IPv6 question

[Tech9]

Just to add on another potential IPV6 issue...

Not surprised. Asuswrt is a mix of compatible and incompatible with IPv6 components.

 

[nospamever]

My wan connection type is automatic IP.

Hi, I checked there is no Automatic under the connection type drop-down list. Is Automatic set on your modem?

 

[nospamever]

HTTPS on the Webui is also turned off by default in the firmware, but that doesn't stop people from turing it on and using it over http. The router typically has a default login name and password, that doesn't stop people from changing it and using something different. Essentially, anytime you change something in the "firmware" from its default behavior, you are creating a security risk. Don't turn on SSH or AI-Protect either, the firmware has that turned off by default for a reason.

I just turned off the AI-Protect after reading the Privacy. Turning off also release some memory. Thanks for highlighting.

 

[Deleted member 22229]

I will try to change from passthrough. Last time I selected Native I could not get ipv6 connections.

Yes do this as stated above using passthrough will result in no IPv6 firewall at all. Use native if possible never passthrough unless you have a way of providing your own firewall.

 

[Deleted member 22229]

Hi, I checked there is no Automatic under the connection type drop-down list.

I believe automatic is something that Netgear uses in there firmware Asus does not.

 

[Tech9]

I enabled IPv6 under Advanced Setting/IPv6 as passthrough (and on my modem as well)

Modems are bridge devices. You perhaps have modem/router.

 

[zackattack784]

Hi, I checked there is no Automatic under the connection type drop-down list. Is Automatic set on your modem?

View attachment 45088

In the screenshot you posted I have it set to Native. You asked if I was using Native because my WAN connection type is set to PPPoE and I said no. My WAN connection type is set to Automatic IP.

I don’t have a modem. I have an ONT that has no user configurable settings.

 

[drinkingbird]

Hi, I checked there is no Automatic under the connection type drop-down list. Is Automatic set on your modem?

View attachment 45088

They were talking about their WAN connection not IPV6 - two different things. There is no automatic under IPv6 and even if there was, you wouldn't want to use it and risk getting put in passthrough mode.

If you aren't familiar with IPv6 and how it works, the implications on security of the different modes, just leave it disabled. It buys you nothing at this point (assuming you aren't using an ISP that uses private/CGNAT for IPv4 but even then for most users, that isn't an issue).

 

[zackattack784]

We had a long conversation about it.


If you have issues, you'll find from 3rd party. You have no way to diagnose your IPv6 connection. Like 60+ million users never found their physical address can be revealed by ISP routers with IPv6 enabled. The issue is fixed now, but it was real. Good luck with your home router and hope for the best.

Yea I read a good chunk of that thread before flipping the switch. I’m only running Skynet (I’m aware it’s ipv4 only), unbound, and diversion. Everything has worked fine since flipping the switch so I’ll keep it. But I don’t need IPv6 for anything so if something stops working I have no qualms about turning it off if it means I can avoid in-depth troubleshooting.

 

[Tech9]

so if something stops working

If you use on-device VPN client you have to rely on it to block IPv6 on that device. They all promise doing it reliably, but cutting IPv6 off on your router guarantees it and eliminates the IPv6 leak issue completely. Also, not sure if it affects something, but on that specific AC86U router IPv6 enabled + Runner/Flow Cache active fills the logs with kernel buggy errors. The messages are hidden in System Log, but flow like a river if you have log server set.

 

[Tech9]

It buys you nothing at this point

It depends on what country you live in. Most SNB Forum members though have IPv4 available. What we discuss here quite often is very simple - I can demonstrate with real everyday use examples what issues IPv6 enabled may cause, but very few with IPv6 enabled can demonstrate any real benefits. There are few selected cases where IPv6 is needed and used as a workaround - all discussed in the long thread.

 

[SomeWhereOverTheRainBow]

What we discuss here quite often is very simple - I can demonstrate with real everyday use examples what issues IPv6 enabled may cause, but very few with IPv6 enabled can demonstrate any real benefits.

Hell you could demonstrate even better running a ipv6 setup strictly by itself.. I can only imagine the complexities faced by those who have to do such to escape the trappings of ISP provisioned NAT.

 

[SomeWhereOverTheRainBow]

Hi, I checked there is no Automatic under the connection type drop-down list. Is Automatic set on your modem?

View attachment 45088

If you want a some what secure ipv6, you should select native. If you use a ppoe connection, a tab will appear on the same page that will allow you to select that as a connection type. The drop down tab won't appear until you actually save the native selection on the ipv6 page. Using pass-through is worse than using native since it just creates a big open ipv6 connection with zero firewall considerations.

Personally, I would tell you if you don't need ipv6, leave it turned off. One less layer of complexity to contend with.

 

[Tech9]

Hell you could demonstrate even better running a ipv6 setup strictly by itself.

Not sure if IPv4 can be disabled on Asus routers. Everything is built around IPv4 with some IPv6 support here and there.

Personally, I would tell you if you don't need ipv6, leave it turned off. One less layer of complexity to contend with.

Exactly.

 

[SomeWhereOverTheRainBow]

Not sure if IPv4 can be disabled on Asus routers. Everything is built around IPv4 with some IPv6 support here and there.



Exactly.

Here is a good example of a network with mixture of ipv4 and ipv6. I have a dual stack ISP configuration on one of my setups. I didn't even configure ipv6, the openwrt firmware build I used already had it "pre-configured". I would have had to take steps to turn it off. But here is what the data shows per connection type.

The big green is ipv4 hosts, the almost 1/4th slither is IPv6.


Now this is different from A(ipv4) and AAAA(ipv6) dns query's since both can typically travel over either type of connection.

My network typically has slightly more AAAA queries than AA ones.

 

[Tech9]

What matters is how different is your Internet user experience with IPv4 + IPv6 compared to IPv4 only, how effectively you can implement the same level of network protection on both IPv4 and IPv6 and what level of control you have over your own devices. You're good because you know things. I'm generally against advising beginner users to enable IPv6 and learn from experience. It doesn't work this way.

 

[nospamever]

It is amazing the wealth of info on this forum.

 

[SomeWhereOverTheRainBow]

What matters is how different is your Internet user experience with IPv4 + IPv6 compared to IPv4 only, how effectively you can implement the same level of network protection on both IPv4 and IPv6 and what level of control you have over your own devices. You're good because you know things. I'm generally against advising beginner users to enable IPv6 and learn from experience. It doesn't work this way.

The best advice to give, is don't use it if you don't need it like you mention. But for the sake of keeping curiosity from killing the cat (@Viktor Jaep ) , I advise on both scenarios like i did by mentioning to choose native over passthrough if possible.

 

[Tech9]

native over passthrough

I still believe @nospamever has modem/router ISP device.

What WAN IP you are getting on your Asus router, @nospamever? Public or private?

Main GUI page:

 

[SomeWhereOverTheRainBow]

I still believe @nospamever has modem/router ISP device.

What WAN IP you are getting on your Asus router, @nospamever? Public or private?

Main GUI page:

View attachment 45099

yep if it is a double router configuration, the passthru may be the only option. In that case, the first router would provide the necessary firewalling for ipv6 (atleast we would hope that is the case). Keep in mind this shouldn't be confused with a GCNAT modem which would provide a range of between 100.64.0.0 and 100.127.255.255.