Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




12 posts

Geek
+1 received by user: 1


Topic # 242645 7-Nov-2018 10:54
Send private message quote this post

Hi guys, I've been a long time lurker here at GZ but this is my first post, so hello!

 

 

 

I have a Ubiquiti EdgeRouter Lite router using 2degrees fibre on the latest stable firmware (1.10.7). I've got a static allocation (both IPv4 and IPv6) from 2degrees and when on ADSL it was rock solid (though very slow). Since switching to the ERLite and fibre I keep hitting an issue where IPv6 stops working. By that I mean I can't ping6 out from the LAN or the router, and inbound traffic never reaches the hosts. To fix it I disable/enable IPv6, or delete and reload the IPv6 firewall, and doing so fixes it for a while (where a while could be a few hours, or a few days, but it always stops working again).

 

 

 

Googling around I found a few instances of people having similar issues (can't post links yet sorry but found a few) but none of them seem relevant to me (some were fixed by upgrading the firmware, some found things in the logs that I haven't etc).

 

 

 

Here's my config:

 

ubnt@router# show interfaces ethernet eth0

 

duplex auto

 

speed auto

 

vif 10 {

 

     description "Internet (PPPoE)"

 

     pppoe 0 {

 

         default-route auto

 

         dhcpv6-pd {

 

             pd 0 {

 

                 interface eth1 {

 

                     host-address ::1

 

                     prefix-id :1

 

                     service slaac

 

                 }

 

                 interface eth2 {

 

                     host-address ::1

 

                     prefix-id :2

 

                     service slaac

 

                 }

 

                 prefix-length /56

 

             }

 

             prefix-only

 

             rapid-commit enable

 

         }

 

         firewall {

 

             in {

 

                 ipv6-name WANv6_IN

 

                 name WAN_IN

 

             }

 

             local {

 

                 ipv6-name WANv6_LOCAL

 

                 name WAN_LOCAL

 

             }

 

         }

 

         ipv6 {

 

             enable {

 

             }

 

         }

 

         mtu 1492

 

         name-server auto

 

         password xxxx

 

         user-id xxxx@snap.net.nz

 

     }

 

}

 

 

 

And here is the relevant firewall (with IPv6 addresses slightly obfuscated), this is as it came out of the box with only the SSH rule added by me:

 

 

 

ubnt@router# show firewall ipv6-name

 

ipv6-name WANv6_IN {

 

     default-action drop

 

     description "WAN inbound traffic forwarded to LAN"

 

     enable-default-log

 

     rule 10 {

 

         action accept

 

         description "Allow established/related sessions"

 

         state {

 

             established enable

 

             related enable

 

         }

 

     }

 

     rule 20 {

 

         action drop

 

         description "Drop invalid state"

 

         state {

 

             invalid enable

 

         }

 

     }

 

     rule 30 {

 

         action accept

 

         description "pipsqueek IPv6 ssh access"

 

         destination {

 

             address 2406:e001:dead:beef::3

 

             port 22

 

         }

 

         protocol tcp

 

     }

 

}

 

ipv6-name WANv6_LOCAL {

 

     default-action drop

 

     description "WAN inbound traffic to the router"

 

     enable-default-log

 

     rule 10 {

 

         action accept

 

         description "Allow established/related sessions"

 

         state {

 

             established enable

 

             related enable

 

         }

 

     }

 

     rule 20 {

 

         action drop

 

         description "Drop invalid state"

 

         state {

 

             invalid enable

 

         }

 

     }

 

     rule 30 {

 

         action accept

 

         description "Allow IPv6 icmp"

 

         protocol ipv6-icmp

 

     }

 

     rule 40 {

 

         action accept

 

         description "allow dhcpv6"

 

         destination {

 

             port 546

 

         }

 

         protocol udp

 

         source {

 

             port 547

 

         }

 

     }

 

}

 

 

 

I didn't think to try a tcpdump looking for icmp6 while it is "broken" to see if packets are actually making it out the router, but will do so when it next breaks.

 

 

 

So - can anyone spot anything obvious I'm missing? What logs should I be looking at when it dies? Having it die every few hours/days is driving me crazy...

 

 

 

P.S I originally couldn't even get IPv6 working but that turned out to be a Chorus/ONT issue, so I've been fighting IPv6 on and off now for about two months

 

 

 

EDIT: And it just died again. Running a tcpdump on the router and pinging from a host on the LAN I can see packets going out pppeo0 but never getting a reply.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7
Mr Snotty
8089 posts

Uber Geek
+1 received by user: 4056

Moderator
Trusted
Lifetime subscriber

  Reply # 2121423 7-Nov-2018 11:40
Send private message quote this post

I assume you're on a Dynamic IP address (not static)?

 

There is a bit of work going on with IPv6 and 2degrees at the moment. I personally have not had an issue with a Static assignment.







12 posts

Geek
+1 received by user: 1


  Reply # 2121429 7-Nov-2018 11:54
Send private message quote this post

michaelmurfy:

 

I assume you're on a Dynamic IP address (not static)?

 

No, I'm on a static allocation.

 

 

There is a bit of work going on with IPv6 and 2degrees at the moment. I personally have not had an issue with a Static assignment.

 

 

Is there some other way to set it up seeing as I have a static /56 allocation?

 

 

 

Cheers,

 

Andrew


 
 
 
 


defiant
691 posts

Ultimate Geek
+1 received by user: 331

Lifetime subscriber

  Reply # 2121481 7-Nov-2018 12:38
Send private message quote this post

I temporarily lost ipv6 over night during an upgrade, like Michael, but it's been fine otherwise before/after.

 

Might be worth logging a call with 2degrees and providing a packet capture. If traffic is going out but not in then it sounds like potentially something at 2degrees end.


3422 posts

Uber Geek
+1 received by user: 411

Trusted

  Reply # 2121542 7-Nov-2018 13:17
Send private message quote this post

I have the exact same problem and its really annoying me. I can still ping the router on the link local IPv6 address when it happens from my computer but nothing outside. I haven't had time to check if the router itself can ping outside. If I leave it long enough sometimes my computer doesn't even show an IP address from SLAAC.

 

Since I heavily rely on IPv6 for work its pretty annoying! I am restarting my router usually about once per day and that sorts it.






74 posts

Master Geek
+1 received by user: 6


  Reply # 2121545 7-Nov-2018 13:30
Send private message quote this post

I have the same issue (*phew its not only me*), originally commented in the https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=242523 thread


defiant
691 posts

Ultimate Geek
+1 received by user: 331

Lifetime subscriber

  Reply # 2121565 7-Nov-2018 13:55
Send private message quote this post

I'd definitely be logging calls, just submit one through the form on their website.

 

Could be related to the upgrades they're doing, maybe @2degreescare can poke the relevant team?


1496 posts

Uber Geek
+1 received by user: 163

Subscriber

  Reply # 2121566 7-Nov-2018 13:59
Send private message quote this post

Is everyone getting an assigned address but its not working or just not at all? My Unifi network is getting ipv6 addresses but if I try to ping ipv6 enabled google I get it timing out; obviously IPv4 is working fine.




12 posts

Geek
+1 received by user: 1


  Reply # 2121570 7-Nov-2018 14:07
Send private message quote this post

Thanks @dfnt, I'll log it with them. @Benoire, when I down/up the IPv6 connection I get an address, can ping, ssh etc IPv6 hosts. When it dies I still have the address but can't ping anything.


1496 posts

Uber Geek
+1 received by user: 163

Subscriber

  Reply # 2121579 7-Nov-2018 14:25
Send private message quote this post

Ok I've got the same thing then, ipv6 address showing but it's not actually working e.g cant ping - 6 addresses and geekzone is not showing the ipv6 enabled geekzone logo.

defiant
691 posts

Ultimate Geek
+1 received by user: 331

Lifetime subscriber

  Reply # 2121632 7-Nov-2018 15:49
Send private message quote this post

@Benoire, so your ipv6 isn't working at all? What router are you running?

The posters above have ipv6 working, but it randomly stops working until they manually intervene - rinse and repeat


1496 posts

Uber Geek
+1 received by user: 163

Subscriber

  Reply # 2121639 7-Nov-2018 16:04
Send private message quote this post

Mine is showing the IPv6 address on clients so I'm getting the prefix assigned from the static IP but currently I cannot ping any IPv6 based address outside of my network.  I haven't tried to disconnect/reconnect yet to see if it comes back.

 

Oh just checked and its now working again... 


defiant
691 posts

Ultimate Geek
+1 received by user: 331

Lifetime subscriber

  Reply # 2121654 7-Nov-2018 16:25
Send private message quote this post

Benoire:

 

Mine is showing the IPv6 address on clients so I'm getting the prefix assigned from the static IP but currently I cannot ping any IPv6 based address outside of my network.  I haven't tried to disconnect/reconnect yet to see if it comes back.

 

Oh just checked and its now working again... 

 

 

You might have the same issue as the OP or it just required a reconnect


388 posts

Ultimate Geek
+1 received by user: 79


  Reply # 2121879 7-Nov-2018 23:17
Send private message quote this post

I have a static IPv6 assignment and I noticed recently that I had lost the IPv6 connection.  I am using an ERL and had previously just done a static assignment of the IPv6 addresses - no delegation.  I found that to get the IPv6 connection back again, I had to add the DHCPv6 client bit into my PPPoE setup, so my PPPoE client is requesting an IPv6 delegation.  I do not delegate any further from there - the rest of my setup is still static assignments.  So it looks like 2degrees have updated the router I connect to in Palmerston North so that it will not pass IPv6 traffic unless it has delegated IPv6 addresses, even with a static assignment.

 

After doing that change, I still have one niggling problem - I can not do "ping -6 google.com" from my Windows 7 PC.  I get no response.  It does work from my Windows 10 laptop and from all my Linux boxes, and other IPv6 traffic does work from the Windows 7 box.  But google.com used to work from that Windows 7 box as well.  Eventually, I will have to find the time to track down why, but for now it is working well enough.


defiant
691 posts

Ultimate Geek
+1 received by user: 331

Lifetime subscriber

  Reply # 2121892 7-Nov-2018 23:40
Send private message quote this post

Not sure if this'll help @llama233 but you should try running 1500 MTU on your pppoe interface, instead of 1492, and remove any tcp mss clamping.

 

Set the MTU to 1508 on eth0 and eth0.10 and then 1500 MTU on pppoe0.




12 posts

Geek
+1 received by user: 1


  Reply # 2122139 8-Nov-2018 13:11
Send private message quote this post

Thanks @dfnt, I'll try this when I get home.

 

 

 

Cheers,

 

Andrew


 1 | 2 | 3 | 4 | 5 | 6 | 7
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.