[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[john9527]

There are actually some interesting things going on......the router depends on the IPv6 neighbor table to keep track of the IPv6 addresses. But, with temporary addresses being used, the public address is marked stale and eventually flushed from the neighbor table (at this point it no longer shows up in the IPv6 Address display). Just doing a ping from another system on the LAN brings it back.

 

[nivek1612]

Interesting. Looks like Windows clients will have to issue the following to disable RFC 4941.

netsh int ipv6 set global randomizeidentifiers=disable store=active

I guess enabling it by default makes sense. After all, the vast majority of users on the internet would want it enabled. A bit of a hassle though (remembering to disable it).

http://computer-outlines.over-blog.com/article-windows-ipv6-privacy-addresses-118018020.html

Did a bit of research and on Mac OSX you can achieve the same thing

Open a Terminal window and run the following command:

$ sudo sysctl -w net.inet6.ip6.use_tempaddr=0

Don't forget to add that to /etc/sysctl.conf if you want the change to persist between reboots.

After that, bounce the interface you care about (probably en0) and you should notice that you no longer are being assigned temporary IPv6 addresses.

 

[kvic]

Did a bit of research and on Mac OSX you can achieve the same thing

Open a Terminal window and run the following command:

$ sudo sysctl -w net.inet6.ip6.use_tempaddr=0

Don't forget to add that to /etc/sysctl.conf if you want the change to persist between reboots.

After that, bounce the interface you care about (probably en0) and you should notice that you no longer are being assigned temporary IPv6 addresses.

You don't have to do this on Mac/iOS. Every interface has two IPv6 addresses. One fixed and generated from MAC, and the other random. What you did just remove one and doesn't serve any additional benefit.

But scratch all above. macOS Sierra changes all that. It'll use a different algo to generated the fixed IPv6 address, not based on MAC.


I think people are holding the phone wrong way in terms of SLAAC use. It serves its purpose. Effort to workaround for "better" usability is perhaps futile.

 

[nivek1612]

You don't have to do this on Mac/iOS. Every interface has two IPv6 addresses. One fixed and generated from MAC, and the other random. What you did just remove one and doesn't serve any additional benefit.

But scratch all above. macOS Sierra changes all that. It'll use a different algo to generated the fixed IPv6 address, not based on MAC.


I think people are holding the phone wrong way in terms of SLAAC use. It serves its purpose. Effort to workaround for "better" usability is perhaps futile.

Still needed if you want to ensure that the IPv6 address you send to a ddns service is the fixed one
Unless there is a way of requesting the fixed IP ?


Sent from my iPhone using Tapatalk

 

[kvic]

Still needed if you want to ensure that the IPv6 address you send to a ddns service is the fixed one
Unless there is a way of requesting the fixed IP ?


Sent from my iPhone using Tapatalk

All modern DDNS I had come across allow people to supply an IP address in their update URL (or API). If the IP address is omitted, then the service will try to auto detect.

Auto detection is desirable for people behind IPv4 ISP. In your case, simply specify the fixed IPv6 address of your iMac on the update URL (or API).

What IPv6 DDNS service are you using?

 

[nivek1612]

All modern DDNS I had come across allow people to supply an IP address in their update URL (or API). If the IP address is omitted, then the service will try to auto detect.

Auto detection is desirable for people behind IPv4 ISP. In your case, simply specify the fixed IPv6 address of your iMac on the update URL (or API).

What IPv6 DDNS service are you using?

Duiadns but I'm running the router based update client that auto detects the IPv6 address of my specified clients. This gets the TEMP (private) address by default. The support team at duiadns are going to allow an option to force the private address shortly. I need a dynamic update service as my prefix is not fixed

I could run a client based update but that's just not a neat


Sent from my iPhone using Tapatalk

 

[kvic]

Duiadns but I'm running the router based update client that auto detects the IPv6 address of my specified clients. This gets the TEMP (private) address by default. The support team at duiadns are going to allow an option to force the private address shortly. I need a dynamic update service as my prefix is not fixed

I could run a client based update but that's just not a neat


Sent from my iPhone using Tapatalk

I guess they offer you ipv6-for-lan to run on your router? This looks like a closed source binary. In there they might be trying to act smart. Do automatic detection. Look up IPv6 address of you PC from router's arp cache. You give them your PC's MAC beforehand..

Convenient for end users maybe but lack of flexibly and give the service provider more control. They shall add in their program to allow end user to specify a IPv6 address if they haven't done so.

For the time being, u have not much option but disable the temp address for your Mac if you want to stay with them and continue to use the client. Or else there are more open services.

Thanks for sharing duiaDNS.

 

[SeanSkiVT]

John,

I wanted to thank you for putting this together and staying so on top of updates. This fixed my range issues on my AC66U quite nicely. I admittedly didn't search very hard, but is there a way that I can PayPal you a few dollars as a thank you?

Thanks,

-Sean

 

[booyah]

Having some trouble downloading from Onedrive. Kept saying OneDrive is unable to scan RT-XXXXXXX.zip for viruses.

 

[john9527]

Having some trouble downloading from Onedrive. Kept saying OneDrive is unable to scan RT-XXXXXXX.zip for viruses.

That sounds like a browser extension or system anti-virus message. I just downloaded one file with IE11 and another with Firefox without any problems.

 

[nivek1612]

John did you get anywhere with your investigations into using the MAC address


Sent from my iPhone using Tapatalk

 

[choppersrock]

Hi

I wanted to try this fork on a brand new ac-68u but it won't update. An error message appears saying due to regulatory issues the firmware is not compatiable ?

I have been able to update with standard merlin but not this fork

Can anyone offer some advice please, screen shot attached

Many thanks

 

[ColinTaylor]

@choppersrock Use the ASUS Firmware Restoration utility. https://www.asus.com/support/faq/1000814/

 

[choppersrock]

Thanks very much! - finally got it installed.

cheers

 

[john9527]

Things have been awfully quiet...so time to start the next beta

The beta has been refreshed.....see
http://www.snbforums.com/threads/fo...ilable-v19e3-v20b6.18914/page-220#post-283044

 

[john9527]

John did you get anywhere with your investigations into using the MAC address


Sent from my iPhone using Tapatalk

Yes sir....please see the previous post Please give feedback if you try it (I don't have a way to easily test it myself).

 

[nivek1612]

Yes sir....please see the previous post Please give feedback if you try it (I don't have a way to easily test it myself).

Perfect thank you

Does it require a NVRAM clear or can it be installed straight over the current firmware
If the later I can try it quickly otherwise I may have to wait until I return from my business trip next week

 

[john9527]

Perfect thank you

Does it require a NVRAM clear or can it be installed straight over the current firmware
If the later I can try it quickly otherwise I may have to wait until I return from my business trip next week

No factory reset required (so far I've been able to design things such that no reset is required when moving between any of the fork releases).

 

[nivek1612]

No factory reset required (so far I've been able to design things such that no reset is required when moving between any of the fork releases).

Firmware Downloaded, as soon as i finish this VOIP conf call I will flash the router

 

[nivek1612]

Yes sir....please see the previous post Please give feedback if you try it (I don't have a way to easily test it myself).

John Nice work Sir

Happy to report that a IPV6 firewall rule opening a port for an address of ::xxxx:xxxx:xxxx:xxxx does indeed allow the request to pass to the designated endpoint