IPv6 question

[SomeWhereOverTheRainBow]

No rush. Take your time whoever is still working on it.

The guys over at broadcomm are on their lunch break. It will have to be whenever they come back...

 

[Treadler]

And that's the challenge perhaps...

WAN-side is a challenge, as ISP's have multiple methods there...

That being said - not Eric's problem to solve, this needs to be upstream from Asus...

My ISP implemented IPv6 May 2019.
It is officially still in Beta with them. In this case Beta = no support.

 

[Tech9]

In this case Beta = no support.

We offer moral support here. Be a man! Jump in and (let us) see what happens (to you).

 

[Tech9]

By the way:

32x IPv6 addresses already and counting... this is getting entertaining. Really, really IPv6 hungry iPhone.

This one is more satisfied in life:

 

[bluepoint]

By the way:

View attachment 45433

32x IPv6 addresses already and counting... this is getting entertaining. Really, really IPv6 hungry iPhone.

This one is more satisfied in life:

View attachment 45434

I've seen that many ip addresses with an ipad here, it happens when the client is set in private wifi address and the connection is unstable(in/out) usually the battery is running low. However, it clears the addresses after 12 hrs., they have very short leases so it seems it's not a bug.

 

[Tech9]

it happens when the client is set in private wifi address and the connection is unstable

The phone is in the same room and private address is disabled. This is ridiculous whatever it is.

Anyway, enough volunteers around, I have the problem solved. The best IPv6 setting in Asuswrt:

 

[bluepoint]

The phone is in the same room and private address is disabled. This is ridiculous whatever it is.

Anyway, enough volunteers around, I have the problem solved. The best IPv6 setting in Asuswrt:

View attachment 45435

Your choice nothing we can do about that, me, i'll continue my journey.

 

[Treadler]

I've seen that many ip addresses with an ipad here, it happens when the client is set in private wifi address and the connection is unstable(in/out) usually the battery is running low. However, it clears the addresses after 12 hrs., they have very short leases so it seems it's not a bug.

House full of idevices here, private wifi enabled, problem not seen.
Might ‘sometimes’ get two or three addresses, but very rarely.

 

[bluepoint]

House full of idevices here, private wifi enabled, problem not seen.
Might ‘sometimes’ get two or three addresses, but very rarely.

This seems to happen when an iDevice or even windows that sleeps in and out of their wireless connections. It appears in ipv6 acquiring addresses is not a problem but it doesn't retain the same IP whenever you come in and out specially if it's rapidly in succession. Good thing the leases are short that it claims it back when its time to renew. I can see trouble when you have a server but I've read that people were able to assign static IP's. When there is a problem like this that's when you learn to find out the solution.

 

[Viktor Jaep]

With all this chatter and hype about IP6 and the lack of VPN kill switches that can handle IP6, I decided to take matters into my own hands and see if I could make this work... It's been a good couple of days learning more about the functionality of iptables... Many thanks to @eibgrad for the inspiration from his amazingly efficient kill switch script.

Presenting: KILLMON 0.3 (preview)

Enjoy.

 

[Tech9]

To prevent IPv6 leaks you have to kill IPv6 traffic when your IPv4 tunnel is up as well. It doesn't make much sense to me. First you enable IPv6 for unknown reason and then kill it because you want to use IPv4 only tunnel. Keeping IPv6 disabled on the router solves IPv6 leak issues permanently.

 

[Viktor Jaep]

To prevent IPv6 leaks you have to kill IPv6 traffic when your IPv4 tunnel is up as well. It doesn't make much sense to me. First you enable IPv6 for unknown reason and then kill it because you want to use IPv4 only tunnel. Keeping IPv6 disabled on the router solves IPv6 leak issues permanently.

This script forces all IP6 traffic through the VPN tunnel... if the VPN tunnel goes down, no IP4 or IP6 traffic will be allowed to get out.

 

[Tech9]

If it uses IPv4 tunnel in/out, what's the point of having IPv6 enabled? This is like 6in4 tunnel. Sounds like a solution to non existing problem, created by altering router's default settings. I agree it perhaps does better kill switch function, but IPv6 can be taken out of the equation with one click.

 

[dave14305]

By the way:

View attachment 45433

32x IPv6 addresses already and counting... this is getting entertaining. Really, really IPv6 hungry iPhone.

This one is more satisfied in life:

View attachment 45434

The GUI relies on the output of the command:

ip -f inet6 neigh show dev br0

to populate that client list. By default, Linux won’t cleanup stale entries until the list is over 128 entries.

If anyone wants to lower this threshold, you can modify it:

echo 16 > /proc/sys/net/ipv6/neigh/default/gc_thresh1

where 16 could be any number less than 128, maybe close to double the number of IPv6-capable devices on your LAN.

 

[SomeWhereOverTheRainBow]

The GUI relies on the output of the command:

ip -f inet6 neigh show dev br0

to populate that client list. By default, Linux won’t cleanup stale entries until the list is over 128 entries.

If anyone wants to lower this threshold, you can modify it:

echo 16 > /proc/sys/net/ipv6/neigh/default/gc_thresh1

where 16 could be any number less than 128, maybe close to double the number of IPv6-capable devices on your LAN.

It should be noted that before anyone chooses to take this approach, they should actually review information about "ARP cache sizes and GC thresholds" to determine if this the actual approach they wish to take.

You actually have 1 2 and 3 gc_thresh:
/proc/sys/net/ipv6/neigh/default/gc_thresh1
/proc/sys/net/ipv6/neigh/default/gc_thresh2
/proc/sys/net/ipv6/neigh/default/gc_thresh3

 

[sfx2000]

To prevent IPv6 leaks you have to kill IPv6 traffic when your IPv4 tunnel is up as well. It doesn't make much sense to me. First you enable IPv6 for unknown reason and then kill it because you want to use IPv4 only tunnel. Keeping IPv6 disabled on the router solves IPv6 leak issues permanently.

Get a VPN provider that support IPv4/v6, problem solved..

 

[Tech9]

Get a VPN provider that support IPv4/v6, problem solved..

Or leave IPv6 at default Disabled and choose any VPN provider you like. The problem doesn't exist.

 

[Kingp1n]

Get a VPN provider that support IPv4/v6, problem solved..

I tried a couple IPV6 supported VPN providers and they still had DNS leaked during my testing.

 

[archiel]

I tried a couple IPV6 supported VPN providers and they still had DNS leaked during my testing.

If you are running the VPN Director VPN clients on the router, then you will have IPv6 leaks, because the clients themselves do not support IPv6. @RMerlin does not have access to an IPv6 ISP and without this it is not practical to do the work necessary to get this to work. As noted elsewhere you can disable IPv6 on the router, or just disable IPv6 on the devices routed through the tunnel(s).

If you want to use VPN providers who supports IPv6 then your current options are
connect via the provider's own clients (not the router)
move your VPN routing to a device that does support dual stack VPN routing (I believe it can be done on a pi, have never tried)
on a supported Asus device, run @ZebMcKayhan's Wireguard Manager (WGM)

I use WGM, with dual stack and no leaks, but I also have a slow ISP (for fast links Wireguard will speed limit your whole network, not just the VPN tunnels)

 

[learning_curve]

I tried a couple IPV6 supported VPN providers and they still had DNS leaked during my testing.

If you are running the VPN Director VPN clients on the router, then you will have IPv6 leaks, because they clients themselves do not support IPv6. @RMerlin does not have access to an IPv6 ISP and without this it is not practical to do the work necessary to get this to work. As noted elsewhere you can disable IPv6 on the router, or just disable IPv6 on the devices routed through the tunnel(s).

If you want to use VPN providers who supports IPv6 then your current options are
connect via the provider's own clients (not the router)
move your VPN routing to a device that does support dual stack VPN routing (I believe it can be done on a pi, have never tried)
on a supported Asus device, run @ZebMcKayhan's Wireguard Manager (WGM)

I use WGM, with dual stack and no leaks, but I also have a slow ISP (for fast links Wireguard will speed limit your whole network, not just the VPN tunnels)

@Kingp1n As @archiel has correctly posted, those problems can only be due to the specific setup (...that you're currently using).
My own very recent post, which is effectively a less detailed, shortened version of the post by @archiel above

Beta - Asuswrt-Merlin 388.1 Beta is available for select models

I promise this is the last post about IPv6 and HBO max slowness on start. If you google "hbo max slow start IPv6" you will see that there are plenty of reports of HOB max logging slow. It does not mean it is not working. It just takes about 40-50 seconds to start the app and show when IPv6 is...

www.snbforums.com