Quic Broadband - Anyone Heard of Them?

Forums › Quic › Quic Broadband - Anyone Heard of Them?

1 | ... | 29 | 30 | 31 | 32 | 33 | 34 | 35

45 posts

Geek

#3111992 5-Aug-2023 00:28

quic:

lucasnz:

Hi all,

I was cutover to quic this morning. The cutover was fairly seamless for IPv4, but I'm not getting an IPv6 address. I wonder if I'm having the same problems others on this forum have had (which seemed to be a quic provisioning issue). I'm running pfsense, and have copied the config that someone earlier in this thread confirmed as working (actually I've tried a whole pile of settings and nothing works).

@quic any chance someone can check my IPv6 has been provisioned correctly?

Luke

Fire me a DM with the name on your account and connnection address. :-)

You should also be able to hop into the portal to see if you have a static v6 allocated - it can take a couple days after connection but I can push it through. That being said, you should always be able to get a v6 address, just whether it's static or not, so may need to review config.

Thanks, I managed to get someone on the chat on your website and I'm mostly up and running. My previous ISP gave out a separate IPv6 address for the WAN interface (via ia_na), and then a /56 prefix to be carved up for the various internal VLANs (via ia_pd). Quic seems to only hand out an IPv6 prefix (only ia_pd and not ia_na for DHCP6), which means I only see a link local address on my WAN interface. This makes things a bit difficult to have HA proxy listening on the WAN interface on IPv6.

It may be that this is a bug with how pfsense uses the prefix delegation. There are some ancient bug reports about this:

I haven't found a solution for this. BUT pfsense is happily handing out IPv6 IPs from the delegation it has... So, IPv6 works for any clients on the LAN.

Luke

fe31nz

1207 posts

Uber Geek

#3112174 5-Aug-2023 23:49

lucasnz:

Thanks, I managed to get someone on the chat on your website and I'm mostly up and running. My previous ISP gave out a separate IPv6 address for the WAN interface (via ia_na), and then a /56 prefix to be carved up for the various internal VLANs (via ia_pd). Quic seems to only hand out an IPv6 prefix (only ia_pd and not ia_na for DHCP6), which means I only see a link local address on my WAN interface. This makes things a bit difficult to have HA proxy listening on the WAN interface on IPv6.

It may be that this is a bug with how pfsense uses the prefix delegation. There are some ancient bug reports about this:

https://redmine.pfsense.org/issues/11431
https://redmine.pfsense.org/issues/7138
I haven't found a solution for this. BUT pfsense is happily handing out IPv6 IPs from the delegation it has... So, IPv6 works for any clients on the LAN.

Luke

It should work if you allocate an IPv6 from your /56 to your WAN interface. I am not sure how you would do that - it might have to be a static assignment. Make sure it is not from any IPv6 subnet used elsewhere in your network.

But, why would you need to use the WAN interface for this? You can have the HA proxy running on one of your LAN port IPv6 addresses and just advertise that address in your external DNS. Remember that with IPv6, all the unicast global addresses are fully routeable and can be used as external addresses if you let the traffic through your firewall. And why would you need to use an HA proxy, unless it is to provide extra security? You can just directly use the IPv6 address of the system HA is running on.

phatax

2 posts

Wannabe Geek
Inactive user

#3112223 6-Aug-2023 09:33

I know quic don’t offer support
But can quic recommend CPE equipment for Hyperfibre

End users with HF - what are you using for your router/AP?

lucasnz

45 posts

Geek

#3112224 6-Aug-2023 09:44

fe31nz:

lucasnz:

Thanks, I managed to get someone on the chat on your website and I'm mostly up and running. My previous ISP gave out a separate IPv6 address for the WAN interface (via ia_na), and then a /56 prefix to be carved up for the various internal VLANs (via ia_pd). Quic seems to only hand out an IPv6 prefix (only ia_pd and not ia_na for DHCP6), which means I only see a link local address on my WAN interface. This makes things a bit difficult to have HA proxy listening on the WAN interface on IPv6.

It may be that this is a bug with how pfsense uses the prefix delegation. There are some ancient bug reports about this:

https://redmine.pfsense.org/issues/11431
https://redmine.pfsense.org/issues/7138
I haven't found a solution for this. BUT pfsense is happily handing out IPv6 IPs from the delegation it has... So, IPv6 works for any clients on the LAN.

Luke

It should work if you allocate an IPv6 from your /56 to your WAN interface. I am not sure how you would do that - it might have to be a static assignment. Make sure it is not from any IPv6 subnet used elsewhere in your network.

But, why would you need to use the WAN interface for this? You can have the HA proxy running on one of your LAN port IPv6 addresses and just advertise that address in your external DNS. Remember that with IPv6, all the unicast global addresses are fully routeable and can be used as external addresses if you let the traffic through your firewall. And why would you need to use an HA proxy, unless it is to provide extra security? You can just directly use the IPv6 address of the system HA is running on.

Thanks @fe31nz, I tried the LAN interface, but that has other things bound to it on port 443. I got it to work by adding a new VLAN and having pfsense delegate some of the /56 to there - then binding HAProxy to that interface.

In terms of HAProxy there are lots of reasons, but that's off topic. I was just using it as an example of something that wasn't working. My post was more to help other pfsense users, as they may also notice they only see a link local address on their WAN interface. I spent quite a lot of time trying to get pfsense to delegate part of the /56 to the WAN, and based on the issues (linked above) I have concluded it's not possible currently (unless you statically assign IPv6 on ALL your interfaces).

While we're touching on IPv4 vs IPv6 and reverse proxy, I think this guys solution is pretty cool. He uses sni to route IPv4 users, and IPv6 users go direct: https://github.com/AGWA/snid

Vindy500

53 posts

Master Geek

Trusted

Chorus

#3112471 6-Aug-2023 19:24

phatax: I know quic don’t offer support
But can quic recommend CPE equipment for Hyperfibre

End users with HF - what are you using for your router/AP?

I've seen pbtech now have a 'Hyperfibre' filter. I suspect it's only showing things with a multi gig wan port, but I'm not certain

https://www.pbtech.co.nz/category/networking/routers/wi-fi-6-routers?fs=26693871

A lot of the more experienced users seem to enjoy the mikrotik equipment, but I think you need a network engineering degree to use them. (They seem to work very well, just don't call me for support)

fe31nz

1207 posts

Uber Geek

#3112537 6-Aug-2023 23:52

Vindy500:

A lot of the more experienced users seem to enjoy the mikrotik equipment, but I think you need a network engineering degree to use them. (They seem to work very well, just don't call me for support)

Last I heard, Mikrotik routers, while excellent for IPv4, were still a bit buggy with their IPv6 support. Which puts me off trying one, as I use IPv6 heavily. And that then puts me off trying Hyperfibre as there do not seem to be any actually available 10 Gbit/s routers that are cheap enough except for Mikrotik. So is there any update on that? Are the IPv6 problems fixed yet?

fe31nz

1207 posts

Uber Geek

#3112539 7-Aug-2023 00:14

lucasnz:

Thanks @fe31nz, I tried the LAN interface, but that has other things bound to it on port 443. I got it to work by adding a new VLAN and having pfsense delegate some of the /56 to there - then binding HAProxy to that interface.

On any Linux system, a network interface can have as many IP addresses as you like (IPv4 or IPv6). So if you are already using a port on the primary IP address, you can just add a secondary IP address and bind different software to the same port on the new address. However, I have no idea if pfsense can do that. If not, you would have to use the basic Linux tools that underlie pfsense. I do this on my PXE server box so that I can run a separate SAMBA server for PXE downloads (much faster than TFTP, if the PXE boot can support it).

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

lucasnz

45 posts

Geek

#3112912 7-Aug-2023 17:26

fe31nz:

lucasnz:

Thanks @fe31nz, I tried the LAN interface, but that has other things bound to it on port 443. I got it to work by adding a new VLAN and having pfsense delegate some of the /56 to there - then binding HAProxy to that interface.

On any Linux system, a network interface can have as many IP addresses as you like (IPv4 or IPv6). So if you are already using a port on the primary IP address, you can just add a secondary IP address and bind different software to the same port on the new address. However, I have no idea if pfsense can do that. If not, you would have to use the basic Linux tools that underlie pfsense. I do this on my PXE server box so that I can run a separate SAMBA server for PXE downloads (much faster than TFTP, if the PXE boot can support it).

pfsense is BSD under the hood, so I'm sure that's possible if you hack the config, but it's not available in the UI which only lets you only set the interface to DHCP or static. The interface needs to be DHCP so it picks up the delegation from the ISP. I have a work around for now (by creating a new interface on a dummy vlan) - and as I mentioned, this appears to be a known bug in pfsense. No doubt someone else will encounter the same issue. Hopefully this will help them.

Luke

RunningMan

8912 posts

Uber Geek

#3113522 8-Aug-2023 20:31

@freitasm perhaps time to consider a Quic sub forum as this thread is getting increasingly unwieldy? Compared to the NOW sub forum which hasn't had activity for more than a year.

freitasm

BDFL - Memuneh
79145 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3113523 8-Aug-2023 20:34

Sure.

freitasm

BDFL - Memuneh
79145 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3113525 8-Aug-2023 20:37

Done now, New sub-forum active.

RunningMan

8912 posts

Uber Geek

#3113527 8-Aug-2023 20:42

Awesome. Thanks :-)

Better ping @quic so they know ;-)

SkylarPup

1 post

Wannabe Geek

#3114916 12-Aug-2023 09:57

Hi all,

Having trouble with the Lotto website, it says I am not in NZ when I am, searching my IP tells me it's in Auckland so no idea what could be causing this? Cheers

quic

233 posts

Master Geek

Trusted

Quic Broadband

Lifetime subscriber

#3114917 12-Aug-2023 10:00

SkylarPup:

Hi all,

Having trouble with the Lotto website, it says I am not in NZ when I am, searching my IP tells me it's in Auckland so no idea what could be causing this? Cheers

Hey there!

We have reached out to Lotto on this one. Unfortunately they're not recognizing one of our newer IP subnets.

Fire me a DM with the name on your account and connection address and I can change this for you. 🙂

Quic Broadband
quic.nz - The telco who puts you in charge!

paul151

309 posts

Ultimate Geek

Trusted

#3114919 12-Aug-2023 10:10

freitasm: Done now, New sub-forum active.

Thank you for doing this :)

Quic "Sprinter" UFB - Ref (free setup): R338237EFDIUJ

Agency BBS | fsxNet | Agency News | Total FM

1 | ... | 29 | 30 | 31 | 32 | 33 | 34 | 35