Hi guys, I've been a long time lurker here at GZ but this is my first post, so hello!
I have a Ubiquiti EdgeRouter Lite router using 2degrees fibre on the latest stable firmware (1.10.7). I've got a static allocation (both IPv4 and IPv6) from 2degrees and when on ADSL it was rock solid (though very slow). Since switching to the ERLite and fibre I keep hitting an issue where IPv6 stops working. By that I mean I can't ping6 out from the LAN or the router, and inbound traffic never reaches the hosts. To fix it I disable/enable IPv6, or delete and reload the IPv6 firewall, and doing so fixes it for a while (where a while could be a few hours, or a few days, but it always stops working again).
Googling around I found a few instances of people having similar issues (can't post links yet sorry but found a few) but none of them seem relevant to me (some were fixed by upgrading the firmware, some found things in the logs that I haven't etc).
Here's my config:
ubnt@router# show interfaces ethernet eth0
duplex auto
speed auto
vif 10 {
description "Internet (PPPoE)"
pppoe 0 {
default-route auto
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface eth2 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length /56
}
prefix-only
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
enable {
}
}
mtu 1492
name-server auto
password xxxx
user-id xxxx@snap.net.nz
}
}
And here is the relevant firewall (with IPv6 addresses slightly obfuscated), this is as it came out of the box with only the SSH rule added by me:
ubnt@router# show firewall ipv6-name
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "pipsqueek IPv6 ssh access"
destination {
address 2406:e001:dead:beef::3
port 22
}
protocol tcp
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
I didn't think to try a tcpdump looking for icmp6 while it is "broken" to see if packets are actually making it out the router, but will do so when it next breaks.
So - can anyone spot anything obvious I'm missing? What logs should I be looking at when it dies? Having it die every few hours/days is driving me crazy...
P.S I originally couldn't even get IPv6 working but that turned out to be a Chorus/ONT issue, so I've been fighting IPv6 on and off now for about two months
EDIT: And it just died again. Running a tcpdump on the router and pinging from a host on the LAN I can see packets going out pppeo0 but never getting a reply.
ID Verified
Trusted
