1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stuck with native IPv6

Discussion in 'Tomato Firmware' started by asper, Nov 8, 2013.

  1. asper

    asper Reformed Router Member


    I'm quite new to IPv6 and tomato as well. Lately I've got a new FTTH with native IPv6 from init7 in Switzerland.
    In DHCP IPv4 everything worked fabulous right from the start, but with IPv6 im really stuck, because of lack of experience on my side plus I guess also lack of Doc from the Provider.

    I'm completely stuck, and would be very happy if someone is generous to hit me to the wrongs I made here. I Try to give as much info as needed, but if there is anything important missing, I'd be glad to deliver it.

    The config data my Provider supplyed (anoned):
    IPv6 WAN IP: 2001:1xxx:x:x::74
    Gateway:    2001:1xxx:x:x::1
    IPv6 Range:  2001:1xxx:xxxx::/48
    1. DNS-Server: (ns10.init7.net)
    2. DNS-Server: (ns20.init7.net)
    My TomatoVersion
    Tomato v1.28.0000 MIPSR2-112 K26 USB AIO-64K
    Linux unknown #1 Sat Aug 10 22:12:48 CEST 2013 mips GNU/Linux
    I tryed the newer version supplyed, but 5G and AC did not work. The second WiFi was not recognized.

    Here I collected some Info, that may be of use for people to help me:
    root@unknown:/tmp/etc# ifconfig br0
    br0        Link encap:Ethernet  HWaddr 60:A4:4C:68:F0:80
              inet addr:  Bcast:  Mask:
              inet6 addr: 2001:1xxx:4xxx::1/48 Scope:Global
              inet6 addr: fe80::62a4:4cff:fe68:f080/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:157 errors:0 dropped:0 overruns:0 frame:0
              TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:25188 (24.5 KiB)  TX bytes:36903 (36.0 KiB)
    root@unknown:/tmp/etc# ifconfig vlan2
    vlan2      Link encap:Ethernet  HWaddr 60:A4:4C:68:F0:81
              inet addr:xx.xx.xx.xx.  Bcast:xx.xx.185.255  Mask:
              inet6 addr: fe80::62a4:4cff:fe68:f081/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:177 errors:0 dropped:0 overruns:0 frame:0
              TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:23039 (22.4 KiB)  TX bytes:17364 (16.9 KiB)
    root@unknown:/tmp/etc# cat dhcp6c.conf
    interface vlan2 {
    send ia-pd 0;
    send rapid-commit;
    request domain-name-servers;
    script "/sbin/dhcp6c-state";
    id-assoc pd 0 {
    prefix-interface br0 {
      sla-id 0;
      sla-len 16;
    id-assoc na 0 { };
    root@unknown:/tmp/etc# cat ip6tables
    :OUTPUT ACCEPT [0:0]
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m rt --rt-type 0 -j DROP
    -A INPUT -p ipv6-nonxt -m length --length 40 -j ACCEPT
    -N shlimit
    -A shlimit -m recent --set --name shlimit
    -A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j DROP
    -A INPUT -i br0 -p tcp --dport 22 -m state --state NEW -j shlimit
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 130 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 131 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 132 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 133 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 134 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 135 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 136 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 141 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 142 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 143 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 148 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 149 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 151 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 152 -j ACCEPT
    -A INPUT -p ipv6-icmp --icmpv6-type 153 -j ACCEPT
    -A INPUT -p tcp  --dport 22 -j ACCEPT
    -A OUTPUT -m rt --rt-type 0 -j DROP
    :FORWARD DROP [0:0]
    -A FORWARD -m rt --rt-type 0 -j DROP
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    :monitor - [0:0]
    -A FORWARD -o vlan2  -j monitor
    -A monitor -p tcp -m webmon --max_domains 2000 --max_searches 2000 --domain_load_file /var/webmon/domain --search_load_file /var/webmon/search -j RETURN
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -o vlan2 -i vlan2 -j DROP
    -A FORWARD -p ipv6-nonxt -m length --length 40 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
    -A FORWARD -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
    -A FORWARD -i vlan2 -j wanin
    -A FORWARD -o vlan2 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    -A FORWARD -i br0 -o vlan2 -j ACCEPT
    root@unknown:/tmp/etc# cat hosts  localhost  unknown unknown-lan
    ::1  localhost
    2001:1620:4064::1  unknown
    on My mac i get this with all beeing set to automatic:
        ether 28:cf:da:f3:9a:16
        inet6 fe80::2acf:daff:fef3:9a16%en1 prefixlen 64 scopeid 0x4
        inet netmask 0xffffff00 broadcast
        nd6 options=1<PERFORMNUD>
        media: autoselect
        status: active

    And the IPv6 Config in Tomato looks like this: [​IMG]

    and here the Firewall:
    Last edited: Nov 8, 2013
  2. Elfew

    Elfew Addicted to LI Member

    Try tomato RAF latest beta from Victek and tell us if the problem persists
  3. zurk

    zurk Addicted to LI Member

    it does.
    try this :
    Enable Native IPv6 on the ipv6 config page, disable/leave everything blank except check off accept RA from wan. do NOT tick enable RA and do NOT fill in any subnet info.
    then go to admin - scripts - wan up and do :
    ebtables -t broute -A BROUTING -i vlan2 -p ! ipv6 -j DROP
    brctl addif br0 vlan2
    on your windows boxes you will need to do :
    netsh interface teredo set state disabled
    asper likes this.
  4. asper

    asper Reformed Router Member


    I tryed this one, but it doesn't give me AC networking, wich wouldn't be a problem to me, because there is no AC-Supporting Devices here (only N). But the Lack of the 5G band is a bit of a pitty to me, because it is less packed in this neighbourhood here.

    On the IPv6 side it didn't seem to make any difference.

    But thank you for the hint. Maybe there is some work arround to get 5G up again?
  5. Elfew

    Elfew Addicted to LI Member

    AC should be working without problem with latest tomato raf by victek, but maybe ask him in the tomato raf topic, he would know more
  6. asper

    asper Reformed Router Member


    I could not set this, because the Frontend seemed to autopopulate the Form fields by JS. I tryed with JS turned off, but then, as you guys must know, the Frontend is completely dead ;)

    Then I've restored the default settings and flushed nvram as well, wich made blank saving of the IPv6 config possible again.

    I did this, and some tryouts I was able to ping6 some IP6 hosts on the WAN, but ping6ing them from any Clients was still not possible.

    There is no Windows boxes around here. 3 Macs and 1 Linux.

    My Mac now gets:
        ether 28:cf:da:f3:9a:16
        inet6 fe80::2acf:daff:fef3:9a16%en1 prefixlen 64 scopeid 0x4
        inet netmask 0xffffff00 broadcast
        inet6 2001:16xx:x0xx::xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf
        inet6 2001:1620:40xx::xxxx:xxxx:xxxx:xxx prefixlen 64 autoconf temporary
        inet6 2001:1620:xxxx::xxxx:xxxx prefixlen 64
        nd6 options=1<PERFORMNUD>
        media: autoselect
        status: active
    But I'm still unsure I've it is laking on the Tomato side or just on my side (as usual ;) ) . So I'm kind of laking the certenty if I'm interpreting the ISP's provided Settings right – if I push the right buttons here.

    So with the settings given by the ISP, am I right to assume I have to use "Native IPv6 from ISP" or should I go with DHCPv6?

    I've been seeing some basic info about IPv6, but I'm afraid that I still lack the propper understanding of the Functionallity.

    My main intend to use it, would be the ability to have a home testing server with a AAAA subdomain record to the normal DNS-Domain i have.

    Thank you for your Helps!
  7. Heartloop

    Heartloop Reformed Router Member


    I recently had the same problem, getting only an IP6 address from my Provider in Germany. I have an Asus RT-N66 U running behind my mandatory, Provider owned Fritzbox. Also I had problems getting IPV6 being routed correctly and being able to ping ipv6 hosts in the WAN from one of my machines. Here is what helped:

    I checked the logs on the tomato router and found many entries like ICMP failed.... So after much googling I tried the following line in Administration - Scripts - Firewall:

    # prevent neighbor solicitations and other low level ICMP messages from being 'marked', since
    # it seems to trigger a kernel bug that prevents them being sent on the correct interface
    ip6tables -t mangle -I OUTPUT 1 -o `nvram get wan_iface` -p icmpv6 \! --icmpv6-type echo-request -j RETURN
    Also there seems to be a bug regarding IPv6 when QOS is enabled. So I tried the following line in Administration - Scripts - WAN Up:
    route -A inet6 del default gw :: metric 1024 `nvram get wan_iface`
    After adding those lines and setting my IPV6 settings to DHCPv6 with prefix delegation (because of the Fritzbox router) everything worked fine and I am now able to ping IPv6 hosts.

    I hope this helps!
    Last edited: Nov 11, 2013

Share This Page