pfSense

pfSense's implementation of DHCPv6 prefix delegation is unusable in edge ISP configurations. AT&T Fiber in the United States, for example, commits the entire /60 to the customer's on-premises gateway, even if the gateway is (as) bypassed (as it can be). The pfSense appliance behind the gateway can only request delegation for one /64 at a time, even if multiple /64s are to be delegated. In other words, if I have four LAN subnets, I would need to request four separate /64s from the gateway, rather than a single /62 to then be doled out by the pfSense firewall.

Unfortunately, pfSense only allows for a single delegated prefix over the WAN. If a /63, /62, /61, etc. is configured, it is ignored by the gateway. The problem is that setting a prefix length of /64 for DHCPv6 on WAN means that only a single LAN interface can be given that delegated prefix. There is no configuration structure within pfSense (that I have found) that allows one to individually request a /64 prefix for EACH so-configured LAN interface.