RMerlin
Asuswrt-Merlin dev
TPIAs like TSI handle the routing. But IP allocation (like DHCP or PD) is done by the incumbent. So while TSI's network is already IPv6-ready, the incumbent still needs to handle the IP allocation part.
Dual Stack home network pros and cons
- Thread starter Tech9
- Start date
Tech9
Part of the Furniture
Testing Napoleon BBQ compatibility as we speak. Wired, CPU on 450°F and rising. Dual Stake processing is stable. Raccoon firewall enabled.
Last edited:
john9527
Part of the Furniture
A bit of history from the repo
Author: Eric Sauvageau <xxxx@lostrealm.ca> 2013-08-04 23:00:44
Committer: Eric Sauvageau <xxxx@lostrealm.ca> 2013-08-04 23:00:44
Parent: 9181072a27b4b6408c75457324eed77c172724ae (Implement dropped logging for DualWAN too)
Child: 921f5668902e8e0c3ced0c40c748ccd74a2007b9 (Allow outbound traffic when firewall is enabled)
Branches: 374.43_2-update, dev, remotes/origin/374.43_2-update, remotes/origin/DPI, remotes/origin/master, remotes/origin/miniupnpd, remotes/origin/sdk5100
Follows: 3.0.0.4.372.31
Precedes: 3.0.0.4.372.32-BETA3
Started implementing IPv6 firewall rules
Last edited:
ZebMcKayhan
Very Senior Member
Tried to get a public ipv4 from my isp recently but they wanted quite alot of money for it so I eventually rejected. They are however handing out publically routable ipv6 for free (sadly my infrastructure provider is not supporting it yet).
As time goes this will be an ever increasing problem for us all and eventually no isp will give out public ipv4 for free anymore (and some may even stop ipv4 support). How much would you be willing to pay for a public ipv4 when ipv6 are free?
With 386.4 Asus / @RMerlin Introduces the ip6tables NAT which means that stateful NAT66 is now possible.
A checkbox in the GUI to masquarade WAN data would be nice but the ipv6 community looks at this as an abomination, so I guess that won't happen, but nothing stops you from adding the rule yourselves.
On my AC86U I'm currently running ipv6 ULA (FDxx adresses) on my LAN which is NAT66 masquaraded to wireguard client.
No kernel messages in syslog yet after running acouple of days.
As time goes this will be an ever increasing problem for us all and eventually no isp will give out public ipv4 for free anymore (and some may even stop ipv4 support). How much would you be willing to pay for a public ipv4 when ipv6 are free?
With 386.4 Asus / @RMerlin Introduces the ip6tables NAT which means that stateful NAT66 is now possible.
A checkbox in the GUI to masquarade WAN data would be nice but the ipv6 community looks at this as an abomination, so I guess that won't happen, but nothing stops you from adding the rule yourselves.
On my AC86U I'm currently running ipv6 ULA (FDxx adresses) on my LAN which is NAT66 masquaraded to wireguard client.
No kernel messages in syslog yet after running acouple of days.
Last edited:
dave14305
Part of the Furniture
ZebMcKayhan
Very Senior Member
I flashed the firmware and they were there. I have been looking for a way to get ipv6 over wireguard but ended up needing maquarading (not for any other reason than to get my lan to use a single wireguard ULA ip)
Wireguard - Session Manager - Discussion (2nd) thread
ahh should have mentioned that. Sorry bout that. I have used Windows Terminal and have tried Bitvise SSH client. Both have the same problem. Up and down arrows work but anything with backspace/del does not work which is weird. I highly recommend/use Xshell 7 (FREE for Personal use) with these...
www.snbforums.com
This would really be needed as ASUS is implementing wireguard ipv6 server with dynamic ipv6 (wg-dynamic is experimental, not released and maybee not even worked on anymore)
Code:
admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -V
ip6tables v1.4.15
admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -nvL POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 316 packets, 30600 bytes)
pkts bytes target prot opt in out source destination
5295 619K MASQUERADE all * wg11 fdff:a37f:fa75:1::/64 ::/0 /* WireGuard 'client' */386.3 response:
Code:
admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -t nat -I POSTROUTING -s fdff:a37f:fa75:1::/64 -o wg11 -j MASQUERADE -m comment --comment "WireGuard 'client'"
ip6tables v1.4.15: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Last edited:
heysoundude
Part of the Furniture
Woah...I had to step away for a bit to deal with some unwell family members.I flashed the firmware and they were there. I have been looking for a way to get ipv6 over wireguard but ended up needing maquarading (not for any other reason than to get my lan to use a single wireguard ULA ip)
Wireguard - Session Manager - Discussion (2nd) thread
ahh should have mentioned that. Sorry bout that. I have used Windows Terminal and have tried Bitvise SSH client. Both have the same problem. Up and down arrows work but anything with backspace/del does not work which is weird. I highly recommend/use Xshell 7 (FREE for Personal use) with these...
This would really be needed as ASUS is implementing wireguard ipv6 server with dynamic ipv6 (wg-dynamic is experimental, not released and maybee not even worked on anymore)
Code:admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -V ip6tables v1.4.15 admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -nvL POSTROUTING -t nat Chain POSTROUTING (policy ACCEPT 316 packets, 30600 bytes) pkts bytes target prot opt in out source destination 5295 619K MASQUERADE all * wg11 fdff:a37f:fa75:1::/64 ::/0 /* WireGuard 'client' */
386.3 response:
Code:admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -t nat -I POSTROUTING -s fdff:a37f:fa75:1::/64 -o wg11 -j MASQUERADE -m comment --comment "WireGuard 'client'" ip6tables v1.4.15: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded.
This may be the big deal good news that I've been waiting on, @ZebMcKayhan
Happy New Year Indeed!
RMerlin
Asuswrt-Merlin dev
You could look at how Asus is implementing it (AFAIK they do support IPv6). While not the final code, the IPv6 portion may possibly already be implemented in the merged code.
asuswrt-merlin.ng/release/src/router/rc/wireguard.c at master · RMerl/asuswrt-merlin.ng
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com
ZebMcKayhan
Very Senior Member
Thanks!You could look at how Asus is implementing it (AFAIK they do support IPv6). While not the final code, the IPv6 portion may possibly already be implemented in the merged code.
asuswrt-merlin.ng/release/src/router/rc/wireguard.c at master · RMerl/asuswrt-merlin.ng
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
Looks like the same as I did (except that they have a more generous rule), good to know that the netfilter ipv6 nat implementation is not just some leftover code, but hopefully thoroughly tested by ASUS.
Code:
ret = is_valid_ip(tmp);
if (ret > 0)
fprintf(fp, "%s -t nat -I POSTROUTING ! -s %s -o %s -j MASQUERADE\n",
(ret > 1) ? "ip6tables" : "iptables", tmp, ifname);It works great!
Last edited:
learning_curve
Senior Member
FWIW This ^^ handy update is NOT yet, present in the RT-AC68U 384 Firmware upgrade. The return value is unchanged from the previous 386.3 response that's been posted above.I flashed the firmware and they were there. I have been looking for a way to get ipv6 over wireguard but ended up needing maquarading (not for any other reason than to get my lan to use a single wireguard ULA ip)
Wireguard - Session Manager - Discussion (2nd) thread
ahh should have mentioned that. Sorry bout that. I have used Windows Terminal and have tried Bitvise SSH client. Both have the same problem. Up and down arrows work but anything with backspace/del does not work which is weird. I highly recommend/use Xshell 7 (FREE for Personal use) with these...
This would really be needed as ASUS is implementing wireguard ipv6 server with dynamic ipv6 (wg-dynamic is experimental, not released and maybee not even worked on anymore)
Code:admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -V ip6tables v1.4.15 admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -nvL POSTROUTING -t nat Chain POSTROUTING (policy ACCEPT 316 packets, 30600 bytes) pkts bytes target prot opt in out source destination 5295 619K MASQUERADE all * wg11 fdff:a37f:fa75:1::/64 ::/0 /* WireGuard 'client' */
386.3 response:
Code:admin@RT-AC86U-D7D8:/tmp/home/root# ip6tables -t nat -I POSTROUTING -s fdff:a37f:fa75:1::/64 -o wg11 -j MASQUERADE -m comment --comment "WireGuard 'client'" ip6tables v1.4.15: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded.
Again just FWIW @ZebMcKayhan I've been able to successfully run IPv6 over Wireguard for some time now, but only at device level, not router level. Explained a little more my post HERE
ZebMcKayhan
Very Senior Member
Is wireguard ipv6 implemented even in stock AC68U firmware? The older kernel might been a problem, or it will just come later.
Sounds like you found your solution then.
learning_curve
Senior Member
Yep, you're right. Pretty sure it will be #OlderKernelSyndrome on my RT-AC68U - C1 that's the current issue
It would be far better, if they update the kernel, instead of back-porting fixes
Yota
Very Senior Member
For me, my personal opinion is very simple.
If my needs cannot be met with IPv4, then I will use IPv6.
If I can deal with the potential threat of IPv6 and have a complete understanding of the IPv6 stack and how to configure them on Asuswrt, then I will use IPv6.
Before that, I just limited the scope of IPv6 usage to specific applications (https://www.snbforums.com/threads/how-to-prevent-lan-devices-from-obtaining-ipv6-addresses.76285/).
This is not an anti-vaccination. If I don’t receive the vaccine, I might die, but if I don’t use IPv6, I may not lose anything.
In addition, this does not mean that I will not make progress. I am going to buy some books to enhance my understanding of IPv6. Once I have enough knowledge, I will be happy to use it, but are there any suggested books or reference materials before then?
If my needs cannot be met with IPv4, then I will use IPv6.
If I can deal with the potential threat of IPv6 and have a complete understanding of the IPv6 stack and how to configure them on Asuswrt, then I will use IPv6.
Before that, I just limited the scope of IPv6 usage to specific applications (https://www.snbforums.com/threads/how-to-prevent-lan-devices-from-obtaining-ipv6-addresses.76285/).
This is not an anti-vaccination. If I don’t receive the vaccine, I might die, but if I don’t use IPv6, I may not lose anything.
In addition, this does not mean that I will not make progress. I am going to buy some books to enhance my understanding of IPv6. Once I have enough knowledge, I will be happy to use it, but are there any suggested books or reference materials before then?
dave14305
Part of the Furniture
If you can stand them, the RFCs on IPv6 are a decent read.
The Top 10 IPv6 RFCs You Should Read (And Why) (Part 1 of 2)
IPv6 RFCs and their origin are a concept that is unfamiliar to many. Learn more about the top 10 IPv6 RFCs Infoblox advises your company's network to utilize.
blogs.infoblox.com
Yota
Very Senior Member
Haha, thanks, I will take the time to have a look.If you can stand them, the RFCs on IPv6 are a decent read.
The Top 10 IPv6 RFCs You Should Read (And Why) (Part 1 of 2)
IPv6 RFCs and their origin are a concept that is unfamiliar to many. Learn more about the top 10 IPv6 RFCs Infoblox advises your company's network to utilize.
grogi
Occasional Visitor
I have DSL from 1und1 and I get both: full IPv4 and /56 prefix for IPv6. Pity that addresses are dynamic - changes each time the ISP connection is established.
sfx2000
Part of the Furniture
after being away from direct exposure to AsusWRT - I can see why folks are somewhat resistant to IPv6... There are still bugs in the older non-HND Broadcom/Asus releases that have not been fixed, and these are service impacting bugs...
example - this bug is still present - from a post 2019 - ipv6 passthru with ctf... asus seems to be more focused on features, not on bug mashing...
fwiw - it's an easy fix, make exceptions for ipv6 traffic on CTF until/when broadcom makes a fix in their kernel driver...
Code:
May 9 12:35:09 kernel: osl_pktfastfree: free skb for NULL ctfpool
May 9 12:35:09 kernel: osl_pktfastfree: free skb for NULL ctfpool
May 9 12:35:09 kernel: osl_pktfastfree: free skb for NULL ctfpoolNot sure if this applies to HND, I only have an older RT-AC68U handy for the moment.
If people don't test, the bugs won't be reported, and they won't be fixed.
sfx2000
Part of the Furniture
Didn't notice this one?
osl_pktfastfree: free skb for NULL ctfpool
TMHI with ipv6 passthru...
Similar threads
Similar threads
Similar threads
-
-
Trying to plan best use of router & switches on home network
- Started by awediohead
- Replies: 10
-
home use router with BT 900Mbps that will get full speed as my Asus RT-AX55 cant do it.
- Started by mardymarvin
- Replies: 12
-
-