
Fixed: radvd only responds to the first Router Solicitation received after each multicast Router Advertisement #10304

Fixed: “Default preferred lifetime” router advertisement validation check uses incorrect variable #12159

Fixed: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106 #12173

Fixed: Default IPv6 router advertisement intervals and lifetime are too low #12280

Fixed: “Default preferred lifetime” field for IPv6 RA does not have input validation #12439

Fixed: IPv6 interface prefix change not reflected in RADVD configuration #12604

Fixed: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces #12626

for pf news, there is this

https://www.youtube.com/watch?v=cDgF6UoyThQ
pfsense is adding features to their subscription pf plus release, while keeping the open source pfsense community version at a slower update track.

makes me wonder about if i should start moving to opnsense yet or not? but i'm not too familiar with it. is it better than pfsense? 

also recently pfsense added a tailscale package for pfsense which is nice. also it already has useful packages like pfblocker, and even suricata which i'm not sure opnsense has or not.

for ipv6 news in pfsense i'm not sure  but this is the changelog
https://docs.netgate.com/pfsense/en/latest/...ases/index.html

hi there.

still learning and trying to understand ipv6 in opnsense
what prefix delegation size to use by the way?

64. be wary though, i suspect it’s TM screwing up some ipv6 settings. if after reconnection/reboot you get no internet. you need to call TM to get it solved.

just to confirm, setting strictly to ipv4 only, and omitting the ipv6 settings, the connection remains stable and i don't experience any lock out/issue when reconnecting back to tmnut.

long term no good, since will need to figure out how to get ipv6 working in pfsense to work with tmnut without this issue 
so what is your situation like? did you figure out the working ipv6 settings for your opnsense? or do you still have this frozen internet and having to call up tmnut each time to unstuck it? 
or does anyone else who uses pfsense have a working setting for this?  :confused:

i didn’t bother anymore and stick to using ipv4.
or you can connect ipv6 and hope you have 100% uptime never drop connections then it will work

too risky. too troublesome if a problem occur 

at one point, i thought maybe it's due to me using vlan in my pfsense config (for guest wifi and iot). but based on your result doesn't seem to be that  so i could only narrow this down to something related to the ipv6 configuration on pfsense side, or something on isp side that doesn't play nicely with pfsense?

o well.. i'll visit back this thread in 1-2 years and hope someone has a solution by then    using ipv4 only reliably for now on latest community edition pfsense    i max out on the subscriber dl/ul speed, and latency is low for gaming, so not really much else to complain unless maybe if torrent peer strictly use ipv6 then doesn't that mean i cannot download from those users? other than that i don't think there is a big issue, until a few more years from now if they force everyone to use ipv6 eventually

too risky. too troublesome if a problem occur 

at one point, i thought maybe it's due to me using vlan in my pfsense config (for guest wifi and iot). but based on your result doesn't seem to be that  so i could only narrow this down to something related to the ipv6 configuration on pfsense side, or something on isp side that doesn't play nicely with pfsense?

o well.. i'll visit back this thread in 1-2 years and hope someone has a solution by then    using ipv4 only reliably for now on latest community edition pfsense    i max out on the subscriber dl/ul speed, and latency is low for gaming, so not really much else to complain unless maybe if torrent peer strictly use ipv6 then doesn't that mean i cannot download from those users? other than that i don't think there is a big issue, until a few more years from now if they force everyone to use ipv6 eventually

wonder if it’s feasible to call them and send a technician over every time it happens.
if > 24h downtime, claim rm50 rebate.
perhaps if done often enough with enough volume they’ll do something about it

for your pfsense there's this.
https://docs.netgate.com/pfsense/en/latest/...igure-ipv6.html



how's yours configured with regards to this option?

After much try and error and research, I've managed to get pfSense to work with UniFi's IPv6 allocation. For a bit of a background, I'm running the latest release of pfSense i.e. 2.2.1 and also I got this to work with my office's UniFi which is on Biz 10.

I'd just like to share my settings here to benefit those who might want to get IPv6 to work for their pfSense box.

1. Under "System -> Advanced -> Networking", make sure "Allow IPv6" is checked. Then go to "Interfaces", click on "WAN". Under IPv6 Configuration Type, choose "DHCP6". MTU should be 1492.

2. Under DHCP6 client configuration section, put a tick mark on "Request a IPv6 prefix/information through the IPv4 connectivity link". In the drop down list for DHCPv6 Prefix Delegation size, choose "56". (I have no idea why this is the case, but the allocated subnet for both the PPPoE and LAN are actually 64. I've tried choosing 64 here, but it doesn't work. Maybe 56 is for a Biz account. If 56 doesn't work for you, try choosing 64 especially if you're on home UniFi account.)

Also, put a tick mark for "Send an IPv6 prefix hint to indicate the desired prefix size for delegation". Click on "Save".

3. Now, go to "Interfaces", click on "LAN". Under IPv6 Configuration Type, choose "Track Interface". Type 1492 for MTU.

4. Under Track IPv6 Interface section, ensure IPv6 Interface "WAN" is selected and as for IPv6 Prefix ID, just type 0 (zero) here.

5. Under Private networks section, ensure "Block Bogons networks" is unchecked. Then, click "Save".

6. Finally, I've read that IPv6 requires ICMP to work. So under Firewall -> Rules, I've also created a rule to allow ICMP IPv6 traffic for both WAN and LAN.

I'm not entirely certain what the security implications are with the above settings to the firewall, so please be forewarned.

With the above settings, I'm able to get IPv6 addresses for PPPoE and LAN interfaces for pfSense and also devices connected to the LAN. Hope this helps those who are using pfSense.

[attachmentid=4391721]
[attachmentid=4391722]

Dear TM IPv6 Implementor,

IMHO, i've successfully run TM_IPv6 on pfSense and managed to get it working SLAAC mode and DHCPv6 mode (one mode at a time - not both). (Streamyx ADSL 8Mbps here - PPPoE)

After relentless hour of searching, calling here and there (esp TM guys) and the results is very good. I'm able to replicate the case if needed but to pfSense users/IPv6 Implementor please do read on.

Findings:

1. Only works in pfSense 2.2 . Currently i'm on BETA specifically pfSense-LiveCD-2.2-BETA-i386-20141017-1129

2. Set your WAN to DHCPv6 , Tick Request IPv6 via IPv4 connectivity, Tick Request Prefix no IP Address , Select 64 as for the size and last Tick the box third .Of course you'll need to setup your PPPoE Username and Password.

3. Go to LAN and as usual set your IPv4 LAN IP and for IPv6, Pick DHCPv6 here. Tick the first and the third box only and set 64 too.

4. You may want to adjust your DNS Server at System -> General Setup accordingly.

As soon as all the configuration in place and you have your internet connectivity, please head on to Status -> Interfaces . Your pfSense LAN interface should pickup the PD (Prefix Delegation IP) and you can set your PC/Netbook/Notebook "statically" using the information. Below are the example:

PD Info
pfSense IPV6 "LAN" IP -  2001:4411:7a4::1:1
YOUR PC IPv6 "LAN" IP - 2001:4411:7a4::1:fdc0:c0d3
Subnet - 64
Gateway -  2001:4411:7a4::1:1

EDITED: The IPv6 Address will change once you reboot your pfSense and you'll have to manually assign the address again. So do watch out.

Another caveat to look for, as far as i'm testing, i do suffer MTU problem (certain website lag and unable to accesss) and i haven't lowered yet the MTU. You should try to lower your MTU at 1432 as per suggested on previous post and test it out. YMMV

As always, pfSense 2.2 is still in BETA mode and i can't wait for RELEASE version of 2.2
If anyone wishes to look at my config and screenshot, please state it here and i'll try my best to upload somewhere.

P/S: the "LAN" IPv6 is actually Globally Routed IP - WAN IPv6 so to speak . I'm trying to differentiate the terms so that hopefully you might grasp the idea. Please do pardon me for any confusion.



credit: Thanks to asellus for answering some of my question earlier on.

Regards

This much I know for Home Unifi broadband, TM IPv6 assign /64 dynamic-prefix so when you reconnect or reboot router, you get new prefix but your devices still using old prefix address and when you try to access say youtube or any IPv6 sites the page just loading..

There's 2 ways to solve this:

1* reduce IPv6 DHCP leasetime to say 3 mins or lower in your router(troublesome)

2* TM assign static-prefix(best option)

If many customers bomb TM requesting to change from dynamic-prefix to static-prefix then maybe have hope :>

for me slaac workout of the box using dlink router
my suggestion is get ipv6 try using automatic or slaac
Prefix delegation: enabled
DNS address try using cloudflare or google

IPV6 lan delegated using SLAAC+ Stateless DHCP

Switch to Auto prefix delegation

Then use SLAAC+stateless for best compatibility


The reason why I suggest use SLAAC+stateless is because Android devices (incl chromebook) not compatible with DHCPv6

When possible, do not use Auto default settings because may cause possible compatibility problems

i pretty much just copied as much as i could from your own setting
https://forum.lowyat.net/topic/5204701

yes but i brought that up because i don’t find that option in OPNsense to drop prefix.
by default can you check if yours is enabled or disabled?

yes but i brought that up because i don’t find that option in OPNsense to drop prefix.
by default can you check if yours is enabled or disabled?

Dear Connection,
What is the VLAN ID for maxis home fibre? Thanks in advance.

Hi,

Where can i find tech support for SBC unit as new router setup on Unifi fiber?
I'm really noob on PC.

thank you.

Set up OPNsense on Unifi and just thought might as well share the process.


Go to Interfaces > Other Types  > VLAN
Parent Interface > select WAN port, VLAN tag 500.


Go to Assignments > under WAN select vlan500 on (WAN port)


Go to [WAN] > ipv4 = PPPoE, ipv6 = DHCPv6. under PPPoE configuration, enter your Unifi username and password.
Scroll down under DHCPv6 client configuration, check
> Request only an IPv6 prefix
> Prefix Delegation Size 64
> Send IPv6 Prefix Hint
> Use IPv4 connectivity
edit NOV 2022


Go to [LAN] under IPv6 configuration type > Track Interface.
Track IPv6 interface > select WAN.
to use NDP, check [Allow manual adjustment of DHCPv6 and Router Advertisements]
then go to [Services] > Router Advertisements. select Stateless for Router Advertisements

May have to reboot system to bring DHCPv6 server up and running.

enjoy

Thanks for sharing this guide. Works well on my fanless n100 6 eth port I got from Aliexpress. Only one issue - the connection lasts less than 24 hours and then the whole unit reboots. Seems to be poor reset related and can’t be fixed in current opnsense version. Anyone else experiencing this?

Hi, i've successfully configure OPNsense with IPv6 WAN and LAN, however, it failed IPv4 test, any ideas what's wrong with it?

Followed the guide but not working. I'm using  Celcom Fiber. Anyone has a clue?

Did you set the VLAN ID correct?

Yes, VLAN ID is setup correctly. I'm getting internet but is only on IPv4.

I am using OPNSense ver 25.7 and Unifi 500 Mbps package.

I believe this is the most up-to-date version of setting up the OPNSense for TM Unifi's IPv6.

Assumption:
You already have a working PPPoE WAN. If not, use OPNSense wizard to assist you to setup the PPPoE WAN.
Your Interface naming might be different from mine. But I hope your understand which interface is meant for WAN and LAN.
If you have setup a bridge for bridging your device ethernet ports traffic like switch, your LAN interface should be your bridge
If your OPNSense device only have 2 ethernet ports setup, then skip Step 2.

Step 1:
In Interface -> WAN -> IPv6 Configuration, select DHCPv6

Same page, Interface -> WAN -> DHCPv6 client configuration portion.
Set Configuration Mode: Basic.
Prefix delegation size: 64.
Tick Request prefix only checkbox.
Tick Send prefix hint checkbox.
Leave both Optional prefix ID and Optional interface ID empty (no value entered)
Click Save button

Step 2 (optional: only application for those setup Bridge)
Interface -> Devices -> Bridge, select the bridge you have setup.
Tick Enable link-local address checkbox
Click Save button

Step 3:
Interface -> LAN -> IPv6 Configuration Type
Select Track Interface

Same page, Interface -> LAN -> Track IPv6 Interface -> Parent Interface
Select WAN.
Leave Assign prefix ID and Optional interface ID empty (no value entered)
Tick Allow manual adjustment of DHCPv6 and Router Advertisements checkbox
Click Save button

Step 4:
Services -> Router Advertisement -> LAN (because you ticked the checkbox in Step 3)
Set Router Advertisment: Assisted
Router Priority: Normal
Source Address: Automatic
DNS Options: up to you whether tick or untick both checkboxes
Click Save button and check the Router Advertisement service has started.

By finishing the above steps, you should have enabled IPv6 for your TM Unifi.
Some devices might not able to get IPv6 address, reboot your OPNSense device should do.

Set Configuration Mode: Basic.  for pfsense what is this? static? dhcp? slaac?

Sorry for late reply.

Under the System -> Interfaces -> WAN:
The IPv4 Configuration Type in the Generic Configuration should be PPPoE.
The IPv6 Configuration Type in the Generic Configuration should be DHCPv6.

im using dhcpv6 but something is very wrong.

For vlan e.g. guest vlan, when i put DHVPv6 it break the internet. wont work at all. So for guest vlan had to remove that.

what this does, ipv4 works on guest vlan. Only the vlan1 network has working ip6 and ipv4 both.

So i donno why that is.

You cannot use the same EUI64 index for 2 different subnet.
On Unifi Home, TM only give a single /64, so you cannot use a different index either.

Conclusion: You can only have one subnet using IPv6.
Why? Because stupid TM don't support BCOP-690.

im using dhcpv6 but something is very wrong.

For vlan e.g. guest vlan, when i put DHVPv6 it break the internet. wont work at all. So for guest vlan had to remove that.

what this does, ipv4 works on guest vlan. Only the vlan1 network has working ip6 and ipv4 both.

So i donno why that is.