Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


1406 posts

Uber Geek
+1 received by user: 260

Subscriber

Topic # 230720 9-Mar-2018 20:03
Send private message quote this post

Hi,

 

I'm trying to setup ipv6 and I've followed the instructions over on:

 

https://www.geekzone.co.nz/forums.asp?forumid=66&topicid=205740

 

However I didn't get an ipv6 connection. Is it possible for @2degrees to provide the necessary settings for ipv6 because the website only says that you provide ipv6 but nothing in terms of the details required to configure ones router/gateway/etc.





Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone X 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Wordpress, Skinny

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
366 posts

Ultimate Geek
+1 received by user: 75


  Reply # 1972180 9-Mar-2018 23:15
One person supports this post
Send private message quote this post

2Degrees does not provide support for routers other than the FritzBox models they provide.  They do tell you what the requirements for interfacing with their network are, but not explicit config for non-supported routers.  Fortunately there are quite a few of us here on Geekzone who use Edgerouters with IPv6 on 2Degrees, so we can help you with getting it going.

 

Edgerouters unfortunately do not provide GUI interface for IPv6 configuration (except via the config-tree), so it all has to be done via the command line.

 

You did not say what sort of connection you have so I am assuming that you are on fibre.  The IPv6 config for an Edgerouter will vary depending on whether you have a static IP addresses or not, and how you want to operate IPv6 on your network.  I have static IP addresses and use DHCPv6 rather than SLAAC IPv6 addresses with my ERLite and 2Degrees, so my config probably would not work for you.  The IPv6 PPPoE config on the page you pointed to looks to be very close to what you need for the usual setup of dynamic IP addresses with prefix delegation and SLAAC IPv6 addreses.  But 2Degrees uses VLAN 10 and /56 size IPv6 address prefix delegation, not the standard /48 or /64.  So you need to add the VIF 10 and change the /60 to /56.  If you are in a Chorus fibre area, Chorus has their fibre connections overprovisioned to allow for the extra 8-byte overheads of using PPPoE, so you should also set the MTU to 1508 on the PPPoE and ethernet WAN ports to allow that to work and give you a real 1500 MTU for your data.  I am not sure about other fibre providers as to whether they also do the same overprovisioning, but you should try with the MTU 1508 settings there also as without that you will have problems with your IPv6 connections.  If MTU 1508 does not work, then you will need to add MTU 1492 settings for IPv6 to your LAN port settings, so that overlong (1492-1500 byte) packets will not be sent or requested via IPv6.  Without an MTU of 1508 working, such long IPv6 packets will be silently dropped by the PPPoE software in both directions.  Assuming that you are using eth0 for your WAN port and eth1 for your LAN port, the IPv6 Interface Config below should work to bring up an IPv6 connection.  If you also are using eth2 or vlans on your network, you will need to duplicate the eth1 sections for each of them.

 

However, you will also need to duplicate your current IPv4 firewall rules (with slight modifications for the way IPv6 works) before you make the IPv6 connection using the config below.  Without IPv6 firewall rules, since there is no NAT done for IPv6, you will be permitting full access from and to the Internet to all the devices that you have just enabled IPv6 for - a recipe for disaster!  I do not know what your IPv4 firewall config is, so I can not tell you what you need for the IPv6 version of it, but the easy way to do it is to use the following command from a terminal, outside configuration mode, to get a list of the commands that set up your config, including the IPv4 fireall commands:

 

show configuration commands

 

From that output, select and copy the IPv4 firewall commands to a text editor and adjust them to be the equivalent IPv6 versions.  For example, change "set firewall name" to "set firewall ipv6-name".  Where ever you have a name, add "-v6" to the end of it.  If your IPv4 firewall rules block ICMP packets, you will need to change those settings to allow at least the necessary ICMPv6 packets - without them, IPv6 does not work at all, unlike IPv4.  I prefer to permit all ICMPv6 packets, so I do not have a full list of the necessary ones, but I believe you need types 1-4 and 133-136 as a minimum.  See here for the ICMPv6 packet types:

 

https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_version_6

 

Once you have done all the editing, then go into configuration mode and paste the IPv6 firewall commands in.  It is best to paste a few lines at a time in case there are any errors.  Once you have a valid IPv6 firewall setup in place, only then go on to trying to configure the IPv6 interface settings as below.

 

Let me know if you need more help - PM me if you need to.

 

 

 

IPv6 interface config

 

===============

 

delete interface eth0 pppoe 0 dhcpv6-pd

 

delete interface eth0 pppoe 0 vif 10 dhcpv6-pd

 

delete interface eth0 pppoe 0 ipv6

 

delete interface eth1 ipv6

 

commit

 

 

 

set interfaces ethernet eth0 mtu 1508

 

set interfaces ethernet eth0 vif 10 mtu 1508

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 mtu 1500

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enable

 

edit interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0

 

set prefix-length /56

 

set interface eth1 host-address ::1

 

set interface eth1 prefix-id :0

 

set interface eth1 service slaac

 

top

 

commit

IcI

787 posts

Ultimate Geek
+1 received by user: 167

Trusted

  Reply # 1972192 10-Mar-2018 00:11
Send private message quote this post

fe31nz: ... Edgerouters unfortunately do not provide GUI interface for IPv6 configuration ...
You mention an Edgerouter but Matisyahu is asking about the USG.

 

I too have a USG and michaelmurfy pointed me to https://pastebin.com/R61UqVaZ which didn't work for me.

 

Who ever gets IPv6 working on 2Degrees with a USG, please let me know.


82 posts

Master Geek
+1 received by user: 6


  Reply # 1972214 10-Mar-2018 08:56
Send private message quote this post

@matisyahu and @IcI

 

For the USG you'll need to be running the latest UniFi controller beta (https://account.ubnt.com/manage/settings/beta then https://community.ubnt.com/t5/UniFi-Wireless-Beta/UniFi-5-8-3-Testing-has-been-released/m-p/2243524#M63283) *after* taking a backup. Once the beta is installed you can't easily go back without an older versioned backup.

 

After that's installed, upgrade your USG to the latest firmware provided by the controller, click on the USG, then Config, then WAN 1 and behold! IPv6 settings! 

 

 

 

How's that?


Meow
7906 posts

Uber Geek
+1 received by user: 3929

Moderator
Trusted
Lifetime subscriber

  Reply # 1972222 10-Mar-2018 09:44
Send private message quote this post

This is not just in the beta - it is in the current pre-release stable (of which I am running on the Geekzone UniFi controller).

For 2degrees it is as simple as enabling it in the UniFi controller.





82 posts

Master Geek
+1 received by user: 6


  Reply # 1972223 10-Mar-2018 09:46
Send private message quote this post

michaelmurfy:

 

This is not just in the beta - it is in the current pre-release stable (of which I am running on the Geekzone UniFi controller).

 

 

Nice. I'm running the latest beta (5.8.3) and it's nice to know that the PR stable has it too.


IcI

787 posts

Ultimate Geek
+1 received by user: 167

Trusted

  Reply # 1972349 10-Mar-2018 14:29
Send private message quote this post

Yip, IPv6 is available as an option under Config -> WAN for the USG when using Cloud Controller v5.7.20.

 

Now it's a matter of configuring IPv6 network (Alpha) under the Settings and eventually configuring the firewall.

 

@matisyahu - Currently reading this Unifi IPv6 primer: https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/Welcome-to-UniFi-IPv6/m-p/2145647

 

 

 

Edit: Added Unifi IPv6 primer


IcI

787 posts

Ultimate Geek
+1 received by user: 167

Trusted

  Reply # 1972358 10-Mar-2018 14:57
Send private message quote this post

This also looks useful: https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/BT-Infinity-FTTP-IPV6/m-p/2228220

 

Same /56 address prefix delegation

 

 

 

Edit: Used the above config with a blank Prefix ID. My workstations now have 2406:e001:2:xxxxxxx IPv6 addresses, same as when I used the Fritzbox




1406 posts

Uber Geek
+1 received by user: 260

Subscriber

  Reply # 1972548 10-Mar-2018 22:36
Send private message quote this post

IcI:

 

Yip, IPv6 is available as an option under Config -> WAN for the USG when using Cloud Controller v5.7.20.

 

Now it's a matter of configuring IPv6 network (Alpha) under the Settings and eventually configuring the firewall.

 

@matisyahu - Currently reading this Unifi IPv6 primer: https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/Welcome-to-UniFi-IPv6/m-p/2145647

 

Edit: Added Unifi IPv6 primer

 

Tried to follow the guide on the linked primer but it doesn't work. I guess I'll just wait it out until ipv6 is stable and the bugs have been addressed.

 

I go to wan, selection dhcp6, prefix delegation of 56, I then go to networking and enable ipv6 where I've tried a prefix of 64, 1 and nothing - neither of them result in ipv6 addresses being handed out to devices on the network.

 

One of the links talk about JSON config but there is no instructions on how to do it.





Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone X 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Wordpress, Skinny

 


Meow
7906 posts

Uber Geek
+1 received by user: 3929

Moderator
Trusted
Lifetime subscriber

  Reply # 1972590 11-Mar-2018 00:40
Send private message quote this post

I've just tested this and it works for BigPipe IPv6 - 2degrees are very similar with the prefix being the only difference. Be careful as this caused a provisioning loop on an IPoE connection (despite me having another config.gateway.json file) and has only been tested on PPPoE.

 

For an USG-3 you'll need the following config.gateway.json file - https://files.murfy.nz/config.gateway.json (Note - for the USG Pro you'll need to replace eth0 with eth3). This goes into your sites directory, on Debian/Ubuntu this is normally in /usr/lib/unifi/data/sites/*sitestring*/ under "config.gateway.json". The site string is in the URL (eg: https://gzunifi.nlb.nz/manage/site/doiasjd352). APPLY THIS AFTER YOU'VE DONE THE FOLLOWING (Unless if you like provisioning loops)!

 

Under your USG configure like so:

 

 

Bare in mind BigPipe is /60, 2degrees and Vodafone are /56.

 

You'll next need to go into your network settings and configure IPv6 like so:

 

 

Take care of the prefix - if you've got multiple networks then these have to be unique for each network (1,2,3 etc).

 

Now go into Routing & Firewall --> Firewall --> Rules IPv6 and add a new rule:

 

 

Apply the above config.gateway.json file and force a full reprovision on your USG for good measure at this point (under your USG go to Config, Manage Device and Force Provision).

 

Enjoy your IPv6!







1406 posts

Uber Geek
+1 received by user: 260

Subscriber

  Reply # 1972598 11-Mar-2018 02:03
Send private message quote this post

@michaelmurfy Where do you put the config.gateway.json file? how do you upload it into the router - I have a cloud key, where do I put it on that?

 

I tried putting the config.gateway.json on my cloud key /usr/lib/unifi/data/sites/default - forced provision and it still didn't work :/ Maybe some things aren't meant to be.





Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone X 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Wordpress, Skinny

 


Meow
7906 posts

Uber Geek
+1 received by user: 3929

Moderator
Trusted
Lifetime subscriber

  Reply # 1972613 11-Mar-2018 08:51
Send private message quote this post

On the Cloud Key (being Debian based) it is the location I state above so you had that correct. This is the exact same configuration as on my Edgerouter (which has IPv6).





1521 posts

Uber Geek
+1 received by user: 262

Trusted
2degrees

  Reply # 1972623 11-Mar-2018 09:36
Send private message quote this post

Thanks @michaelmurfy and others for helping out!

 

@matisyahu while we don't provide support for 3rd-party modems as mentioned earlier, we have had some customers who haven't been able to get online with IPv6 even with our provided modem.

 

If you can't resolve the issue and you think you've done everything correctly to get it working, please PM us with your customer number/username and address - we'll pass on your details to cross check with others having issues.

 

Kind Regards,
^BRM


82 posts

Master Geek
+1 received by user: 6


  Reply # 1972670 11-Mar-2018 11:56
Send private message quote this post

michaelmurfy:

 

I've just tested this and it works for BigPipe IPv6 - 2degrees are very similar with the prefix being the only difference. Be careful as this caused a provisioning loop on an IPoE connection (despite me having another config.gateway.json file) and has only been tested on PPPoE.

 

For an USG-3 you'll need the following config.gateway.json file - https://files.murfy.nz/config.gateway.json (Note - for the USG Pro you'll need to replace eth0 with eth3).

 

<snip>

 

Enjoy your IPv6!

 

 

I've got mine set up like yours, and the USG has a v6 address, but it's not handing any out. I'm thinking I might try with the community controller if that's alright with you @michaelmurfy, mine seems to be missing a few options


Meow
7906 posts

Uber Geek
+1 received by user: 3929

Moderator
Trusted
Lifetime subscriber

  Reply # 1972755 11-Mar-2018 18:05
Send private message quote this post

@TheoM Sure, just flick me a PM with what I am needing from my cloud controller post.





IcI

787 posts

Ultimate Geek
+1 received by user: 167

Trusted

  Reply # 1972786 11-Mar-2018 19:30
Send private message quote this post

matisyahu: Tried to follow the guide on the linked primer but it doesn't work. ...

TheoM: ... I've got mine set up like yours, and the USG has a v6 address, but it's not handing any out. ...

 

Sorry to hear you guys have no IPv6 yet.

 

I'm using the same set up as per the screen shots of michaelmurfy.

 

I am also suffering from the higher CPU usage as discussed in the Unifi forums. This post helped me comment out the line (# $output .= "\tsend ia-na 0;\n";)which fixed the CPU utilisation for now.
Click to see full size


 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.