AC66U + IPV6 @ DMZ

[onetwobr]

Hi guys,

I have an AC66U and my ISP gave me a FTTH modem where there is no possibility of converting it to bridge, so I have to use it as DMZ to have access from the internet.

Using the Asus "official firmware" ipv6 works normally using passthrough mode, but with Merlin does not happen in the same way. As soon as I activate the passthrough option the stations receive ipv6 addresses normally, but the router starts to loop (restarting) and only stops when I completelly disable ipv6

I also tried to set ipv6 to "Native" option but the devices connected to the router do not receive a v6 address as they should. I´m currently using the "380.65_2" version but have already tested previous versions and had the same problem.

Has anyone ever experienced this? Any tip or another test that I can do?

Best regards from Brazil and sorry for the bad english

Tks!
Eduardo.

 

[JohnDG]

same here, Eduardo.

I got a AC66U with 380.65_2, trying to get IPV6 in "native" mode without success.
Got a AC5300 runing the original manufacture firmware, same settings --> correct IPV6 address.

In both cases, I got a modem from my provider, not a router. Settings should be "native" mode and "stateless". But the AC66U only gets an IPV4 address, not a IPV6 address.

 

[onetwobr]

same here, Eduardo.

I got a AC66U with 380.65_2, trying to get IPV6 in "native" mode without success.
Got a AC5300 runing the original manufacture firmware, same settings --> correct IPV6 address.

In both cases, I got a modem from my provider, not a router. Settings should be "native" mode and "stateless". But the AC66U only gets an IPV4 address, not a IPV6 address.

Hi John,

Do you have tested the "passthrough" option instead native? On my AC66U with Asus oficial firmware this option worked fine on my scenario (NAT behind NAT with a DMZ between provider modem and the Asus).

I had to leave the Asus firmware because the performance on the LAN was pretty poor, especially on file copies between wired and non-wired devices, even with both configured exactly the same (NAT Acceleration, Wi-Fi settings, etc.).

With Merlin the overall network performance has improved considerably (besides the great extra functions), but unfortunately I had to completely disable IPv6 for now

Regards,
Eduardo.

 

[onetwobr]

NAT acceleration: Disabling this option make the router stop rebooting when the IPv6 Passthrough is on.

https://github.com/RMerl/asuswrt-merlin/issues/1134

BUT, last time I changed this options cause the network throughput low (very similar like the Asus official firmware) and CPU usage went up too high, so I'm considering a hardware limitation or maybe a bug on the router.

I'll do more tests over the weekend.

 

[Deleted member 22229]

Having your ISP provided gateway in DMZ mode forces the gateway to forward all incoming traffic unfiltered to your router. Thats ok with IPv4 but with IPv6 in pass through mode it will have NO firewall from the gateway or the router so at this point your network is no longer secure on the v6 side. Something to think about using Pass through.

 

[onetwobr]

Having your ISP provided gateway in DMZ mode forces the gateway to forward all incoming traffic unfiltered to your router. Thats ok with IPv4 but with IPv6 in pass through mode it will have NO firewall from the gateway or the router so at this point your network is no longer secure on the v6 side. Something to think about using Pass through.

Well, DMZ only works on IPv4 but based on your affirmation what is your suggestion? Not use ipv6?

As far as I know the security, privacy and operation rules of ipv6 is more complex than ipv4. All our compatible devices receive a "public" ipv6 no matter what modem or router is in front of it, the operation is basically the same as long as it is properly configured.

Anyway, I have tested all the settings and Passthrough was the only one that made my devices connect through ipv6. We know that v6 is still consolidating but for some destinations the difference is noticeable and I would like to keep it functional.

Regards.

 

[onetwobr]

Bingo!

With Asus official firmware version 3.0.0.4.380.7266:

- NAT Accelerator Auto + IPv6 Passthrough = Functional, no problem, ipv6 connectivity but terrible performance on local network copies

- NAT Accelerator Disabled + IPv6 Passthrough = Functional, great performance at local network but high CPU usage.


With Merlin version 380.65_2:

- NAT accelerator Auto + IPv6 Passthrough = Restarting constantly, can not use.

- NAT accelerator Auto + IPv6 Off = Great performance on the local network but no IPv6 connectivity.

- NAT Accelerator Off + IPv6 Passthrough = Functional, good performance on the local network but high CPU usage.


I will keep this last scenario for now but if I notice some kind of instability I disable IPv6 and re-enable NAT acceleration.

Does anyone who has another top model (AC68u, AC3200, etc.) can simulate this?

Well, maybe it's time to start thinking about retire the AC66U

Regards.
Eduardo.

 

[JohnDG]

Hi John,

Do you have tested the "passthrough" option instead native? On my AC66U with Asus oficial firmware this option worked fine on my scenario (NAT behind NAT with a DMZ between provider modem and the Asus).

I had to leave the Asus firmware because the performance on the LAN was pretty poor, especially on file copies between wired and non-wired devices, even with both configured exactly the same (NAT Acceleration, Wi-Fi settings, etc.).

With Merlin the overall network performance has improved considerably (besides the great extra functions), but unfortunately I had to completely disable IPv6 for now

Regards,
Eduardo.

Passthrough was no option, Eduardo. I do not get an IPV6 address on the devices connected.
But thanks for the reply.

NAT acceleration is set to off - IPv6 passthrough

regards,

Johnny