What's new

help on ipv6 setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

andresmorago

Senior Member
hello guys
im curious about enabling ipv6 on my router since my isp recently started offering it.

I connect to my isp with a technicolor cablemodem on bridge mode. and i currently have static ipv4 assignment for my wan.

So far, i have enabled Native ipv6 on the router but i cant pass the tests on ipv6 websites. this is what i have so far:

1601247769119.png
this is my ifconfig output on the router
Code:
andresmorago@RT-AC3100-0548:/tmp/home/root# ifconfig
br0       Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::4eed:fbff:feac:548/64 Scope:Link
          inet6 addr: 2800:484:XXXX:XXXX::1/56 Scope:Global
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:281565 errors:0 dropped:0 overruns:0 frame:0
          TX packets:400716 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:172409744 (164.4 MiB)  TX bytes:427187906 (407.3 MiB)

eth0      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet addr:181.xxx.xxx.xxx  Bcast:181.xxx.xxx.xxx  Mask:255.255.255.0
          inet6 addr: 2800:485:0:5e:XXXX:XXXX:3e1:de47/128 Scope:Global
          inet6 addr: fe80::4eed:fbff:feac:548/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4798108 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3067484 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3172697875 (2.9 GiB)  TX bytes:3217395551 (2.9 GiB)
          Interrupt:181 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet6 addr: fe80::4eed:fbff:feac:548/64 Scope:Link
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165846 errors:0 dropped:8335 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:150468535 (143.4 MiB)

eth2      Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:4C
          inet6 addr: fe80::4eed:fbff:feac:54c/64 Scope:Link
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2081369 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:2647895004 (2.4 GiB)

fwd0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:172848 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67242 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:21062428 (20.0 MiB)
          Interrupt:179 Base address:0x4000

fwd1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:2079968 errors:0 dropped:0 overruns:0 frame:0
          TX packets:820984 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:383671855 (365.8 MiB)
          Interrupt:180 Base address:0x5000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:105715 errors:0 dropped:0 overruns:0 frame:0
          TX packets:105715 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21413178 (20.4 MiB)  TX bytes:21413178 (20.4 MiB)

lo:0      Link encap:Local Loopback
          inet addr:127.0.1.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1

vlan1     Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet6 addr: fe80::4eed:fbff:feac:548/64 Scope:Link
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:915198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2246654 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:400860538 (382.2 MiB)  TX bytes:2812448811 (2.6 GiB)

vlan2     Link encap:Ethernet  HWaddr 4C:ED:FB:AC:05:48
          inet6 addr: fe80::4eed:fbff:feac:548/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3568 (3.4 KiB)

andresmorago@RT-AC3100-0548:/tmp/home/root#

i cant seem to get ipv6 connectivity. pinging google dns from either router or any lan device doesnt give any output
Code:
andresmorago@RT-AC3100-0548:/tmp/home/root# ping 2001:4860:4860::8888
PING 2001:4860:4860::8888 (2001:4860:4860::8888): 56 data bytes
ping: sendto: Network is unreachable
andresmorago@RT-AC3100-0548:/tmp/home/root#

could i be missing something on my setup?
 

Attachments

  • 1601247377867.png
    1601247377867.png
    484.9 KB · Views: 232
In your current setup you have disabled IPV6 DNS from your ISP and not replaced it with anything else.

I would start by setting 'Connect to DNS Server automatically' to enable and see if you then get a non-local ipv6 DNS server in ipconfig/ifconfig.

If this does work you can look at changing the DNS server to one of your choice (Google, Cloudflare, OpenDNS, etc. or unbound if you have it installed.)

If it des not work it may be helpful to post the retailed results of the ipv6 test sites.
 
Thanks, do the dns really matter here? I have them configured at the wan page and also I’m trying to ping sites with up addresses and not names.
This is my wan config for dns
594D6632-25C0-4790-8A8D-40C48E5886EE.jpeg
and the results on ipv6 test
3EDDA07A-D45E-45CC-B656-8A04A9D65445.jpeg
 
Last edited:
I strongly suspect that it does. On the WAN page you have configured DNS servers for IPv4 lookup, not for IPv6 lookup, which is on the IPv6 page.
Easiest way to check is to enable 'Connect to DNS Server automatically' on the IPv6 page and see what happens.

EDIT
Sorry I have missed that you are using DoT, which is a subject I know nothing about. Still I would suggest enabling to see if it helps.

If it does no help then I would suggest disabling DoT and seeing if IPv6 works - if it does then the issue is with the correct way to have DoT and IPv6, which I am sure someone (not me) will be able to help you with

The Google IPV6 servers are at
2001:4860:4860::8888
2001:4860:4860::8844
 
Last edited:
I strongly suspect that it does. On the WAN page you have configured DNS servers for IPv4 lookup, not for IPv6 lookup, which is on the IPv6 page.
Easiest way to check is to enable 'Connect to DNS Server automatically' on the IPv6 page and see what happens.

EDIT
Sorry I have missed that you are using DoT, which is a subject I know nothing about. Still I would suggest enabling to see if it helps.

If it does no help then I would suggest disabling DoT and seeing if IPv6 works - if it does then the issue is with the correct way to have DoT and IPv6, which I am sure someone (not me) will be able to help you with

The Google IPV6 servers are at
2001:4860:4860::8888
2001:4860:4860::8844
no luck. adding the dns servers under ipv6 doesnt make a difference.
i still believe this is not a dns issue as im directly pinging ipv6 addresses and not names
 
I am not sure if this is relevant, but you have 2 different external IPV6 Global addresses, on on br0 and one on eth0.

On my setup the all the link addresses are the same range, but there in only one Global inet6 range and it is under br0

Code:
br0       Link encap:Ethernet  HWaddr A8:5E:45:AA:BB:CC
          inet addr:10.55.63.1  Bcast:10.55.63.255  Mask:255.255.255.0
          inet6 addr: fe80::aa5e:45ff:feae:5050/64 Scope:Link
          inet6 addr: 2a02:xxx:xxxx:5600::1/56 Scope:Global
          ...

eth0      Link encap:Ethernet  HWaddr A8:5E:45:AA:BB:CC
          inet addr:123.123.12.3  Bcast:123.123.12.255  Mask:255.255.252.0
          inet6 addr: fe80::aa5e:45ff:feae:5050/64 Scope:Link
          ....

In your ifconfig you have two on different Global scopes, one on br0 and one on eth0

br0 : 2800:484:XXXX:XXXX::1/56 Scope:Global
eth0: 2800:485:0:5e:XXXX:XXXX:3e1:de47/128 Scope:Global

I am assuming that the br0 address will be the same one that shows up in System Log > IPv6 and in the Routing table
 
I am not sure if this is relevant, but you have 2 different external IPV6 Global addresses, on on br0 and one on eth0.

On my setup the all the link addresses are the same range, but there in only one Global inet6 range and it is under br0

Code:
br0       Link encap:Ethernet  HWaddr A8:5E:45:AA:BB:CC
          inet addr:10.55.63.1  Bcast:10.55.63.255  Mask:255.255.255.0
          inet6 addr: fe80::aa5e:45ff:feae:5050/64 Scope:Link
          inet6 addr: 2a02:xxx:xxxx:5600::1/56 Scope:Global
          ...

eth0      Link encap:Ethernet  HWaddr A8:5E:45:AA:BB:CC
          inet addr:123.123.12.3  Bcast:123.123.12.255  Mask:255.255.252.0
          inet6 addr: fe80::aa5e:45ff:feae:5050/64 Scope:Link
          ....

In your ifconfig you have two on different Global scopes, one on br0 and one on eth0

br0 : 2800:484:XXXX:XXXX::1/56 Scope:Global
eth0: 2800:485:0:5e:XXXX:XXXX:3e1:de47/128 Scope:Global

I am assuming that the br0 address will be the same one that shows up in System Log > IPv6 and in the Routing table
good point what you evidenced.
this is what i get on my ipv6 routing
1601325405181.png
 
Google doesn't support DoT to the best of my recollection. Cloudflare does. You'll likely have to re-evaluate your use of it on your network:

If you want a more private DNS, you should consider checking out unbound which allows you (your router) to be your own recursive DNS server and go directly to the same Authoritative DNS servers that Google and Cloudflare use, bypassing the big boys and whatever data harvesting they're involved in. (It's also quite a lot faster, devices on your network referencing your DNS on your router rather than going and looking for the publicly available ones - my DNS lookups are significantly in the 0-1 usec (that's microseconds, millionths of a second vs ms milliseconds, thousandths of a second ;)). The unbound thread on here has a bunch of nuggets of gold information that should help, but it wouldn't hurt you to go to he.net and take their free IPv6 "certification" to the point that you require to "get it" as far as your network goes and how it works generally, and the kind souls who write the scripts for Merlin firmware have talked to each other and made it dead easy to install through amtm

Back to your IPv6 setup: when you say your modem is bridged, are you certain that your router is doing the authentication with your ISP, or have you set the router up to do that for you? (I think this could/may be the issue)
 
Back to your IPv6 setup: when you say your modem is bridged, are you certain that your router is doing the authentication with your ISP, or have you set the router up to do that for you? (I think this could/may be the issue)
Can you please elaborate a little bit more on this? What do you mean by authentication with the isp?
I currently get a public ipv4 on my router from my isp via dhcp. The cable modem is bridged since it doesn’t manage the wan side of my connection. Router does.

i assumed that by setting “native” and dhcp on the ipv6 page, the router will do the same that it does with ipv4 wan?
 
Last edited:
The cable modem is bridged since it doesn’t manage the wan side of my connection. Router does.

i assumed that by setting “native” and dhcp on the ipv6 page, the router will do the same that it does with ipv4 wan?
ok, WAN IP obtained by router...good; please disregard "authentication" red herring. You should be configured in dual-stack.
I know I'm not answering your questions as directly as you might like, but I'm also not asking you any as to why you have chosen DoT because it's none of my (our) business.
IPv6 works a bit differently than v4, so I'm going to suggest again (strongly this time) that you get some education about it from the resource I mentioned above. wikipedia was a big help to me too.
As @archiel suggested, you're going to need help with setting up DoT on both v4 and v6 sides...or disable that (and go full stack v6 if possible - in which case I suggest looking at unbound, skynet, diversion, suricata- bigger, more knowledgeable brains than mine have taken care of the privacy/security things for us, and have made it super easy to adopt/incorporate them).
Another thing you should get some understanding of is how the DNS system works - being your own rDNS is nowhere near as scary as it might sound, and bypassing Google/CloudFlare/etc removes the need for the encryption of DoT for lookups. Trust me, but please verify what I'm telling you here.
 
ok, WAN IP obtained by router...good; please disregard "authentication" red herring. You should be configured in dual-stack.
I know I'm not answering your questions as directly as you might like, but I'm also not asking you any as to why you have chosen DoT because it's none of my (our) business.
IPv6 works a bit differently than v4, so I'm going to suggest again (strongly this time) that you get some education about it from the resource I mentioned above. wikipedia was a big help to me too.
As @archiel suggested, you're going to need help with setting up DoT on both v4 and v6 sides...or disable that (and go full stack v6 if possible - in which case I suggest looking at unbound, skynet, diversion, suricata- bigger, more knowledgeable brains than mine have taken care of the privacy/security things for us, and have made it super easy to adopt/incorporate them).
Another thing you should get some understanding of is how the DNS system works - being your own rDNS is nowhere near as scary as it might sound, and bypassing Google/CloudFlare/etc removes the need for the encryption of DoT for lookups. Trust me, but please verify what I'm telling you here.
thanks so much for the advises. i will look around and gather more information about it
 
thanks so much for the advises. i will look around and gather more information about it
I seem to recall that I posted a few good links about DNS in the unbound thread that should help when it comes to making a decision about DoT/unbound now that you're going (have gone) IPv6.
I'm no expert - but I like to dig in and get a more full picture of things that I don't understand. Now I'm much more clear on IPv6 and DNS, security and privacy, and you will hopefully benefit from me going before along a similar path.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top