What's new

YazFi IPV6 Connectivity Issues

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

arewhy

Occasional Visitor
I decided to give YazFi a shot for the increased IP address and firewall granularity. Installed YazFi, enabled it for both 2.4 and 5 GN2. Internet Access-Y, One way to Guest-Y, Client Isolation-N. Everything appeared to be working well until I received a notification on my phone that my Solar Panels were no longer “online”. It just so happens that my Solar monitoring system gets an IPV6 address. I checked my Hisense TV which also gets an IPV6 address and found that Disney+ and Paramount Plus were not working and reported that they did not have internet access. I looked at the IP6Tables and didn’t see anything would prevent access. I then looked at the ebtables and found the following entries in the broute table:

-p IPv6 -i wl1.2 -j DROP

-p IPv6 -i wl0.2 -j DROP

I removed those two entries, and my solar panel monitoring system came back online and the apps Disney+ and Paramount Plus no longer had an issue. I’m thinking that I’m safe in doing this because the IP6Tables rules still apply. I welcome any thoughts/recommendations on what I did.
 
I decided to give YazFi a shot for the increased IP address and firewall granularity. Installed YazFi, enabled it for both 2.4 and 5 GN2. Internet Access-Y, One way to Guest-Y, Client Isolation-N. Everything appeared to be working well until I received a notification on my phone that my Solar Panels were no longer “online”. It just so happens that my Solar monitoring system gets an IPV6 address. I checked my Hisense TV which also gets an IPV6 address and found that Disney+ and Paramount Plus were not working and reported that they did not have internet access. I looked at the IP6Tables and didn’t see anything would prevent access. I then looked at the ebtables and found the following entries in the broute table:

-p IPv6 -i wl1.2 -j DROP

-p IPv6 -i wl0.2 -j DROP

I removed those two entries, and my solar panel monitoring system came back online and the apps Disney+ and Paramount Plus no longer had an issue. I’m thinking that I’m safe in doing this because the IP6Tables rules still apply. I welcome any thoughts/recommendations on what I did.
There is nothing really YazFi puts in for ipv6 except to block them in ebtables, which would mean these packages goes through ip6tables instead.

The stateful ipv6 firewall will still protect you but there is a risk that there is now full ipv6 access between your guest wifi and your lan. If you are ok with that then I wouldn't worry too much. If not, you will have to fill in the proper rules yourself.
 
@ZebMcKayhan, thank you for your reply! I think that I am ok with full ipv6 access between guest wifi and the LAN but I will consider it further and thanks to you, I've got an idea on where to apply the proper rules if I change my mind:)
 
The following earlier discussion on YazFi and IPV6 subnets may or may not apply or help with this discussion.

https://www.snbforums.com/threads/ipv6-subnets.76626/
@arewhy @bennor Ive summerized this in my wireguard guide... but the YazFi part works well even without Wireguard. There are some firewall rules there that could be equally applied to your ipv6 wan interface.

https://github.com/ZebMcKayhan/WireguardManager#setup-yazfi-for-ipv6-subnet-to-route-out-wg-vpn

//Zeb
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top