Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3
Accepted Solution

dhcpv6 comcast

[ Edited ]

hello, 

comcast gives users an ipv6 address, when i hook up my computer directly to my cable modem, i am able to disable ipv4 and get internet completely through ipv6, unless if the site doesnt have ipv6, so i was hoping i could get ipv6 to work through the router also.

I am wondering if its even possible to get it to work. I have dhcpv6 working, my computer gets an ip6 address, when i trace a ipv6 address, it goes to the edgerouter next, after that it times out.

from the edgerouter cli, i am able to ping and trace any ipv6 address, whether its inside the lan or outside wan

i want to figure out how to get my internal computers to connect to an external ipv6 address, and i have a feeling my firewall or something is blocking it,or my protocols static mapping is wrong, i have no idea, was hoping someone can help.

 firewall {                                                                     
     all-ping enable                                                            
     broadcast-ping disable                                                     
     conntrack-expect-table-size 4096                                           
     conntrack-hash-size 4096                                                   
     conntrack-table-size 32768                                                 
     conntrack-tcp-loose enable                                                 
     ipv6-receive-redirects disable                                             
     ipv6-src-route disable                                                     
     ip-src-route disable                                                       
     log-martians enable                                                        
     name WAN_IN {                                                              
         default-action drop
         description "packets from Internet to LAN & WLAN"
         enable-default-log
         rule 1 {
             action drop
             description "drop invalid state"
             log disable 
             protocol all
             state {
                 established disable
                 invalid enable 
                 new disable
                 related disable
             } 
         }
         rule 2 {
             action reject
             description youtube
             log disable
             protocol all                                                       
             source {                                                           
                 address 173.194.55.0/24                                        
             }                                                                  
         }                                                                      
         rule 3 {                                                               
             action reject                                                      
             description youtube                                                
             log disable                                                        
             protocol all                                                       
             source {                                                           
                 address 206.111.0.0/16                                         
             }                                                                  
         }                                                                      
         rule 4 {                                                               
             action accept
             description "icmp 6 every 20"                                      
             destination {                                                      
                 address 192.168.1.2                                            
             }                                                                  
             log disable                                                        
             protocol icmp                                                      
             recent {                                                           
                 count 6                                                        
                 time 20                                                        
             }                                                                  
         }                                                                      
         rule 5 {                                                               
             action accept                                                      
             description "allow established sessions"                           
             log disable                                                        
             protocol all                                                       
             state {                                                            
                 established enable                                             
                 invalid disable                                                
                 new disable                                                    
                 related enable                                                 
             }                                                                  
         }
         rule 6 {                                                               
             action accept                                                      
             description "all ports to server"                             
             destination {                                                      
                 address 192.168.1.2                                            
             }                                                                  
             log disable                                                        
             protocol all                                                       
         }                                                                      
     }                                                                          
     name WAN_LOCAL {                                                           
         default-action drop                                                    
         description "packets from Internet to the router"                      
         enable-default-log                                                     
         rule 1 {                                                               
             action accept                                                      
             description "allow established session to the router"              
             log disable                                                        
             protocol all                                                       
         }                                                                      
         rule 2 {                                                               
             action drop                                                        
             description "drop invalid state"
             log enable                                                         
             protocol all                                                       
         }                                                                      
     }                                                                          
     receive-redirects disable                                                  
     send-redirects enable                                                      
     source-validation disable                                                  
     syn-cookies enable                                                         
 }                                                                              
 interfaces {                                                                   
     bridge br0 {                                                               
         address 192.168.1.1/24                                                 
         address 2001:a:b::1/64                                                 
         ipv6 {                                                                 
             router-advert {                                                    
                 default-preference high                                        
                 managed-flag true                                              
                 max-interval 10                                                
                 other-config-flag true                                         
                 prefix 2001:a:b::/64 {                                         
                     autonomous-flag true                                       
                 }                                                              
                 send-advert true
             }                                                                  
         }                                                                      
         stp true                                                               
     }                                                                          
     ethernet eth0 {                                                            
         address dhcp                                                           
         address dhcpv6                                                         
         description WAN                                                        
         firewall {                                                             
             in {                                                               
                 name WAN_IN                                                    
             }                                                                  
             local {                                                            
                 name WAN_LOCAL                                                 
             }                                                                  
         }                                                                      
     }                                                                          
     ethernet eth1 {                                                            
         bridge-group {                                                         
             bridge br0                                                         
         }                                                                      
         description LAN                                                        
         ipv6 {
             dup-addr-detect-transmits 1                                        
             router-advert {                                                    
                 prefix 2001:a:b::/64 {                                         
                     autonomous-flag true                                       
                     on-link-flag true                                          
                 }                                                              
                 send-advert true                                               
             }                                                                  
         }                                                                      
     }                                                                          
     ethernet eth2 {                                                            
         bridge-group {                                                         
             bridge br0                                                         
         }                                                                      
         description LAN2                                                       
     }                                                                          
     loopback lo {                                                              
     }                                                                          
 }                                                                              
 protocols {                                                                    
     static {                                                                   
         route6 ::/0 {                                                          
             next-hop fe80::201:5cff:fe24:f141 { #i think this is my default gateway, not sure, ive tried my router ip address also 2001:558:6045:a:9ce7:68ed:433b:5038
             }                                                                  
         }                                                                      
     }                                                                          
 }                                                                              
 service {                                                                      
     dhcp-server {                                                              
         disabled false                                                         
         shared-network-name LAN-Subnet {                                       
             authoritative disable                                              
             subnet 192.168.1.0/24 {                                            
                 default-router 192.168.1.1                                     
                 dns-server 192.168.1.2                                         
                 lease 86400                                                    
                 start 192.168.1.100 {                                          
                     stop 192.168.1.200                                         
                 }                                                              
                 static-mapping server {                                   
                     ip-address 192.168.1.2                                     
                     mac-address 00:11:32:13:b8:fa                              
                 }                                                              
             }                                                                  
         }                                                                      
     }
     dhcpv6-server {                                                            
         shared-network-name fastrouter {                                       
             subnet 2001:a:b::/64 {                                             
                 address-range {                                                
                     start 2001:a:b::2 {                                        
                         stop 2001:a:b::100                                     
                     }                                                          
                 }                                                              
                 name-server 2001:4860:4860::8888                               
                 name-server 2001:4860:4860::8844                               
             }                                                                  
         }                                                                      
     }                                                                          
     dns {                                                                      
         forwarding {                                                           
             cache-size 150                                                     
             listen-on br0                                                      
         }                                                                      
     }                                                                          
     gui {                                                                      
         https-port 443                                                         
     }                                                                          
     nat {
         rule 1 {                                                               
             description "all ports to server"                             
             inbound-interface eth0                                             
             inside-address {                                                   
                 address 192.168.1.2                                            
             }                                                                  
             log disable                                                        
             protocol all                                                       
             type destination                                                   
         }                                                                      
         rule 2 {                                                               
             description "all lan ports to server"                         
             destination {                                                      
                 address 50.161.65.113                                          
             }                                                                  
             inbound-interface br0                                              
             inside-address {                                                   
                 address 192.168.1.2                                            
             }                                                                  
             log disable                                                        
             source {                                                           
                 address 192.168.1.10-192.168.1.254                             
             }
             type destination                                                   
         }                                                                      
         rule 5000 {                                                            
             description "masquerade for WAN"                                   
             log disable                                                        
             outbound-interface eth0                                            
             type masquerade                                                    
         }                                                                      
     }                                                                          
     ssh {                                                                      
         port 22                                                                
         protocol-version v2                                                    
     }                                                                          
 }                                                                              

 

http://videomatic3.diskstation.me/routing.png


Accepted Solutions
Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: dhcpv6 comcast

[ Edited ]

i just want to point out i finally got ipv6 working perfectly, for the moment

i followed this post and it didnt work out completely;
http://community.ubnt.com/t5/EdgeMAX/DHCPv6-Prefix-Delegation-Support/m-p/384938/highlight/true#M381...

it did not work untill i added an ipv6 address to my lan interface

so heres all the commands i did;
eth1 is my WAN interface
eth0 is my LAN interface

 

sudo su
sysctl -w net.ipv6.conf.eth1.forwarding=0
sysctl -w net.ipv6.conf.eth1.accept_ra=2
exit
configure
set interfaces ethernet eth1 address dhcpv6
commit
exit
sudo su
dhclient -6 -P -d -v eth1

//copy iaprefix line

exit
configure
set interfaces ethernet eth0 address $iaprefix
set interfaces ethernet eth0 ipv6 router-advert prefix $iaprefix autonomous-flag true
set interfaces ethernet eth0 ipv6 router-advert prefix $iaprefix on-link-flag true
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 ipv6 router-advert send-advert true
commit
save
exit

of course, replace $iaprefix with your address, and as far as my eth0 ipv6 address i made it my iaprefix::1, however it worked just as :: also

View solution in original post


All Replies
Emerging Member
Posts: 71
Registered: ‎03-04-2013
Kudos: 52
Solutions: 3

Re: dhvpv6 comcast

I don't think that EdgeOS includes support for DHCPV6-PD yet.  The Prefix Delegation part is needed in order for you to get native IPv6 connectivity from Comcast.  

Here is a link to an older thread with more information:

http://community.ubnt.com/t5/EdgeMAX/DHCPv6-Prefix-Delegation-Support/m-p/384936/highlight/true#M381...

Member
Posts: 296
Registered: ‎05-09-2013
Kudos: 179
Solutions: 27

Re: dhvpv6 comcast

Yes it does support dhcpv6-pd using wide dhcpv6 client but you'll need to configure manually as there is no CLI or GUI support for it at this moment. And about static v6 route use outbound interface instead IP if you are not sure.

set protocols static interface-route6 ::/0 next-hop-interface outboundifacehere

 

 

Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: dhvpv6 comcast

[ Edited ]

thats the kind of answer i was looking for, interface_route6

its ok, i tried it, it isnt working

ill just wait for a gui interface, thank you for the help

Member
Posts: 296
Registered: ‎05-09-2013
Kudos: 179
Solutions: 27

Re: dhvpv6 comcast

[ Edited ]

It should work.


You have some things to do:

Wide dhcpv6 doesn't run by default. You need to:

sudo update-rc.d wide-dhcpv6-client defaults

 Then edit /etc/sysctl.conf and add modifing pppoe0 with your wan interface:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.pppoe0.accept_ra=2

 This is my /etc/wide-dhcpv6/dhcpv6c.conf edit yours according to your setup :

interface pppoe0 {
    send rapid-commit;
    send ia-pd 0;
    send ia-na 0;
    request domain-name-servers, domain-name;
    script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc pd 0 {
    prefix-interface br0 {
    sla-id 0;
    sla-len 0;
    };
};

id-assoc na 0 {};

 Take a look in /etc/defaults/wide-dhcpv6-client and modify according to your wan interface (pppoe0 in my case) :

INTERFACES="pppoe0"

Also run in configure mode (modifing this lines according to your setup) :

set interfaces ethernet br0 ipv6 router-advert prefix ::/64

br0 in my case is lan interface.

 After this do a reboot and see if it's working.

 Also sometimes in my case after router start-up i need to restart radvd running :

sudo /etc/init.d/radvd restart

 donno why my guess is that radvd starts before pppoe and adertise wrong address.

Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: dhvpv6 comcast

[ Edited ]

thank you for the input, i did all that, now my router is unable to ping ipv6 addresses anymore, however my default gateway shows up correctly on my computer, which is pretty cool.

now instead of traceroutes timing out, it tells me the destination host is unreachable

and pinging the ipv6 from the outside world no longer works either, i broke something

i think ill try to just start from scratch again

Member
Posts: 296
Registered: ‎05-09-2013
Kudos: 179
Solutions: 27

Re: dhvpv6 comcast

Try this:

remove static IP assigned to br 0

replace prefix 2001:a:b::/64 with ::/64 for br0

replace stp true and managed-flag true with stp false and managed-flag false for br0

remove ipv6 settings for eth1 leave bridge only

remove address dhcpv6 from eth0 (wide-dhcpv6-client will get the ip)

remove dhcpv6-server from service (radvd will do advertise)

 

interfaces {
    bridge br0 {
        address 192.168.1.1/24
        aging 300
        description LAN
        firewall {
            in {
                name LAN_IN
            }
            local {
                name LAN_LOCAL
            }
        }
        hello-time 2
        ipv6 {
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                link-mtu 0
                managed-flag false
                max-interval 600
                other-config-flag false
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
        max-age 20
        priority 0
        stp false
    }
    ethernet eth0 {
        bridge-group {
            bridge br0
        }
        duplex auto
        speed auto
    }
    ethernet eth1 {
        bridge-group {
            bridge br0
        }
        duplex auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name pppoe-in
                }
                local {
                    name pppoe-local
                }
                out {
                    modify pppoe-out
                }
            }
            ipv6 {
                dup-addr-detect-transmits 1
                enable {
                }
            }
            mtu 1492
            name-server auto
            password xx
            user-id xx
        }
        speed auto
    }
    loopback lo {
    }
}
protocols {
    static {
        interface-route6 ::/0 {
            next-hop-interface pppoe0 {
            }
        }
    }
}

 

This is the relevant part of my settings that work to guide you. Mine is pppoe but it's not that important.

 

Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: dhvpv6 comcast

[ Edited ]

after screwing around with it for a few minutes, the ipv6 stops working after using the following command net.ipv6.conf.all.forwarding=1
it only works when it is set to 0, also editing the sysctl.conf seems to have no effect upon bootup, so i used the command on the other forum post, sysctl -w net.ipv6.conf.all.forwarding=1
i need a few minutes to mess with it more

i tried to get as close to your settings as possible

cant ping ipv6 address without having the dhcpv6 on with my wan port, once i set ipv6.conf.all.forwarding=1 i cant set it back to 0, ipv6 stops working unless if i do factory reset

cant ping the router ipv6 without the static ip being set to the bridge

i dunno, im not a programmer, buying this router was a mistake, i appreciate the help, i think im done trying

 bridge br0 {                                                                   
     address 192.168.1.1/24                                                     
     aging 300                                                                  
     description lan                                                            
     hello-time 2                                                               
     ipv6 {                                                                     
         dup-addr-detect-transmits 1                                            
         router-advert {                                                        
             cur-hop-limit 64                                                   
             default-preference high                                            
             link-mtu 0                                                         
             managed-flag false                                                 
             max-interval 10                                                    
             other-config-flag false                                            
             prefix ::/64 {                                                     
                 autonomous-flag true                                           
                 on-link-flag true                                              
                 valid-lifetime 2592000                                         
             }                                                                  
             reachable-time 0                                                   
             retrans-timer 0                                                    
             send-advert true                                                   
         }                                                                      
     }
     max-age 20                                                                 
     priority 0                                                                 
     stp false                                                                  
 }                                                                              
 ethernet eth0 {                                                                
     address dhcp                                                               
     description WAN                                                            
     duplex auto                                                                
     firewall {                                                                 
         in {                                                                   
             name WAN_IN                                                        
         }                                                                      
         local {                                                                
             name WAN_LOCAL                                                     
         }                                                                      
     }                                                                          
     ipv6 {                                                                     
         dup-addr-detect-transmits 1                                            
     }                                                                          
     speed auto                                                                 
 }                                                                              
 ethernet eth1 {                                                                
     bridge-group {
         bridge br0                                                             
     }                                                                          
     description LAN                                                            
     duplex auto                                                                
     speed auto                                                                 
 }                                                                              
 ethernet eth2 {                                                                
     bridge-group {                                                             
         bridge br0                                                             
     }                                                                          
     description LAN2                                                           
     duplex auto                                                                
     speed auto                                                                 
 }                                                                              
 loopback lo {                                                                  
 }            


 bridge br0 {                                                                   
     address 192.168.1.1/24                                                     
     aging 300                                                                  
     description lan                                                            
     hello-time 2                                                               
     ipv6 {                                                                     
         dup-addr-detect-transmits 1                                            
         router-advert {                                                        
             cur-hop-limit 64                                                   
             default-preference high                                            
             link-mtu 0                                                         
             managed-flag false                                                 
             max-interval 10                                                    
             other-config-flag false                                            
             prefix ::/64 {                                                     
                 autonomous-flag true                                           
                 on-link-flag true                                              
                 valid-lifetime 2592000                                         
             }                                                                  
             reachable-time 0                                                   
             retrans-timer 0                                                    
             send-advert true                                                   
         }                                                                      
     }
     max-age 20                                                                 
     priority 0                                                                 
     stp false                                                                  
 }                                                                              
 ethernet eth0 {                                                                
     address dhcp                                                               
     description WAN                                                            
     duplex auto                                                                
     firewall {                                                                 
         in {                                                                   
             name WAN_IN                                                        
         }                                                                      
         local {                                                                
             name WAN_LOCAL                                                     
         }                                                                      
     }                                                                          
     ipv6 {                                                                     
         dup-addr-detect-transmits 1                                            
     }                                                                          
     speed auto                                                                 
 }                                                                              
 ethernet eth1 {                                                                
     bridge-group {
         bridge br0                                                             
     }                                                                          
     description LAN                                                            
     duplex auto                                                                
     speed auto                                                                 
 }                                                                              
 ethernet eth2 {                                                                
     bridge-group {                                                             
         bridge br0                                                             
     }                                                                          
     description LAN2                                                           
     duplex auto                                                                
     speed auto                                                                 
 }                                                                              
 loopback lo 

ubnt@ubnt#  show protocols                                                      
 static {                                                                       
     interface-route6 ::/0 {                                                    
         next-hop-interface eth0 {                                              
         }                                                                      
     }                                                                          
 }   

 

New Member
Posts: 30
Registered: ‎12-27-2013
Kudos: 30
Solutions: 1

Re: dhvpv6 comcast

[ Edited ]

Just wanted to chime in and say I got Comcast native IPv6 working today using firmware 1.4.0beta1, following the instructions from  this post.   Here's what I did:  (note:  WAN = eth1, LAN = eth0)

1.  In the shell, pretty much as abu_cwarky posted:

 

A. Enable wide-dhcp6

sudo update-rc.d wide-dhcpv6-client defaults

 B.  Create a sysctl file: /etc/sysctl.d/ipv6.conf  with the contents:

net.ipv6.conf.eth1.accept_ra=2

 C.  Enable the sysctl setting without a reboot

sysctl -w net.ipv6.conf.eth1.accept_ra=2

 D.  Modify the /etc/wide-dhcpv6/dhcp6c.conf file to look like so:

 

interface eth1 {
	request domain-name-servers, domain-name;
	send ia-na 0;
	send ia-pd 0;
	send rapid-commit;
	script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc pd 0 { #configuring the requested prefix delegation.
	prefix-interface eth0 {
		sla-id 0;
		sla-len 0;
	};
};

id-assoc na 0 { };

 

 

E.  Edit the /etc/default/wide-dhcpv6-client file like so:

 

INTERFACES="eth1"

 

F.  Start wide-dhcpv6-client service

/etc/init.d/wide-dhcpv6-client start

 

G.   Verify the output of "ifconfig eth1", the /etc/resolv.conf file and "netstat -rn6" all look right

 

 

2. apply the following configuration settings:

 

interfaces {
    ethernet eth0 {
        address 172.16.70.1/24
        description LAN
        duplex auto
        firewall {
            in {
                name LAN_IN
            }
            local {
                name LAN_LOCAL
            }
        }
        ipv6 {
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                default-preference high
                link-mtu 0
                managed-flag true
                max-interval 600
                other-config-flag true
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
        speed auto
    }
    ethernet eth1 {
        address dhcp
        address dhcpv6
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        ipv6 {
            dup-addr-detect-transmits 1
        }
        speed auto
    }
    ethernet eth2 {
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
protocols {
    static {
        interface-route6 ::/0 {
            next-hop-interface eth1 {
            }
        }
    }
}

 

 

 After performing the configuration settings (with a commit and save),  the radvd.conf was written automatically and radvd was restarted.

 

One thing to be aware of:   Once you enable IPv6,  all of your LAN devices are exposed!    Make sure to lock this down via firewall settings,  I'll post more on this once I figure out how to do it myself.

Regular Member
Posts: 701
Registered: ‎01-06-2012
Kudos: 417
Solutions: 21
Contributions: 2

Re: dhvpv6 comcast

I suspect you've figured out the IPv6 firewall configuration by now, but if anyone wonders how to do it, it's pretty straightforward (compared to DHCPv6-PD, at least!).

Here are some IPv6 firewall rules:

 firewall {
     ipv6-name guest_in-v6 {
         default-action accept
         description "Guest network to other networks"
     }
     ipv6-name guest_local-v6 {
         default-action accept
         description "Guest network to router"
     }
     ipv6-name trust_in-v6 {
         default-action accept
         description "Trusted network to other networks"
     }
     ipv6-name trust_local-v6 {
         default-action accept
         description "Trusted network to router"
     }
     ipv6-name wan_in-v6 {
         default-action drop
         description "Internet to internal networks"
         enable-default-log
         rule 1 {
             action accept
             description "allow established/related"
             log disable
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action drop
             description "drop invalid"
             log enable
             state {
                 invalid enable
             }
         }
     }
     ipv6-name wan_local-v6 {
         default-action drop
         description "Internet to router"
         enable-default-log
         rule 1 {
             action accept
             description "allow established/related"
             log disable
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action drop
             description "drop invalid"
             log enable
             state {
                 invalid enable
             }
         }
         rule 4 {
             action accept
             description "rate limit ICMP 50/m"
             limit {
                 burst 1
                 rate 50/minute
             }
             log enable
             protocol icmp
         }
         rule 5 {
             action accept
             description "Allow OpenVPN clients to access server"
             destination {
                 port 1194
             }
             log disable
             protocol udp
         }
     }
}

Here's an example of how to apply the firewall rules to an interface. This goes under an interface node, such as interfaces ethernet ethx:

         firewall {
             in {
                 ipv6-name guest_in-v6
                 name guest_in
             }
             local {
                 ipv6-name guest_local-v6
                 name guest_local
             }
         }

 

New Member
Posts: 1
Registered: ‎01-01-2014

Re: dhvpv6 comcast

I'm trying to get this working on Comcast also. @irvingpop's config gets me pretty close but I'm running into a few issues. When I initially applied the config I was able to ping ipv6.google.com from the router. After a reboot I am unable to ping it anymore. But if I delete this config section:

protocols {
 static {
     interface-route6 ::/0 {
         next-hop-interface eth1 {
         }
     }
 }
}

then the ping starts to work again. And I can then re-add that config without losing connectivity. Any ideas what is causing this problem?

Emerging Member
Posts: 40
Registered: ‎12-09-2013
Kudos: 8

Re: dhvpv6 comcast

Check your /var/log/messages for:

ubnt radvd[1680]: no auto-selected prefix on interface <inside interface>, disabling advertisements

The issue I had was radvd was firing up before wide-dhcpv6 assigns a prefix to the outside interface.  It seems to stop trying after this.

You can test this by restarting radvd: /etc/init.d/radvd restart

 

Regular Member
Posts: 334
Registered: ‎07-17-2013
Kudos: 52
Solutions: 6

Re: dhcpv6 comcast

Is there a plan to get ipv6 in the GUI or through a wizard? My old Apple AirPort Extreme had ipv6 enable through 3 radio buttons. Seems like quite a bit of work in the current 1.4 release on the ER5-POE.
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5480
Solutions: 1656
Contributions: 2

Re: dhcpv6 comcast

Yeah as mentioned before DHCPv6 PD is on the TODO list, and we do hope to get to it soon if permitted by resources of course (also most likely the first stage would be to add CLI support, and then once that is working the GUI support may be added).

Member
Posts: 182
Registered: ‎05-23-2013
Kudos: 45
Solutions: 11

Re: dhvpv6 comcast

any idea if this works with vlan correctly

Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: dhcpv6 comcast

[ Edited ]

i just want to point out i finally got ipv6 working perfectly, for the moment

i followed this post and it didnt work out completely;
http://community.ubnt.com/t5/EdgeMAX/DHCPv6-Prefix-Delegation-Support/m-p/384938/highlight/true#M381...

it did not work untill i added an ipv6 address to my lan interface

so heres all the commands i did;
eth1 is my WAN interface
eth0 is my LAN interface

 

sudo su
sysctl -w net.ipv6.conf.eth1.forwarding=0
sysctl -w net.ipv6.conf.eth1.accept_ra=2
exit
configure
set interfaces ethernet eth1 address dhcpv6
commit
exit
sudo su
dhclient -6 -P -d -v eth1

//copy iaprefix line

exit
configure
set interfaces ethernet eth0 address $iaprefix
set interfaces ethernet eth0 ipv6 router-advert prefix $iaprefix autonomous-flag true
set interfaces ethernet eth0 ipv6 router-advert prefix $iaprefix on-link-flag true
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 ipv6 router-advert send-advert true
commit
save
exit

of course, replace $iaprefix with your address, and as far as my eth0 ipv6 address i made it my iaprefix::1, however it worked just as :: also

New Member
Posts: 23
Registered: ‎12-14-2013

Re: dhvpv6 comcast

Thanks, this worked great!

The only thing I noticed is that I need to remove the wan_local-v6 ruleset from the interface for DHCPv6-PD to work. I've just started reading up on DHCP-PD, so I'm not too familiar with it yet.


Any suggestions would be greatly appreciated.

Member
Posts: 182
Registered: ‎05-23-2013
Kudos: 45
Solutions: 11

Re: dhvpv6 comcast

That does not sound rigth, Is it that you needed to punch hole rather then leaving it open completely.

 

Thanks

Nabil

New Member
Posts: 30
Registered: ‎12-27-2013
Kudos: 30
Solutions: 1

Re: dhvpv6 comcast

If your wan_local-v6 is breaking DHCPv6, it's because you're not allowing icmpv6 from all sources.

New Member
Posts: 26
Registered: ‎07-14-2013
Kudos: 3
Solutions: 1

Re: dhcpv6 comcast

I'm going to populate the commands that videomatic3 posted above to get Comcast IPV6 but just wanted to get your input.  My eth2 is my WAN and my internal LAN is eth0 and eth1 with a bridge (br0) linking them to create a single subnet.

What sort of changes should I make to his commands above besides the obvious update to the WAN label?

Additionally, I saw that the firewall rules need to be updated.  I've got the SOHO firewall rules populated.  Possible to get input on changes to be made to them?  

Many thanks!!