What's new

Asus IPv6 Tunnel 6to4 question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Cornerstone

Occasional Visitor
Let me start by saying that I know enough about networking and IP setups to realized I know nothing. So please be patient with me as I have tried to research this before posting but many threads seem to assume a certain level of understanding that I do not have.

With that out of the way, I have an Asus AX11000 and AX86U running AIMesh.

I have a smart device that runs on Matter and needs an IPv6 network. My ISP does not support IPv6.

Because of that, I setup "Tunnel 6to4" and it seemed to work, but I have zero idea if I need to change the defaults or do anything for security purposes.

If someone could share what the best practices are , I would appreciate that.

I have read about the Tunnel Brokers and that you need them for this to work, but it seems to be working without it?
 
It shouldn't be working with settings from TunnelBroker or similar, check in the the router: System Log> IPv6 to see what shows up there.
As for thread, I've just given myself a headache in another forum trying to figure out my own devices (that work perfectly, I just don't quite understand how it's working).
 
That's it shouldn't be working without those settings!
I'd go ahead and setup an account on Hurricane Electric/tunnelbroker.net - it'll be mostly plain sailing, though some streaming services may not like it (they think its a VPN) and Instagram didn't used to work on some devices when I used it
 
IPv6 (6in4) via tunnelbroker (HE) is a viable option - I use it myself. I just want to point out that right now I know of not one single device that actually needs IPv6 and won't work on IPv4. I think it was Apple that started this trending false advice (?).
Bear in mind when setting up tunnelbroker there is a choice of servers (yes there's even one in the UK) though your IPv6 ISP will still be listed as HE in the USA, even though it geo-locates to the chosen server.
 
IPv6 (6in4) via tunnelbroker (HE) is a viable option - I use it myself. I just want to point out that right now I know of not one single device that actually needs IPv6 and won't work on IPv4. I think it was Apple that started this trending false advice (?).
Bear in mind when setting up tunnelbroker there is a choice of servers (yes there's even one in the UK) though your IPv6 ISP will still be listed as HE in the USA, even though it geo-locates to the chosen server.
Sorry for the super late reply.

I setup things with IPv6 Tunnel 6to4. Literally just did that and nothing else and my device connected. However, that seems to caused other issues. I am not sure if that is because of the DDNS or what. My speeds when from 900/900 to 500/500 with super slow real world download speeds from 120-150 MB/s to 5-8MB/s.
 
Sorry for the super late reply.

I setup things with IPv6 Tunnel 6to4. Literally just did that and nothing else and my device connected. However, that seems to caused other issues. I am not sure if that is because of the DDNS or what. My speeds when from 900/900 to 500/500 with super slow real world download speeds from 120-150 MB/s to 5-8MB/s.

How did you set up a 6 to 4 tunnel without a tunnel?

It sounds like you now have IPv6 on your LAN so that is allowing that device to work on the LAN only, but your router is completely confused trying to route IPv6 when it can't, hence the slowdown and issues. Or whatever was pre-populated when you enabled 6to4 is the tunnel broker you're using and you're getting the max speed they support. 500/500 would be very good for a free tunnel broker.

Using IPv6 when you don't know what you're doing is not a safe thing to do. Do you know who you're routing all your data through right now? Do you trust them?
 
Tunnelbroker [HE] is 6in4, not 6to4.
 
How did you set up a 6 to 4 tunnel without a tunnel?

It sounds like you now have IPv6 on your LAN so that is allowing that device to work on the LAN only, but your router is completely confused trying to route IPv6 when it can't, hence the slowdown and issues. Or whatever was pre-populated when you enabled 6to4 is the tunnel broker you're using and you're getting the max speed they support. 500/500 would be very good for a free tunnel broker.

Using IPv6 when you don't know what you're doing is not a safe thing to do. Do you know who you're routing all your data through right now? Do you trust them?
According what I can find online, and please pardon if my terms on wrong here, if you use the Asus "6to4", it uses Asus's DDNS. Speeds vary quite a bit and you are correct, I do not fully understand this.

I feel as though since this gets into more complex setup than the average person is going to do, it means that the information out there is lacking or written to a technical level where I do not even know what I do not know.
 
IPv6 6to4 allows the router to encapsulate the IPv6 packet in an IPv4 packet (put it in an envelope). But you still need a relay server to remove the encapsulation (take it out of the envelope) once the packet has traversed the IPv4 link.
The Hurricane Electric (6in4) service really is pretty easy to set up, you just have to follow the instructions like a pedant - because there are some very similarly named settings that you don't want to mix up!
FYI, kudos to Hurricane Electric for providing this free of charge!
 
According what I can find online, and please pardon if my terms on wrong here, if you use the Asus "6to4", it uses Asus's DDNS. Speeds vary quite a bit and you are correct, I do not fully understand this.

I feel as though since this gets into more complex setup than the average person is going to do, it means that the information out there is lacking or written to a technical level where I do not even know what I do not know.

Asus must also be providing the tunnel termination with that service.

I would go with Hurricane Electric, pretty much the de facto one everyone uses. 6 in 4 without NAT and inbound traffic is allowed (unless something has changed).
 
I had a go dropping my working Native IPv6 and trying the 6to4 service, and I couldn't find any evidence that I had IPv6 beyond my own LAN. I don't see where DDNS comes into this, it's a host to IP lookup, once the lookup is done then it's out of the loop!
 
Asus must also be providing the tunnel termination with that service.

I would go with Hurricane Electric, pretty much the de facto one everyone uses. 6 in 4 without NAT and inbound traffic is allowed (unless something has changed).

I am not sure. I have looked into HE but they seem to not like gmail to sign up. I also wonder what ping times are for things like the occasional gaming or upload speeds for large files. Part of me just wants to switch back to my normal setup.

I had a go dropping my working Native IPv6 and trying the 6to4 service, and I couldn't find any evidence that I had IPv6 beyond my own LAN. I don't see where DDNS comes into this, it's a host to IP lookup, once the lookup is done then it's out of the loop!
I used a few of those websites to test the IPv6 and certain test passed while others failed. It was kinda weird. I have followed the tutorials I could find/understand.

As for the DDNS, it does show it is asus related. Like a long string of characters at " ____.asuscomm.com"

Clearly, I have zero idea what I am doing here.
 
My account on Hurricane Electric uses a Gmail address no problem. The DDNS servers you point at do belong to Asus, but they don't provide any IPv6 tunnelling or removal of encapsulation - they just provide a Dynamic Domain Name System that allows you to point at your router from the web using a hostname rather than the raw IP address, nothing more.
Initially, when you create a HE-TunnelBroker IPv6 you'll need your current IPv4 address, and the router will need to respond to pings (Router Firewall - respond to ICMP: on). When you create your tunnel everything you need apart from the MTU (1480) is presented on that first page. Just note that you'll need to enter the "prefixes" (/64 initially preferred or /48) in separate fields on the router IPv6 page - and there are very subtle differences between the values that if you just look at them casually you'll miss.
As to your router already passing some of the IPv6 tests: Many DNSv4 servers will quite happily return results that point to IPv6 addresses (and vice versa). And the test sites are not perfect, so you'll almost certainly see some false negatives even when everything is working - if you use Chrome you might want to install the IPvFoo extension
Once you've set it up, there's a tiny script you can run on the router to automatically update your IPv4 address should it change (get it working first!).
It pays to be pedantic when setting it up.
Don't be clever, use the setting for the country you are in.
It used to sporadically cause issues with Instagram here, and some users report that Netflix detects it as a VPN.
There's a lot to play with there, good luck, and have fun!
 
I am not sure. I have looked into HE but they seem to not like gmail to sign up. I also wonder what ping times are for things like the occasional gaming or upload speeds for large files. Part of me just wants to switch back to my normal setup.

That's the point of 6 in 4. You only tunnel what you need to via the IPv6 tunnel (which will have higher latency and other limitations, just like the Asus one you're using now or any other VPN/tunnel service) and let everything else stay on direct IPv4.

6to4 will fail various IPv6 tests as it is doing translations, not just tunneling traffic natively.
 
My account on Hurricane Electric uses a Gmail address no problem. The DDNS servers you point at do belong to Asus, but they don't provide any IPv6 tunnelling or removal of encapsulation - they just provide a Dynamic Domain Name System that allows you to point at your router from the web using a hostname rather than the raw IP address, nothing more.
Initially, when you create a HE-TunnelBroker IPv6 you'll need your current IPv4 address, and the router will need to respond to pings (Router Firewall - respond to ICMP: on). When you create your tunnel everything you need apart from the MTU (1480) is presented on that first page. Just note that you'll need to enter the "prefixes" (/64 initially preferred or /48) in separate fields on the router IPv6 page - and there are very subtle differences between the values that if you just look at them casually you'll miss.
As to your router already passing some of the IPv6 tests: Many DNSv4 servers will quite happily return results that point to IPv6 addresses (and vice versa). And the test sites are not perfect, so you'll almost certainly see some false negatives even when everything is working - if you use Chrome you might want to install the IPvFoo extension
Once you've set it up, there's a tiny script you can run on the router to automatically update your IPv4 address should it change (get it working first!).
It pays to be pedantic when setting it up.
Don't be clever, use the setting for the country you are in.
It used to sporadically cause issues with Instagram here, and some users report that Netflix detects it as a VPN.
There's a lot to play with there, good luck, and have fun!
For HE, it just keeps saying "that email address is not permitted" despite trying several gmails.

I am perfectly fine with trying it out, it just do not want to run into more issues or some unforeseen issue with speed/ping.

Is there a good walk through or write up on how to set it up?
 
Before you do anything else try tunnelbroker.net and your username cant be your email address.
 
Before you do anything else try tunnelbroker.net and your username cant be your email address.
I am not sure why, but it would never accept a Gmail address for some reason. I thought maybe it was a character length issue, so I tried a short gmail address but the issue continued. Luckily, I had another email that I got working.

I believe I got everything set up correctly after combining information from all the resources I could find. Someone who knows more than I should make a new guide for setting up a Tunnel for Asus cause each guide had small errors that borked the setup.

According to https://test-ipv6.com, I get a 10/10 and https://ipv6-test.com has a bit more of an issue. Sometimes it will just fail the IPv6 test and state not supported but if I just 'refresh' that section, it works with ICMP stating Filtered. The score is a 15/20.

So far, my speeds are actually incredibly faster, from 400-500 Up and Down to 920-950 Up and Down with lower ping of 3-5ms. All in all, very surprised by this.

Time will tell if this is better than what I had before. Zero idea why everything is so much faster but I am not looking a gift horse in the mouth.
 
I'd now install IPvFoo and trust that more than the IPv6 test sites! Glad it's all working for you now :)
 
I am not sure why, but it would never accept a Gmail address for some reason. I thought maybe it was a character length issue, so I tried a short gmail address but the issue continued. Luckily, I had another email that I got working.

I believe I got everything set up correctly after combining information from all the resources I could find. Someone who knows more than I should make a new guide for setting up a Tunnel for Asus cause each guide had small errors that borked the setup.

According to https://test-ipv6.com, I get a 10/10 and https://ipv6-test.com has a bit more of an issue. Sometimes it will just fail the IPv6 test and state not supported but if I just 'refresh' that section, it works with ICMP stating Filtered. The score is a 15/20.

So far, my speeds are actually incredibly faster, from 400-500 Up and Down to 920-950 Up and Down with lower ping of 3-5ms. All in all, very surprised by this.

Time will tell if this is better than what I had before. Zero idea why everything is so much faster but I am not looking a gift horse in the mouth.

6in4 (especially HE's one) will definitely be faster. However your speed test may be using IPv4 and bypassing the tunnel anyway, since 6in4 will only route IPv6 over the tunnel and the rest goes direct.
 

Similar threads

Top