Reply
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

I tried v 1.9.0. Hwnat still disables ipv6. I flashed back to the current version and disabled
hwnat. I will standby for further info.

Fred B

Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Bump. Any word on whether the new 1.9.7 alpha addresses this?

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
Ubiquiti Employee
Posts: 481
Registered: ‎01-06-2017
Kudos: 177
Solutions: 20

Re: Comcast IPv6 issues when hwnat enabled on ER-X

@sjjenkins We haven't found what's causing this and we cannot replicate this in our lab.

Has anybody else been able to narrow down the scenario that is causing this issue?
New Member
Posts: 1
Registered: ‎04-18-2017

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I haven't looked in to it too much, but I'm on google fiber, and I lose ipv6 connectivity at some point, and restarting the edgerouter x resolves it temporarily

Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X


UBNT-sandisn wrote:
@sjjenkins We haven't found what's causing this and we cannot replicate this in our lab.

Has anybody else been able to narrow down the scenario that is causing this issue?

@UBNT-sandisn I just flashed v1.9.7alpha1 onto an ER-X and put it in service on a Comcast residential connection. Using an ER-Lite on this same connection, IPv6 works great. On the ER-X, it does not. Using this config:

 

https://github.com/stevejenkins/UBNT-EdgeRouter-Example-Configs/blob/master/Comcast/config.boot.erx

 

(usernames / passwords on live config are different than the example config, and I'm running on the 192.168.3.x subnet instead of 192.168.1.x)

 

When I run:

 

release dhcpv6-pd interface eth0

I get:

 

DHCPv6 client is already released on interface eth0.

 

I'm happy to provide log or CLI output for anything, but it might be easier if you just access it directly. Router is located at a rental property that is currently vacant, so you can tinker at-will.

 

If you'd like to access the router remotely and experiment, I have configured it to allow that. Please PM me if you'd like the access credentials.

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I hope the ubnt guys will take you up on your offer.

I have had no luck with my edgerouter x + hwnat + ipv6 with residential Comcast. ipv6 works fine without hwnat.


Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X


flbroce wrote:
I hope the ubnt guys will take you up on your offer.

I have had no luck with my edgerouter x + hwnat + ipv6 with residential Comcast. ipv6 works fine without hwnat.



Correction: after tinkering with the firewall settings to make sure they were consistent, I'm now getting IPv6 with hwnat enabled on the ER-X with the 1.9.7 alpha firmware.

 

root@UBNT-gateway:/home/ubnt# configure
[edit]
root@UBNT-gateway# show system offload
 hwnat enable
 ipsec enable
[edit]
root@UBNT-gateway# exit
exit
root@UBNT-gateway:/home/ubnt# show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description                 
---------    ----------                        ---  -----------                 
eth0         24.xx.xx.xx/21                   u/u  WAN                         
             2001:xxx:xxx:xxx:xxx:xxx:xxx:xxx/128
eth1         -                                 u/D  LAN                         
eth2         -                                 u/D  LAN                         
eth3         -                                 u/u  LAN                         
eth4         -                                 u/D  LAN                         
lo           127.0.0.1/8                       u/u                              
             ::1/128                          
switch0      192.168.1.1/24                    u/u  LAN Switch                  
             2601:xxx:xxx:xxx::1/64         
switch0.102  172.16.0.1/24                     u/u  Guest Network VLAN          
             2601:xxx:xxx:xxx::1/64         

 

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Tell me what to change on the firewall and I will try it on 1.9.1. I don't have access to the beta, however

I am hopeful 1.9.1 will work with your changes.

 

Thanks,

Fred

Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I've updated it here:

 

https://github.com/stevejenkins/UBNT-EdgeRouter-Example-Configs/blob/master/Comcast/config.boot.erx

 

So compare those settings against yours (I'd check the interfaces sections too, just to make sure the firewall rules are applied correctly) and see if you can find anything different. Crossing my fingers for you! Man Happy

 

Remember to check the "Comcast IPv6 Considerations" section of the Github README, and if you want to manually kick the IPv6 bits, do:

 

$ release dhcpv6-pd interface eth0
$ delete dhcpv6-pd duid 
$ renew dhcpv6-pd interface eth0
This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Thanks Steve. My config was much more simple than yours. I just added a few things to

the original config.boot file and it pretty much worked. I only added a port redirect for a webcam, 

cloned the mac number of my old router and applied to eth0, and added dhcp and the ipv6 setup

found in the wizards. 

 

I have yours now however, I will have to compare the two and see if I can duplicate what you have.

I could probably take yours and just modify it after it boots however, I don't want to brick the er-x

so I am being cautious.

 

I will post my results when I get time to debug things.

 

Fred

Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X

REALLY tough to brick an EdgeRouter via a wonky config.boot. Lemme know how it goes.

 

 

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Steve:

 

I was looking at your config file. Near the end you have:

I thought we were enabling hwnat?

 

 

offload {

        /* Enabling hwnat on ER-X disables IPv6 */

        hwnat disable

        ipsec enable

    }

Regular Member
Posts: 524
Registered: ‎09-23-2015
Kudos: 166
Solutions: 3

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Yes - override it manually.

 

I haven't confirmed whether it only works on the new alpha or also 1.9.1. So many reports of it killing IPv6 that I disabled it by default and allowed people to manually enabled it if they want to test it.

 

 

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X


sjjenkins wrote:

Yes - override it manually.

 

I haven't confirmed whether it only works on the new alpha or also 1.9.1. So many reports of it killing IPv6 that I disabled it by default and allowed people to manually enabled it if they want to test it.

 

 


OK..thanks. I will do some testing and update when I can.

New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

It's probably too early to say for sure but I made a change to the firewall on v1.9.1 and

enabled hwnat AND ipsec offload (have to enable both) and ipv6 is working with Comcast.

 

The problem is my previous posted change was incorrect. So I am afraid this is not of much help.

 

 

 

New Member
Posts: 9
Registered: ‎11-20-2016
Kudos: 5

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I have set up a sniffer between the ER-X and the Cable Modem.   The am running 1.9.7alpha1 and still cannot get IPv6 working with hwnat offload enabled.   The capture shows DHCPv6 solicits and advertisements.  However if I perform a tcpdump on the ER-X all I see are the solicits being sent not the advertisements I know are on the wire.

 

Something in HWNAT is causing the DHCP advertisements (source port 547/dest port 546) to be discarded silently.   BTW I have this specifically permitted in a firewall rule and it works fine without hwnat enabled.

 

I am forgoing IPv6 for the time being as I need the performance.

Ubiquiti Employee
Posts: 481
Registered: ‎01-06-2017
Kudos: 177
Solutions: 20

Re: Comcast IPv6 issues when hwnat enabled on ER-X

@dbirkhead. Excellent analysis, thanks! We suspected something along those lines however we were not able to reproduce the issue in our lab. Could you kindly provide the captures and your configuration for analysis?
New Member
Posts: 9
Registered: ‎11-20-2016
Kudos: 5

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Here you go.   I am sure you have wireshark for the PCAP.

Ubiquiti Employee
Posts: 481
Registered: ‎01-06-2017
Kudos: 177
Solutions: 20

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Thanks again! PCAP is our preferred format for analysis Man Happy Could you also provide output of "show version"?
New Member
Posts: 9
Registered: ‎11-20-2016
Kudos: 5

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Version:      v1.9.7alpha1

Build ID:     4968958

Build on:     03/28/17 00:52

Copyright:    2012-2016 Ubiquiti Networks, Inc.

HW model:     EdgeRouter X 5-Port

HW S/N:       802AA85F510D

Uptime:       10:41:32 up 1 day,  8:41,  2 users,  load average: 1.03, 1.07, 1.06

Reply