1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Shibby IPv6 ping from router works, ping from LAN does not

Discussion in 'Tomato Firmware' started by Aldaris, Apr 3, 2016.

  1. Aldaris

    Aldaris New Member Member

    Hello I am having a hard time setting the IPv6 in my Asus RT-N16 router with Tomato by Shibby (version 1.28.0000 MIPSR2-131 K26 USB AIO).
    • My internet provider recently installed the Optical Network Terminal (ONT) in my home
    • When I connect the pc directly to the ONT, everything works perfectly and on the ipv6 test sites I get the maximum score, ping to ipv6,google,com works
    • When I connect the router to the ONT, router gets both IPv4 and IPv6 address correctly and even the ping from the router (Tools -> Ping) to ipv6,google,com works
    • My pc connected to router gets both IPv4 and IPv6 addresses and it can ping to the routers IPv6 address but I get no response from any other IPv6 in front of the router and all ipv6 tests fail. (hostname is translated to IPv6 correctly)
    • tracert shows only the first hop (the router address) and everything else times out
    Does anyone possibly know what the problem might be?
     
  2. Aldaris

    Aldaris New Member Member

    This is the output from "ip -6 route show". VLAN2 is my WAN interface
    br0 is my main bridge for home computers

    Code:
    fake:b00b:1234:f058::5 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fake:b00b:1234:f058::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fake:b00b:1234:f058::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev vlan3 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev br1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev wl0.1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev br2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    default via fe80::2eab:ff:fed9:6464 dev vlan2 proto kernel metric 1024 expires 1374sec mtu 1500 advmss 1440 metric 10 64 
    unreachable default dev lo proto kernel metric -1 error -128 metric 10 255 
    ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    ff00::/8 dev vlan3 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    ff00::/8 dev br1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    ff00::/8 dev wl0.1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    ff00::/8 dev br2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    ff00::/8 dev vlan2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295 
    unreachable default dev lo proto kernel metric -1 error -128 metric 10 255 
    
     
    Last edited: Apr 8, 2016
  3. Jacky444

    Jacky444 LI Guru Member

    I have the same problem and I couldn't yet determine why computer won't connect while router does. Its most likely something with routes or firmware problem :D

    Could use expert's opinion on this cause I have no idea what could be wrong =/
     
  4. Aldaris

    Aldaris New Member Member

    Any suggestions? I'm willing to try anything.
     
  5. Aldaris

    Aldaris New Member Member

    I just noticed. There is some weird default route in the list
    Code:
    default via fe80::2eab:ff:fed9:6464 dev vlan2 proto kernel metric 1024 expires 1374sec mtu 1500 advmss 1440 metric 10 64 
    Where is this address coming from? My tomato link-local address is fe80::beae:c5ff:fec5:2a0
     
  6. Aldaris

    Aldaris New Member Member

    Another investigation showed that my LAN PC does not have a ipv6 default gateway
     
  7. tvlz

    tvlz LI Guru Member

    You need to upgrade to a newer version for IPv6 fixes.

    Who is your ISP?
     
  8. Aldaris

    Aldaris New Member Member

    Hi tvlz. Thank you for the reply. I'll try to upgrade to newest shibby version today with a vanilla clean config and I'll let you know.
    I am from Czech Republic and my ISP is local provider Poda so I guess it won't help you a lot :)
     
  9. JoeDirte

    JoeDirte Networkin' Nut Member

    Off topic: "fake:b00b" made me lol
     
    microchip likes this.
  10. Aldaris

    Aldaris New Member Member

    So here's the update.
    I upgraded to newest version Tomato Firmware 1.28.0000 MIPSR2-136 K26 USB AIO
    I have a clean config with static ipv4 address and Prefix delegation ipv6 setting (only WAN is checked)
    ping command to ipv6.google.com:
    Code:
    PING ipv6.google.com (2a00:1450:400d:807::200e): 56 data bytes
    ping: sendto: Network is unreachable 
    ip -6 route shows:
    Code:
    fake:boob:1234:f058::6 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    fake:boob:1234:f058::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    yes, I noticed the default route is missing. I tried to add it manually like:
    Code:
    ip -6 route add default via fe80::2eab:ff:fed9:6464 dev vlan2
    When I mentioned this ipv6 address before, I didn't know where did it came from. Later I connected my PC directly to ONT and found out it was a default gateway from my ISP.
    Well, after modifying routing table with this entry, I was able to get a ping response from router's interface to ipv6.google.com but still, I have no ipv6 connectivity to my LAN pc.

    Please feel free to ask for any command output.
     
  11. tvlz

    tvlz LI Guru Member

    The reason I asked about your ISP is sometimes they have a help page showing how they want things set up.

    If you are using PPPoE, try the "Request PD Only" checkbox on the IPv6 page that should add the missing default route.
     
  12. Aldaris

    Aldaris New Member Member

    I tried that setting too with no positive result. It added some default route but it was not working. Even the router ipv6 connection was down with it.
    I have an optical fiber to the home, no DSL. My ISP doesn't use PPPoE.
    I already asked them which setting should I use but they are not very communicative when u have an issue with third party router :/ especially when the direct connection to PC works fine.
     
  13. Aldaris

    Aldaris New Member Member

    below is the ip -6 route with "Request PD only" option checked
    Code:
    fake:boob:1234:f058::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 
    default dev vlan2 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 
     
  14. Aldaris

    Aldaris New Member Member

    Here is the log
    Code:
    Jun  7 20:35:03 unknown user.notice root: MySQL successfully stoped
    Jun  7 20:35:11 unknown user.notice root: Transmission daemon successfully stoped
    Jun  7 20:35:11 unknown user.info init[1]: Asus RT-N16: Tomato 1.28.0000 MIPSR2-136 K26 USB AIO
    Jun  7 20:35:11 unknown user.notice root: Stoping NFS Server ...
    Jun  7 20:35:12 unknown user.notice root: NFS Server stoped ...
    Jun  7 20:35:12 unknown user.debug init[1]: 255: pptp peerdns disabled
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: reading /etc/resolv.dnsmasq
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: using nameserver fake:boob:0:1::20#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: using nameserver fake:boob::100#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: using nameserver 99.99.99.99#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: using nameserver 88.88.88.88#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[749]: exiting on receipt of SIGTERM
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: started, version 2.73 cachesize 4096
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC loop-detect no-inotify
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: asynchronous logging enabled, queue limit is 5 messages
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: DHCP, IP range 192.168.1.2 -- 192.168.1.51, lease time 1d
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: DHCPv6, IP range ::1 -- ::255.255.255.255, lease time 12h, template for br*
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: DHCPv4-derived IPv6 names on br*
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: router advertisement on br*
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: DHCPv6, IP range fake:boob:1234:f058::1 -- fake:boob:1234:f058::ffff:ffff, lease time 12h, constructed for br0
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: DHCPv4-derived IPv6 names on fake:boob:1234:f058::, constructed for br0
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: router advertisement on fake:boob:1234:f058::, constructed for br0
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: IPv6 router advertisement enabled
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: reading /etc/resolv.dnsmasq
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: using nameserver fake:boob:0:1::20#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: using nameserver fake:boob::100#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: using nameserver 99.99.99.99#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: using nameserver 88.88.88.88#53
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: read /etc/hosts - 4 addresses
    Jun  7 20:35:12 unknown daemon.info dnsmasq[861]: read /etc/dnsmasq/hosts/hosts - 4 addresses
    Jun  7 20:35:12 unknown daemon.info dnsmasq-dhcp[861]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Jun  7 20:35:15 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:15 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:22 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:37 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:48 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:35:55 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:36:04 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:36:05 unknown daemon.info dnsmasq-dhcp[861]: RTR-SOLICIT(br0) b0:0b:b0:0b:b0:0b
    Jun  7 20:36:05 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:36:13 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:36:27 unknown daemon.info dnsmasq-dhcp[861]: RTR-ADVERT(br0) fake:boob:1234:f058::
    Jun  7 20:36:27 unknown authpriv.info dropbear[966]: Child connection from 192.168.1.30:56211
    Jun  7 20:36:27 unknown authpriv.info dropbear[966]: Exit before auth: Exited normally
    Jun  7 20:36:39 unknown authpriv.info dropbear[969]: Child connection from fe80::2d1f:7877:f6e7:c80f:56349
    Jun  7 20:36:39 unknown authpriv.info dropbear[969]: Exit before auth: Exited normally
    
     
  15. Aldaris

    Aldaris New Member Member

    ifconfig with PD option enabled
    Code:
    br0 Link encap:Ethernet HWaddr [insert some MAC here] 
     inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 
     inet6 addr: fake:boob:1234:f058:beae:c5ff:fec5:2a0/64 Scope:Global 
     inet6 addr: fe80::beae:c5ff:fec5:2a0/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:7326 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:12434 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:1128607 (1.0 MiB) TX bytes:12838649 (12.2 MiB) 
     
    eth0 Link encap:Ethernet HWaddr [insert some MAC here] 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:18070 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:17369 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:13656185 (13.0 MiB) TX bytes:13799083 (13.1 MiB) 
     Interrupt:4 Base address:0x2000 
     
    eth1 Link encap:Ethernet HWaddr [insert some MAC here] 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:416 errors:0 dropped:0 overruns:0 frame:407409 
     TX packets:1452 errors:9 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:44317 (43.2 KiB) TX bytes:280359 (273.7 KiB) 
     Interrupt:3 Base address:0x1000 
     
    lo Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0 
     inet6 addr: ::1/128 Scope:Host 
     UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 
     RX packets:155 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:155 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:20302 (19.8 KiB) TX bytes:20302 (19.8 KiB) 
     
    vlan1 Link encap:Ethernet HWaddr [insert some MAC here] 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:7197 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:12433 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:1230463 (1.1 MiB) TX bytes:12844884 (12.2 MiB) 
     
    vlan2 Link encap:Ethernet HWaddr [insert some MAC here]
     inet addr:99.99.99.142 Bcast:99.99.99.143 Mask:255.255.255.252 
     inet6 addr: fe80::beae:c5ff:fec5:2b0/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:10873 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:4934 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:12100462 (11.5 MiB) TX bytes:954019 (931.6 KiB) 
    
     
  16. tvlz

    tvlz LI Guru Member

    If you turn off IPv6 in Tomato what happens?

    I think there may be some settings that have to be changed on the ONT (bridge mode?) if you want Tomato to handle the routing.
     
  17. Aldaris

    Aldaris New Member Member

    If I turn off IPv6 in Tomato, everything works fine over IPv4. I have a static public IPv4 address and I am able to access my internal services from outside.
    Unfortunately I have no control over the ONT since it is the device from ISP and the only thing I can do with it is to turn off/on the wireless (which is turned off because RT-N16 gives me wireless).
     
  18. Jacky444

    Jacky444 LI Guru Member

    [DELETE]

    Mistake :/
     
    Last edited: Jun 15, 2016
  19. gfunkdave

    gfunkdave LI Guru Member

    I do notice that your network prefix seems to have changed to "fake:boob" from "fake:b00b". The letter "o" is not a valid hex character, and could be related to your problem.
     
  20. JoeDirte

    JoeDirte Networkin' Nut Member

    "k" in fake is not a valid hexadecimal either. It stops at F (15). I assumed it was intentionally masked.
     
    gfunkdave likes this.
  21. Aldaris

    Aldaris New Member Member

    Guys I believe both of your posts are jokes and I loled, and yes, it was intentionally masked :) but seriously I would be really happy if I could make my IPv6 connection working. I really need it to connect to some remote device which is accessible only by the IPv6 address.
     
  22. tvlz

    tvlz LI Guru Member

    Since you have no settings you can change on the ONT, have you tried using the "Native IPv6" option instead of Prefix delegation, maybe that will work?
     
  23. Aldaris

    Aldaris New Member Member

    Still no connection with native IPv6. Not even for Tomato.
    Assigned prefix: fake:b00b:1234:f058::
    Prefix length: 64
    Router IPv6 address: Manual: fake:b00b:1234:f058:2d1f:7877:f6e7:c80e
    Accept RA both unchecked

    There is also some weird default route
    Code:
    default dev vlan2  metric 2048  mtu 1500 advmss 1440 hoplimit 4294967295 
     
  24. zcshiner

    zcshiner Network Newbie Member

    I believe you need to have Accept RA from WAN checked under Basic>IPv6, and Announce IPv6 on LAN (SLAAC) checked under Advanced>DHCP/DNS.

    I know that there's a script fix for IPv6 via Comcast out there somewhere. It may apply to your situation as well.
     
  25. tvlz

    tvlz LI Guru Member

    The Comcast scripts are no longer needed, they have been fixed/built-in. They don't apply here anyway.

    @Aldaris
    The only other thing that you could do is to set Tomato to be just an AP(turn off DHCP, connect to ONT Lan<->Lan) letting the ONT handle the routing.
     
  26. Aldaris

    Aldaris New Member Member

    I give up guys. Thank you all for your replies but it's not worth the time I've lost with it anymore. I'm going to switch to some mikrotik router I guess. Right now I have one to test it.
     
  27. Jacky444

    Jacky444 LI Guru Member

    I got IPv6 from my provider, they asked me to go DHCP6 or standard and ofc i said standard (cause its more "ADVANCED") but I can't get thing to work. I got my IP on /126 subnet (or what ever is called).

    So I got this on IPv6 page:
    [​IMG]

    And these two WAN UP scripts:
    Code:
    ip -6 addr add 2a01:260:8004::2/126 dev `nvram get wan_iface`
    ip -6 route add default via 2a01:260:8004::1
    Now whats fail is that IPv6 works fine on the router it self, testing ping6 and tracert6 works awesomely, even connecting to other sites on ipv6 like WGET. But on my PC it doesn't work. It all times out and nothing works. I'm despert because I've looked every where, checkd all routes (Sadly I don't know a thing about those). I really need to figure all this networks and routes more lol.
     
  28. tvlz

    tvlz LI Guru Member

  29. Jacky444

    Jacky444 LI Guru Member

    That actually makes a lot of sense, not sure why I didn't think about it sooner, I will try this thanks!

    P.S.: I did try doing it like on that forum (T-2 is my provider) and the above problem occurs. Something is wrong with routing LAN clients to WAN Ipv6 and idk what that is. manually setting the prefix might help but we'll see soon.
     
  30. Jacky444

    Jacky444 LI Guru Member

    Yea still doesn't work, now ping on router doesn't work either.
     
  31. tvlz

    tvlz LI Guru Member

    Set the ipv6 prefix length back to /64 and try this correction as shown on the next page of that link
    There may be some code changes needed to get the native ipv6 working right but first we need to get it to work.
    If you were using DHCPv6 it should just work.
     
  32. Jacky444

    Jacky444 LI Guru Member

    I tried every thing and its not working. I did install stock firmware just to test and it works fine there. So yeah guess Tomato needs improvements on IPv6. Oh well. Thanks for help anyway!
     
  33. yultek

    yultek New Member Member

    I believe I am having the same issue, I am running latest Shibby build 138 on a RT-N16.

    The issue occurs on machines running windows with wired connection to the router, not seeing it on windows machines with wifi connection to the router, android smartphone, and a linux box.

    The problem is there are no responses for Neighbor Solicitation, Router Solicitation to the wired windows machine from the router. Wireshark shows the windows machine does send the request messages, but not seeing them through the wireshark remote interface on any interfaces on the router. The windows machine does receive Router Advertisement from the router, for now, the workaround is, on the windows machine, do "add neighbor" using netsh with the router's link local address and mac address, this adds a permanent neighbor for the router on the windows machine, once the machine gets an ipv6 address, everything works fine.
     
  34. Jacky444

    Jacky444 LI Guru Member

    Could you post actual commands used in this case? I'm still losing head over this problem, I tried every thing I could find yet I still wasn't able to get IPv6 to work.
     
  35. tvlz

    tvlz LI Guru Member

    This patch should add the missing code & GUI settings, you will need to adjust for the AT GUI.
    I have no real way to test it though, not having a Static IPv6 address.

    BTW you are missing some Advanced Vlan commits for the AT GUI

    Edit: patch removed - broken
     
    Last edited: Jul 16, 2017
    Jacky444 and Elfew like this.
  36. Elfew

    Elfew Network Guru Member

    @Jacky444 - please can you confirm that fix provided by @tvlz is working?
     
  37. Jacky444

    Jacky444 LI Guru Member

    I can check but I can't get routing to work not even manually ( I had a guy working at my ISP support manually connecting to my router via SSH and setting up IPv6 and it still didn't work). From patch I could only see additional GUI options nothing to fix actual issue. Could be Kernel or something else, not sure. My ISP assigns subnet 126 to me so I need to have 64 in LAN and connect via static ip on 126 to the outside world.

    I need static IP cause I run web server / DNS from home.

    P.S.: I will compare GUI changes asap, don't like to stay behind. Sometimes its very hard to follow changes from other dev on the GUI, even when looking through commits and changes one by one.

    P.P.S.: Thank you TVLZ for actually adding changes to AT's files. That's life savior, didn't notice before. Thanks!
     
    Last edited: Jul 4, 2017
  38. Elfew

    Elfew Network Guru Member

    Just let us know, it would be great to fix this issue :)
     
  39. Xstar13

    Xstar13 Network Newbie Member

    Hello
    My ISP fiber is orange spain, router is Livebox 2.1
    Your configuration has static IPv6
    First test internet connection: ONT - Router LiveBox
    [​IMG]
    [​IMG]

    Sorry, web test is Spanish, I think it's understood

    [​IMG]

    Second test internet connection: ONT - Router Netgear R8000

    I have configured IPv6 of my netgear R8000 firmware beta tomato-R8000-ARM - 2017.2b58-kille72 - AIO-64K

    Try mac router and,I also clone mac livebox

    [​IMG]

    [​IMG]

    If I can do any tests, I'm not an expert

    regards
     
  40. Jacky444

    Jacky444 LI Guru Member

    I tested code above TVLZ by using your commands (evals - without implementation) and it doesn't work.

    Your code generates these routes (they don't work at all, not even on router):
    Code:
    2a01:260:8004::/126 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    default dev vlan2  metric 2048  mtu 1500 advmss 1440 hoplimit 0
    
    If I change default route to via ISP GW it works:
    Code:
    ip -6 route add default via 2a01:260:8004::1
    IP Addresses:
    Code:
    root@main:/tmp/home/root# ip -6 addr show
    1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 16436
        inet6 ::1/128 scope host
           valid_lft forever preferred_lft forever
    8: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
        inet6 fe80::c604:15ff:fe3b:b1ef/64 scope link
           valid_lft forever preferred_lft forever
    10: vlan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
        inet6 2a01:260:8004::/126 scope global
           valid_lft forever preferred_lft forever
        inet6 fe80::c604:15ff:fe3b:b1fc/64 scope link
           valid_lft forever preferred_lft forever
    11: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
        inet6 2a01:260:8004::2/64 scope global
           valid_lft forever preferred_lft forever
        inet6 fe80::c604:15ff:fe3b:b1ec/64 scope link
           valid_lft forever preferred_lft forever
    Manually adding routes makes router work, but not the computers in network. Its been like that since I got R7000 and installed Tomato. Stock firmware works.
    Code:
    root@main:/tmp/home/root# ip -6 route show
    2a01:260:8004::/126 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    default via 2a01:260:8004::1 dev vlan2  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    So router does connect to IPv6 totally normally. Computers/Other devices don't. Even after setting manual IP/DNS its same thing. Either "Request timed out" or "No route to host". is issued.

    I believe solving this via routing/ip settings will not work. This must be some sort of kernel bug/problem. My ISP Administrator also told me that this works on any normal Linux device but not on my router. He tested many other things as well and it didn't work. I'm happy to provide any sort of information. But I've given up. I'm waiting for my NUC and then I'm going back to stock Firmware. (I currently run some basic servers / scripts on my router, love ARM for that!)
     
    Xstar13 likes this.
  41. tvlz

    tvlz LI Guru Member

    @Xstar13,
    Orange is using DHCPv6, see your second livebox pic.
     
    Jacky444 and Xstar13 like this.
  42. tvlz

    tvlz LI Guru Member

    @Jacky444

    I was hoping that you would add the code & post a pic with the T2 IPv6 info in it.

    What IPv6 settings did T2 give you?

    Based on what I can find, can you try setting the Router IPv6 Address to MANUAL & set to use the T2 Subnet address?

    Don't give up!
     
    Jacky444 likes this.
  43. Xstar13

    Xstar13 Network Newbie Member

    Hello
    I have used this program
    Wifislax is a live CD that, based on the Linux operating system, can be executed without installation directly from the CDROM or also from the hard disk like LiveHD, besides being able to install in USB memories or hard disk. Wifislax is a linux live cd designed by www.seguridadwireless.net and is adapted for wireless.
    Although it is specially designed for wireless, it also has the possibility to consult local network (Wireshark Network Analyzer)
    Attached small file data router R8000 over IPv6

    Thank you

    regards
     

    Attached Files:

  44. tvlz

    tvlz LI Guru Member

    I removed the first patch it is broken

    EDIT: TRY #2, This one should work, hopefully

    EDIT: As far as I can test, Patch #3 is the one that works, adding the proper IPv6 routes & GUI settings for Static IPv6 :)
     
    Last edited: Jul 16, 2017
    Jacky444 likes this.
  45. Sean B.

    Sean B. LI Guru Member

    @Jacky444 , I'm bad at catching up on threads when I start off way behind, always overlook things. So I apologize if any of this is repeated or asking for info you already stated.

    What type of connection do you have to your ISP? IE: Cable, DSL, DSL w/ PPPoE etc

    I saw your ISP said to run "standard" IPv6. For that, under Basic->IPv6 are you configured with the Service Type as Native?

    What is your configuration for IPv6 on the LAN side? Under Advanced->DHCP/dns .. SLAAC, DHCPv6, or both? I didn't spot anything in the posts showing a configuration for the LAN, only saw you configured your WAN with the IP:

    But nothing for your LAN interface ( br0 usually ).
     
    Jacky444 likes this.
  46. tvlz

    tvlz LI Guru Member

    @Jacky444
    As far as I can test, Patch #3 is the one that works, adding the proper IPv6 routes & GUI settings for Static IPv6 :)

    @Sean B.
    I think it is all fixed now.
    Jacky wanted to use Static IPv6 (post #27), which is rarely used, in order for it to work the GUI & underlying code needed changes.
     
    Last edited: Jul 16, 2017
    Jacky444 and Sean B. like this.
  47. Jacky444

    Jacky444 LI Guru Member

    If I connect to my ISP normally I can use DHCP otherwise if I define static IP i use Static IP. With IPv6 I only got static IP, so no DHCP or anything like that.

    I don't think you guys really understand me. I don't have issue connecting to the internet. It works fine using Ipv6. But only router can establish network connection on IPv6. Meaning any other computer in LAN can't use that IPv6 network that works perfectly fine on the router (including DNS).

    To overcome that me and my provider tried to use routers Ipv6 address (so LAN br0) as gateway and random IPv6 address on computer which works on subnet 64 which is used in LAN. 126 is only used on WAN so no need to mess around that in LAN.

    Does that make some sense? The problem is that routing is broken from Computer To router and from router to WAN. I don't know how else to explain this.

    The above message I wrote gives you all details except what I use on my PC. On my PC i set manually ISP's DNS (ipv6) my router's IP (br0 address) as gateway and as ipv6 for LAN i use random Ipv6 e.g.:
    fe80:0:0:0:c604:15ff:fe3b:b1ea

    @tvlz
    The patches you provide I can't simply "use" I have to manually apply them to my router. So to save some time I first tried applying the code manually which didn't work. I'm very grateful to you of course! I just can't get it to work.
     
    kille72 likes this.
  48. Sean B.

    Sean B. LI Guru Member

    I understand what your issue is, and have troubleshot the same problem before. However without complete and detailed information in regards to your WAN and LAN, for instance I do not know what prefix size you're supposed to have for the LAN side.. /48.. /64? I don't know.. I've only seen the /126 you said is for your WAN. I cannot assist. Sorry.

    I can say this much, if you're only assigning that fe80 IP to your LAN, that's a problem. Your LAN interface needs a globally routable IP address.. not another link-local. As your LAN side is routed through it's global address:

    LAN interface link local IP: fe80::a62:66ff:fe3a:xxxx
    LAN interface global IP: 2601:1c0:xxxx:xxxx::x/64

    tracert -6 from LAN computer
    PS C:\Windows\system32> tracert -6 www.google.com

    Tracing route to www.google.com [2607:f8b0:400a:800::2004]
    over a maximum of 30 hops:

    1 <1 ms 1 ms 1 ms Storage [2601:1c0:xxxx:xxxx::x]
    2 30 ms 14 ms 31 ms 2001:558:4060:17::1
    3 12 ms 8 ms 9 ms xe-0-1-0-sur03.eugene.or.bverton.comcast.net [2001:558:f2:1a8::1]
    4 8 ms 10 ms 8 ms ae-2-sur04.eugene.or.bverton.comcast.net [2001:558:f0:143::2]
    PS C:\Windows\system32>
     
    Last edited: Jul 10, 2017
    Jacky444 likes this.
  49. Jacky444

    Jacky444 LI Guru Member

    Router automatically generates local 64 addresses. Lmfao the above stuff I wrote gives you all the information possible except how I configure the computers. Local prefix is 64, WAN is 126. This works fine on NETGEAR official firmware so how is my configuration a problem?

    ROUTER IPv6:
    Code:
    root@main:/tmp/home/root# ping -6 google.si
    PING google.si (2a00:1450:4014:801::2003): 56 data bytes
    64 bytes from 2a00:1450:4014:801::2003: seq=0 ttl=57 time=14.392 ms
    64 bytes from 2a00:1450:4014:801::2003: seq=1 ttl=57 time=14.012 ms
    64 bytes from 2a00:1450:4014:801::2003: seq=2 ttl=57 time=14.036 ms
    Code:
    root@main:/tmp/home/root# ip -6 route show
    2a01:260:8004::/126 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    default via 2a01:260:8004::1 dev vlan2  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    PC Ping:
    Code:
    C:\Users\Prahec>ping -6 defikon.com
    
    Pinging defikon.com [2a01:4f8:191:4309::2] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 2a01:4f8:191:4309::2:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    PC Trace Route:
    Code:
    Tracing route to google.si [2a00:1450:4014:801::2003]
    over a maximum of 30 hops:
    
      1     *        *        *     Request timed out.
      2  General failure.
    
    Trace complete.
    

    Router IPs
    Code:
    LAN
    Router IPv6 Address 2a01:260:8004::1
    IPv6 Link-local Address fe80::c604:15ff:fe3b:b1ec
    
    ipv6-config.jpg

    What else do you need? I'm more than happy to provide/change settings.

    P.S.: My bad on current screen shot I have wrong gateway, moment.
     
    Last edited: Jul 10, 2017
  50. tvlz

    tvlz LI Guru Member

    Is that right?
    Should it be not be the Subnet address?
    Code:
    From translated T-2 LINK above
    Connecting segment: 2a01: 260: XXXX :: 0/126
    T-2 router: 2a01: 260: XXXX :: 1
    Your router: 2a01: 260: XXXX :: 2
    Mac address that you must type in with the "ipv6 neighbor" option: 00: 90: 1a: a4: d9: XX   -  VDSL ONLY
    Subnet: 2a01: 260: XXXX: 0001 :: / 64
    
    DNS 1: 2a01: 260: 1: 2: 3
    DNS 2: 2a01: 260: 1: 3: 3
    I was going to have you try,
    Code:
    ip -6 route add ::/0 dev vlan2
    instead of
    ip -6 route add 2a01:260:8004::1 dev vlan2
    ip -6 route add ::/0 via 2a01:260:8004::1 dev vlan2
    you may also need to uncheck the WAN RA box?
     
    Jacky444 likes this.
  51. Sean B.

    Sean B. LI Guru Member

    There's so many things wrong with what you state is your configuration I don't know where to begin. But frankly, I can tell by the sarcasm and attitude that either you don't want my help, or are already convinced this has nothing to do with your config. So I digress. Good luck Sir.
     
    Jacky444 likes this.
  52. Jacky444

    Jacky444 LI Guru Member

    That's not true. I stated before that a professional IT from a company that does these sort of things on hourly basics couldn't fix it and claimed there is issue within the kernel/firmware it self. The problem is supposed to be prefix mixing between LAN/WAN and that some how the Tomato firmware can't properly work with this sort of "forwarding". I wrote above I'm ready to try anything. I've been trying to do this for ever a year.

    I gave up multiple times.

    I will try. I don't have VDSL, I'm on fiber. I have unchecked WAN RA, my ISP suggested that doesn't work with their services. I will update post once I get results :) Thanks for not giving up TVLZ!

    P.S.: I thought IPv6 works the same way as IPv4. LAN is just LAN with its own address space and subnets. When you connect to outer world you use ISP's "settings". So basically isn't router also acting as a "gateway" and just forwards traffic to WAN?

    I don't understand how ISP's settings have to do anything with my problem that I can't connect from computers through router (as gateway) to internet. Same way IPv4 works?
     
    Last edited: Jul 11, 2017
  53. Sean B.

    Sean B. LI Guru Member

    There's a very big difference between how IPv6 and IPv4 work when it comes to LAN and WAN. The thing is, with IPv4 how the average configuration is setup.. you get one internet IP address.. that means such as 5.5.5.5.. that IP can reach out to the world.. it's "globally" routable. Then, on your LAN side.. you have local-only IP ranges.. such as 192.168.0.1 etc.. those IP addresses are NOT globally routable.. they can not reach outside of your LAN and are used for local client to client and router to client traffic. Your router uses NAT ( network address translation ) to manage feeding all the clients a connection to the outside world through that single 5.5.5.5 IP address.. matching the incoming/outgoing traffic on that one IP to the correct local-only IP of the client its meant for. With IPv6, there's enough address space that with a single /64 prefix assigned by your ISP you can have some odd THOUSAND of globally routable IP addresses. This means your LAN is no longer just a "LAN" . Your router will hand out real-world fully global IP addresses to your client computers. While all the traffic is still "routed" through your router as a gateway.. from the outside ( internet ) each computer can now be reached via it's own specific IP address.. no more dealing with port forwarding or conflicts.. because each computer is separate etc. And as such.. this addressing configuration needs to match what you've been delegated by the ISP. Or, while your clients will accept the prefix and addressing your router advertises.. they end up going nowhere. And I can tell you, for a absolute fact, you're not giving me the full info I need. I'm not saying that you're doing it on purpose.. but it isn't there. The prefix you showed was a /126 ( which doesn't make sense either, I'm guessing that's actually suposed to be a /128 (*IF* the /64 you said your router created is valid) which would be an IP address for the WAN interface ) .. and you cannot have a /64 prefix pulled from a /126.. it's basic math. IPv6 uses 128bit address length. A /64 prefix means 64 bits out of those 128bits are hard-set by your ISP.. and the rest of the bits are available for you to make your own addresses. If your ISP has set /126 of 128 bits.. that means you can have 4 addresses.. and CAN NOT have a /64 being advertised by your router. If your router does this, client traffic will hit a wall when it reaches your ISP's routers.. as they will deem the addresses invalid and drop the traffic.

    Now, if the prefix your ISP assigned is actually a /126.. it's related to wanting a static IPv6 configuration and the fact your router is creating a /64 to advertise is incorrect. This means that you have only 4 IPv6 IP addresses available to you and will require specific configuration on your router, due to SLAAC. SLAAC is IPv6's way to allow clients to auto-configure an IP address by simply receiving an advertised prefix. To do so, the prefix has to be /64 or smaller.. there has to be at least 64 bits out of 128 left unassigned in order for the algorithm to come up with a complete IP address. So if you have a /126 you will need to explicitly disable SLAAC on the LAN and use only DHCPv6 with a manual configuration to either dynamically hand out those 4 IPv6 IP's.. or via static IP/MAC assignments.
     
    Last edited: Jul 12, 2017
    Jacky444 likes this.
  54. Jacky444

    Jacky444 LI Guru Member

    Thanks for explanation. Didn't really know all that because I didn't care about IPv6. But lately I don't know, it seems more and more used and faster too. I found pinging same location 8ms faster over IPv6 ( I know this is not normal, but I swear Its true, I tested it on my own dedicated servers ).

    All I got from ISP were these infos:

    Code:
    Connecting Segment (or something like that): 2a01:260:8004::0/126 (2a01:260:8004:0:0:0:0:1/126)
    T-2 Routers: 2a01:260:8004::1
    My Router:   2a01:260:8004::2
    Subnet:      2a01:260:8004:0001::/64
    
    DNS 1:        2a01:260:1:2::3 (2a01:260:1:2:0:0:0:3)
    DNS 2:        2a01:260:1:3::3
    
     
  55. Sean B.

    Sean B. LI Guru Member

    Thank you, that info is clear and well organized. I'll check on the routing this evening after work. One other thing, did your ISP give you this info stating you will have static IPv6 addresses? Or is this their standard dynamic configuration?
     
    Jacky444 likes this.
  56. Jacky444

    Jacky444 LI Guru Member

    I requested static IPv6 address because I run some servers from home as secondary to my main and they also run on IPv6 address space (e.g. DNS) so I'm sure its static yeah. I also had to provide my router's MAC address for the IP to work (not sure why though, maybe some sort of lock?)
     
  57. Sean B.

    Sean B. LI Guru Member

    I've just taken a quick look-over now that I'm home, so haven't compared everything yet. But so far:

    @tvlz is right about your routers br0 (LAN) interface IP. You currently have it set to the same IP as your ISP's nexthop router.
    It's missing the additional :0001:: subnet of your routed prefix.

    To start, I'd suggest you configure everything how it was when you were able to ping -6 google.com from the router successfully, but change anything that doesn't match the following:

    Your vlan2 (WAN) interface should have the IP: 2a01:260:8004::2/126 Scope = Global

    Make sure the MAC Address you gave your ISP was the MAC shown on the VLAN2 (WAN) Interface and not from br0.

    Your br0 (LAN) interface should have the IP: 2a01:260:8004:0001::1/64 Scope = Global

    Routing table should be:

    2a01:260:8004::2 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004:0001::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
    default via 2a01:260:8004::1 dev vlan2 metric 1024 mtu 1500 advmss 1440 hoplimit 0

    I may have missed it, but don't think you mentioned what type of connection you're on. Cable? DSL? etc.
    If DSL you may need to add the ISP's nexthop router's MAC to the neighbor link manually as well.

    Run these commands:

    Code:
    cat /proc/sys/net/ipv6/conf/vlan2/forwarding
    cat /proc/sys/net/ipv6/conf/br0/forwarding
    cat /proc/sys/net/ipv6/conf/vlan2/accept_ra
    First two should return a value of 1
    Last one should return a value of 2
    If not, change the value using: echo # > /proc/sys/net/ipv6/conf/X/Y

    # = value
    X = dir
    Y = filename


    In GUI of the router goto Advanced->DHCP/dns - enable (check the boxes) both SLAAC and DHCPv6 for Announce IPv6 on LAN. Reboot a client computer as to be sure its route cache is cleared and see how it goes. I'll dig deeper as time allows. Btw, what ISP are you with? So I can research what implementation for IPv6 rollout they use.


    Fun fact: I was a little short on my statement about how many individual global IP addresses can come from a /64 prefix. A /64 has 18,446,744,073,709,551,615 ( or 18 quintillion ) addresses available. If you took the entire IPv4 internet as it exists today and stuffed it into a single /64 prefix, it would use less than 1% of it. And a /64 is the smallest prefix ( baring the random and rare cases ), in terms of addresses available, handed out by ISP's to end users. Don't know about you guys, but trying to comprehend how many addresses that could add up to hurts my brain.
     
    Last edited: Jul 14, 2017
    Jacky444 likes this.
  58. Jacky444

    Jacky444 LI Guru Member

    Thank you very much for the time you have taken to write the above explanation!

    I know about IPv6 address space, I understand a lot about it actually including no nat etc... I did read about it. But I never really understood how routing works on router and NAT and stuff like that. I focused on software/servers (nginx, dhcp, dns, mysql, apache, php) not the net it self. I'm also Web Developer and I manage dedicated servers for company called "StreamingPulse". Any how, I wrote above that I'm on Fiber yeah ^^. Umm I tried above with something like:

    Code:
    ip -6 addr add 2a01:260:8004::2 dev `nvram get wan_iface`
    ip -6 addr del 2a01:260:8004::1 dev br0
    ip -6 addr add 2a01:260:8004:1::1 dev br0 scope global
    ip -6 route del default dev vlan2
    ip -6 route del 2a01:260:8004::/64
    ip -6 route add 2a01:260:8004:1::/64 dev br0
    ip -6 route add default via 2a01:260:8004::1 dev `nvram get wan_iface`
    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
    on WAN UP. And it produced some very strange results:
    Code:
    root@main:/tmp/home/root# ip -6 route
    2a01:260:8004::2 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004::/126 dev vlan2  proto kernel  metric 256  expires 2591961sec mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004:1::/64 dev br0  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    default via 2a01:260:8004::1 dev vlan2  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    default via fe80::290:1aff:fea3:1c13 dev vlan2  proto kernel  metric 1024  expires 1761sec mtu 1500 advmss 1440 hoplimit 0
    The routes with "expires" in them were added automatically by the router. SLAAC or DHCP6 create this address for my PC:
    Code:
    Connection-specific DNS Suffix:
    Description: Intel(R) Ethernet Connection (2) I218-V
    Physical Address: ‎1C-B7-2C-EF-E3-9B
    DHCP Enabled: No
    IPv4 Address: 192.168.1.2
    IPv4 Subnet Mask: 255.255.255.0
    IPv4 Default Gateway: 192.168.1.1
    IPv4 DNS Servers: 84.255.210.79, 84.255.209.79
    IPv4 WINS Server:
    NetBIOS over Tcpip Enabled: Yes
    IPv6 Address: 2a01:260:8004:0:e1d5:cd06:341b:e8ad
    Temporary IPv6 Address: 2a01:260:8004:0:b1ab:5168:6b9e:b8f8
    Link-local IPv6 Address: fe80::e1d5:cd06:341b:e8ad%4
    IPv6 Default Gateway: fe80::c604:15ff:fe3b:b1ec%4
    IPv6 DNS Servers: 2a01:260:1:2::3, 2a01:260:1:3::3
    Weird right?

    Anyhow, pinging / trace works on router again and not on computer. On Computer I get "REQUEST TIMED OUT".

    Now for sake of stupidity (I am probably very wrong here) I tried following as well:
    IPv6 Addr: 2a01:260:8004:1::3
    IPv6 Gateway: 2a01:260:8004:1::1

    But Windows produced following:
    Code:
    Connection-specific DNS Suffix:
    Description: Intel(R) Ethernet Connection (2) I218-V
    Physical Address: ‎1C-B7-2C-EF-E3-9B
    DHCP Enabled: No
    IPv4 Address: 192.168.1.2
    IPv4 Subnet Mask: 255.255.255.0
    IPv4 Default Gateway: 192.168.1.1
    IPv4 DNS Servers: 84.255.210.79, 84.255.209.79
    IPv4 WINS Server:
    NetBIOS over Tcpip Enabled: Yes
    IPv6 Address: 2a01:260:8004:0:e1d5:cd06:341b:e8ad, 2a01:260:8004:1::3
    Temporary IPv6 Address: 2a01:260:8004:0:b457:d7f2:de3b:36e1
    Link-local IPv6 Address: fe80::e1d5:cd06:341b:e8ad%4
    IPv6 Default Gateways: fe80::c604:15ff:fe3b:b1ec%4, 2a01:260:8004:1::1
    IPv6 DNS Servers: 2a01:260:1:2::3, 2a01:260:1:3::3
    
    Pinging from Windows still doesn't work tho, neither case. Am I still missing something? Did I missunderstand something? Btw forwarding and WAN RA is all okay as u wrote above. 1/1/2. Even tried setting RA to 1 and same problems.

    P.S.: I'm sure about MAC, I set it on VLAN2 from beginning as I know which interface is used for what. So I'm sure about that one at least ^^.

    P.P.S.: Here is also IP config:
    Code:
    vlan2     Link encap:Ethernet  HWaddr C4:04:15:3B:B1:FC
              inet addr:84.255.204.237  Bcast:84.255.255.255  Mask:255.255.192.0
              inet6 addr: fe80::c604:15ff:fe3b:b1fc/64 Scope:Link
              inet6 addr: 2a01:260:8004::2/126 Scope:Global
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:3049318 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4791219 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:356734547 (340.2 MiB)  TX bytes:6769807777 (6.3 GiB)
    
    br0       Link encap:Ethernet  HWaddr C4:04:15:3B:B1:EC
              inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::c604:15ff:fe3b:b1ec/64 Scope:Link
              inet6 addr: 2a01:260:8004:1::1/64 Scope:Global
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:6495856 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3770169 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:9196775154 (8.5 GiB)  TX bytes:434692951 (414.5 MiB)
    
    
    P.P.P.S.:
    OH MY GOD! IT STARTED TO WORK!!!
    Unbelievable, after 1 year of trying and messing around it works!!!

    HECK!

    I don't know exactly what I "fixed" but after messing around ip6 config on PC it started to work. Wow ipv6 finally works! Thank you so much for help every one! Specially you @Sean B. and @tvlz

    The routes work so you were right about all Sean. Thanks!

    P.P.P.P.S.: IPv6 now works every where on my LAN. Including mobile/tablet devices and other computers. Thank you all again really I haven't been this happy in a while :)!
     
    Last edited: Jul 14, 2017
    kille72 and Sean B. like this.
  59. Sean B.

    Sean B. LI Guru Member

    That's awesome! And you're welcome, happy to help. Also glad you stuck with it through the frustration, finally paid off for ya. If you need any assistance getting this configured into the GUI ( or scripts if needed ) so you don't have to manually reconfigure everything after router reboots, let me know. :)
     
    Jacky444 and kille72 like this.
  60. Jacky444

    Jacky444 LI Guru Member

    Thanks! At the moment I just setup wanup script seems to work fine (tried rebooting the router). However I do believe we might need to implement this into firmware it self. However due to differences in IPv6 configurations I don't dare to go that far on my own. So I'll leave this work to Shibby or anyone else really who understands Tomato's coding from within. I'm really focusing only on GUI part of the Tomato ^^.

    Any how, it works and its awesome! I do have big problem tho, my ISP's network speeds on IPv6 are horrible. Not sure how that works but my net is 300/50 mbps and on IPv6 it goes only up to 20mbps up/down. I'm already writing them about it. =)
     
    kille72 and Sean B. like this.
  61. Sean B.

    Sean B. LI Guru Member

    That's odd about the speeds, you may try doing a traceroute -6 out to google.com and see if a hop shows bad latency or packet loss. As an option, I *think* using the GUI in this fashion may work for you:

    Basic->IPv6

    Service Type = Native IPv6 from ISP

    Assigned/routed prefix = 2a01:260:8004:0001::

    Prefix length = 64

    Router IPv6 address = Manual - 2a01:260:8004:0001::1

    Static DNS = 2a01:260:1:2::3, 2a01:260:1:3::3

    Accept RA from - WAN = checked / LAN = not checked

    -----

    This covers everything *except* specifying the vlan2 (WAN) IP and its route.. but it may configure that itself via the RA it receives from the ISP's router. If you decide to try it let me know if it works, as I'd be curious to know.

    Welcome to the IPv6 internet ;)
     
    Jacky444 and kille72 like this.
  62. Jacky444

    Jacky444 LI Guru Member

    Thanks!!! My ISP fixed the speed problem, it seems they had some "default speed limits" for IPv6.

    The best that I could do was like you wrote above GUI settings and these additional WANUP commands (I left forwarding just in case, but other 3 are required):
    Code:
    ip -6 addr add 2a01:260:8004::2/126 dev `nvram get wan_iface`
    ip -6 route del default dev vlan2
    ip -6 route add default via 2a01:260:8004::1 dev `nvram get wan_iface`
    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
     
  63. Jacky444

    Jacky444 LI Guru Member

    Um just last question can I some how set static IPv6 of my computer/router? on computer I set 2a01:260:8004:1::3 but that's routet to computer right? I also need to get my proxy on router available to outside world (I think that I did that by binding Nginx to all interfaces and portforwarding port 80/443 on ip6tables - as test my current ipv6: http://[2a01:260:8004:1:b003:2e62:3b48:6572]/). But my problem is that IPv6 keeps changing because I guess I have dedicated subnet, but can i somehow set static IPv6?

    Thanks in Advance!
     
  64. tvlz

    tvlz LI Guru Member

    How soon one forgets. :rolleyes:
    That's what the patch I made is for, now that you got IPv6 working it looks like the patch just needs some adjustments.
     
    Last edited: Jul 14, 2017
  65. tvlz

    tvlz LI Guru Member

    You need to use the Permenent IPv6 Address: for incoming connections, it stays the same always it is based on MAC address
    The Temporary IPv6 Address: changes often.

    You also need to open the needed IPv6 ports in the firewall.
     
  66. Sean B.

    Sean B. LI Guru Member

    Sure, providing that /64 prefix from your ISP is statically assigned to your router, and sounds like that's what you had them do.

    What we'll do is manually configure DHCPv6. We'll set an IP range from your prefix as a dynamic pool, so any hosts you don't need/want to configure static or hosts that come on later can still pull an IPv6 address. Then we'll set lines assigning IPs from within your prefix but outside of the dynamic range for the hosts you want static.

    In the routers GUI under Advanced->DHCP/dns:
    • Disable (uncheck) SLAAC and DHCPv6 under Advertise IPv6 on LAN
    • In the Custom Configuration box set these lines:

    Code:
    enable-ra
    dhcp-range=tag:br0,::10,::50,constructor:br0,64,1440m
    dhcp-option=tag:br0,option6:dns-server,[::]
    That will create a dynamic pool of 40 IP's ending in 10 to 50 using the /64 prefix from the br0 (LAN) interface for DHCPv6 to hand out with a standard lease time of 1440 minutes. It will also set the DNS server flag in the DHCPv6 response as the global IP of the br0 (LAN) interface. If you'd rather this be some other server simply replace the :: at the end with the IP of the dns server you want. Make sure to keep the [ ] 's around the IP though.

    Now for the static hosts. Configure one of these lines for each host you want to be static, underneath the lines we put in in the previous step.

    Code:
    dhcp-host=MAC,[2a01:260:8004:1::#]
    MAC = MAC address of host

    # = any number from 51 and above ( technically any number from 51 - 9999 .. and hex alphanumeric as well, but unless you've got a couple billion host computers.. no need to make the address complicated ;) ).

    Remember to reboot your client computers after you've reconfigured the router. Let me know if there's any issues.
     
    Last edited: Jul 14, 2017
  67. Jacky444

    Jacky444 LI Guru Member

    I agree. Thanks again tvlz!
    I sent mail to my ISP as well but for now I will try solution @Sean B. provided, seems to fit! :) Also I already opened ports using ip6tables that's why temporary IP above is available :) (don't want to sound rude here! just stating obvious)

    Thanks! I have no time to check this now, but I will try tomorrow! I already have some special configs for DHCP but don't think the above code will mess it up :) Just great!

    P.S.: I'm using my own hosts table, could that also work same as above code?
    Oh and how to set static IP of the router it self? I run Nginx as proxy on my R7000. Does I am sorry I know I sound blonde but I'm asking to be sure ^^. I suck at IPv6 as I've proven before

    P.P.S.: Just decided to do static ip now, this is awesome, so no NAT routing direct IPv6?!? Man I am starting to LOVE IPv6!!!

    P.P.P.S.: Figured it all out! Very awesome!
     
    Last edited: Jul 15, 2017
    Sean B. and M_ars like this.
  68. Sean B.

    Sean B. LI Guru Member

    Hehe no problem bud, I get crossed up with the routing quite often as well. IPv4 was at least manageable when looking at it.. you could follow routes and subnets in a flow. But trying to follow IPv6 IP addresses is more like playing that old card game "memory" while drunk as hell hah. Your router IPs will stay the same. We set the br0 (LAN) interface via manual configuration in the GUI Basic->IPv6, and your wanup script is setting the vlan2 (WAN) IP address and route. Keep in mind the router IP's don't mean much anymore when it comes to accessing your LAN from the internet, as your servers and other clients can be reached via their own IP's. ( Just realized you were asking due to running a proxy on the router itself, my bad. Use the br0 (LAN) global IP to access it as you would from the LAN. However you will need to set policy rules to allow external access. Same with any client computers that are running their own firewall.)

    As in you tried out the DHCPv6 config I put up? If so, seem to be working how you want?
     
    Jacky444 likes this.
  69. Elfew

    Elfew Network Guru Member

    Good job guys!
     
    Jacky444 and Sean B. like this.
  70. Jacky444

    Jacky444 LI Guru Member

    Basically for IPv4 I setup "local" IP for Nginx 192.168.1.200 which runs as "br0:0". Then I binded NGinx to it and routed NAT to my WAN IP. Maybe there was shorter solution but I couldn't bind it directly to WAN IP for some reason so I stayed with that for some time.

    For IPv6 I thought that would be the same, but then I realized I could just use real router IP which is what we set
    2a01:260:8004::2 and it worked. No NAT needed (As I realized it doesn't exist on IPv6). The IP's and "binary" codes on IPv6 hard to totally understand I guess, but after some time of trying and messing each time I learned more :D so now it doesn't sound so bad. I might even master it in some time haha.

    The DHCP config is awesome, basically runs the DHCP AND at the same time allows static clients. I always configured my routers something like that. So thanks! I also added my static DNS addresses and changed range from 1:50 to something like 100:150. I prefer static IP's lower than "random ranges".

    So If I understand correctly, no NAT on IPv6 but it still uses gateway to access internet? That gateway can also block ports same as before, since data still flows through router? The biggest difference is that computers / devices don't use "WAN" (routers IP) but their own which was dedicated by the router via DHCP6 or SLAAC.

    I kinda love that there is so many possible addresses, okay there is no way I will ever remember mine like I did on all my IPv4 addresses, but there are some advantages and I kinda love them. Also the subnet of addresses per possibility is just amazing. I also have much lower pings, I guess my ISP/My Host routes IPv6 much better, see small bench bellow (me -> my dedicated server in Germany (i'm from slovenia)):
    Code:
    Pinging defikon.com [144.76.42.10] with 32 bytes of data:
    Reply from 144.76.42.10: bytes=32 time=20ms TTL=57
    Reply from 144.76.42.10: bytes=32 time=20ms TTL=57
    Reply from 144.76.42.10: bytes=32 time=22ms TTL=57
    Reply from 144.76.42.10: bytes=32 time=20ms TTL=57
    
    Ping statistics for 144.76.42.10:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 20ms, Maximum = 22ms, Average = 20ms
    
    Code:
    Tracing route to defikon.com [144.76.42.10]
    over a maximum of 30 hops:
    
      1    <1 ms    <1 ms    <1 ms  MAIN [192.168.1.1]
      2     1 ms     1 ms     1 ms  93-103-0-1.gw.t-2.net [93.103.0.1]
      3    <1 ms    <1 ms     1 ms  84-255-250-133.core.t-2.net [84.255.250.133]
      4    18 ms    18 ms    18 ms  193.203.0.198
      5    18 ms    18 ms    19 ms  core11.nbg1.hetzner.com [213.239.229.161]
      6    21 ms    20 ms    20 ms  core23.fsn1.hetzner.com [213.239.245.226]
      7    21 ms    20 ms    21 ms  ex9k1.rz19.hetzner.de [213.239.229.50]
      8    20 ms    20 ms    20 ms  defikon.com [144.76.42.10]
    
    Trace complete.
    
    And IPv6:
    Code:
    Pinging defikon.com [2a01:4f8:191:4309::2] with 32 bytes of data:
    Reply from 2a01:4f8:191:4309::2: time=16ms
    Reply from 2a01:4f8:191:4309::2: time=16ms
    Reply from 2a01:4f8:191:4309::2: time=16ms
    Reply from 2a01:4f8:191:4309::2: time=16ms
    
    Ping statistics for 2a01:4f8:191:4309::2:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 16ms, Maximum = 16ms, Average = 16ms
    
    Code:
    Tracing route to defikon.com [2a01:4f8:191:4309::2]
    over a maximum of 30 hops:
    
      1    <1 ms    <1 ms    <1 ms  2a01:260:8004:1::1
      2     1 ms     1 ms     1 ms  2a01-260-8004--1.link6.t-2.net [2a01:260:8004::1]
      3     1 ms    <1 ms    <1 ms  2a01-260-1-1--5a.core6.t-2.net [2a01:260:1:1::5a]
      4    13 ms    13 ms    13 ms  2001:7f8:30:0:2:1:2:4940
      5    13 ms    13 ms    13 ms  core11.hetzner.de [2a01:4f8:0:3::22d]
      6    16 ms    16 ms    16 ms  core24.fsn1.hetzner.com [2a01:4f8:0:3::1a]
      7    16 ms    16 ms    16 ms  ex9k1.rz19.hetzner.de [2a01:4f8:0:3::1a6]
      8    16 ms    16 ms    16 ms  2a01:4f8:191:4309::2
    
    Trace complete.
    P.S.: I do have sometimes dropouts from IPv6 for some reason, could be PC or router, not sure. Maybe even lease. Its happened 2x so far since yesterday. I will investigate ^^.
     
  71. Sean B.

    Sean B. LI Guru Member

    Glad you're enjoying the concept of what it can offer. Many people still frown upon it, so to speak, but that's because it's new and kind of shakes up the foundation of what they already know as IP addressing. Getting away from all the annoyances of NAT and port forwarding ( especially for gaming ) and the massive configuration options it provides I find very interesting and fun. And now that you have a working IPv6 setup, you can play around with it which is the best way to learn.

    It's how I've always done it as well. I suppose one would technically call this setup "DHCP reservations" rather than static.. but they go hand-in-hand. And by all means, tailor the IP's and configuration to suite your liking.

    Correct, no NAT for IPv6. Although in newer linux kernel versions than what we're able to run on our routers they did implement what they call Nat6. This was done to fill the gap left by NAT for being able to DNAT and SNAT packets for policy routing. But IPv6 does not need or use NAT, sense there is no longer the situation of only having one global IP for multiple local clients. It may make more sense for you if you now look at your gateway as a router with firewall capability. The term Gateway is commonly related to a device that controls the global IP and provides the ability ( NAT ) for clients to share that single IP. Now, your router is much more just a router. Lets say you're on a business trip in a hotel somewhere and you want to SSH into your home desktop, you would ssh to the desktop's IPv6 IP. When you do that, the packets get routed through hop after hop just like when you access anything else over the internet.. and now, instead of being the destination of those packets which would then translate it over to a local destination and be a middle man, your router is just another hop... the last one before the destination. But, sense all inbound and outbound connections from your LAN to the internet run through the router, it can act as a firewall for your network, and enforce routing policy on any traffic that goes through it.

    Wow, pretty much dropped your latency by half. Nice! And yes, good luck remembering the IP lol. If you want to use it for connecting while away from home, I suggest you enter it as a note in your phone or something like that, they are just too big.

    Strange. If they continue, try to determine first if it's only the LAN clients that are losing IPv6 connectivity.. or if you can't ping -6 out from the router when this happens as well. That will determine what areas we start to look at for an issue.
     
  72. Jacky444

    Jacky444 LI Guru Member

    I agree totally, its new world and its amazing! I own some domains so I'll just use DNS to remember IP's haha :D easy. Guess that's what DNS was made in the first place. I really do love the concept so far a lot. Too bad its holding up so slowly.

    All is good so far except these drops, it keeps happening and only on IPv6. Pings get "Request Timed Out" and browsers start using IPv4 as default. Its really strange. Also the windows network config didn't change so Its not DHCP6, I'm guessing router has some issue with IPv6 not sure really.

    I did notice this repeating in the log tho, could be simply just notice and can be ignored:
    Code:
    Jul 15 13:45:35 main kern.debug kernel: IPv6 addrconf: prefix with wrong length 126
     
  73. Sean B.

    Sean B. LI Guru Member

    Let's test something out. Change your wanup script to set a /128 instead of /126 on vlan2

    Code:
    ip -6 addr add 2a01:260:8004::2/128 dev `nvram get wan_iface`
    ip -6 route del default dev vlan2
    ip -6 route add default via 2a01:260:8004::1 dev `nvram get wan_iface`
    That would still make more sense to me, being a /128 which is a single full IP.. as most configurations will have for the WAN interface. Perhaps /126 was a typo or oversight from the ISP. If it doesn't work and breaks your IPv6 connectivity, I'll come up with some more avenues for testing.

    You may understand this fully already, but just saw a possibly good way to explain how your WAN interface and LAN interface are being separated by your ISP's configuration. Take a look..

    ISPs router:........... 2a01:260:8004::1
    Your WAN interface: 2a01:260:8004::2
    Your LAN interface:. 2a01:260:8004:1::1

    If you think about how IPv4 does subnets.. 192.168.0.0/16 is one tier higher than 192.168.1.0/24 .. that's exactly what the ISP is doing with your interfaces, there's just a boat load more tiers available for the ISP to use and no longer a "local only" vs "internet capable" side. Your WAN interface effectively becomes a router for your ISP in their subnet one tier above you ( but, obviously, only provides a route to you ).. and your LAN interface becomes your router in your subnet. Imagine an ethernet cable between the WAN and LAN interfaces inside your router and you see how NAT is eliminated.. you have one continuous route where all IP addresses can go everywhere. This is why, even though we call it your "LAN" interface, you use the LAN interface IP to connect to the router ( even from the internet side thanks to IPv6 ) and not the WAN's.
     
    Last edited: Jul 15, 2017
  74. Sean B.

    Sean B. LI Guru Member

    Oh, I just noticed something. How exactly did you configure your NGinx server to use the WAN IPv6 IP of 2a01:260:8004::2? I highly suggest you do not run it this way. As I believe this exposes the system to an excessive amount of broadcast and multicast traffic and circumvents any kind of access control/connection tracking done by your router. Think of your router as the front door of your house.. the 2a01:260:8004::2 is the outside face of your door.. and 2a01:260:8004:1::1 is the inside face of your door. You can access both through the same door.. but the 2a01:260:8004::2 side always sees everything on that side.. it gets soaked from the rain/blasted by wind/and has to see all the door-to-door salesmen that always come around right when you're sitting down to dinner. Where as the 2a01:260:8004:1::1 always sees only what's going on on the inside. There's no NAT anymore.. so all the access control and broadcast domain separation is done via routing policy only, and for that to be effective the traffic has to actually be routed to your subnet for access control.. and services need to be bound to an interface/IP inside your subnet for broadcast/multicast domain separation.. both start at your LAN interface. I believe binding the NGinx to the WAN interface puts NGinx into the ISP's broadcast/multicast domain and completely sidesteps any other access control or connection tracking etc that routing policy on your router provides. I *may* be wrong on this, I'm still learning as well.. and the rabbit hole gets deep with IPv6. But if not, I'd highly recommend binding the NGinx server to the br0 interface or it's IP of 2a01:260:8004:1::1 .
     
    Last edited: Jul 15, 2017
  75. Jacky444

    Jacky444 LI Guru Member

    Thanks for your time really, you help me a lot and its really eating your time!

    I figured that out about subnet range yeah, I never really understood them properly to be honest, the 16/24, then masks. I didn't really get it but then again I really never cared about them since DHCP did almost all for me and default values in most times were enough. So I don't really get the subnet on IPv6 64 vs 128 or even 32. I don't really understand the relation between them.

    My ISP T-2 D.O.O. seems to provide 126 prefix to every one (how that works I don't understand :D), I can also see that on "unofficial" forum https://t-2.rula.net/viewtopic.php?f=1&t=4933&start=540 so I don't think it was an error. However as U stated few posts above, 126 does sound strange since it doesn't divide/multiply with 16, 32,64,128.

    I set 128 for now and will let u know what happens, net seems to work using that prefix without problem (removed IP first and then added same one with /128 on the end).

    I do like the way IPv6 works yeah!!!
     
  76. Jacky444

    Jacky444 LI Guru Member

    I thought about that too, but I couldn't get br0 to work so I went with WAN. I will give it more tries because you are right about that, I thought about it that way too.

    Umm about prefix 128 i still get same error after a while, so that's epic weird. Maybe router is detecting prefix 126 and reporting error? I triple checked, I have no 126 subnet anywhere defined, only 128. Even in ip6tables.
    Code:
    Jul 15 22:04:03 main kern.debug kernel: IPv6 addrconf: prefix with wrong length 126
    Strange part is also that only Windows machine suffers this, my VPS running on same computer just using "virtual" interface works fine on Ubuntu 16.04. No IPV6 dropouts. So could be related issue to Windows only
     
  77. Sean B.

    Sean B. LI Guru Member

    So only client computers running Windows lose IPv6 connectivity? And that error log is coming from the router correct? That's incredibly strange.. the only instance of a /126 prefix that should be in the routers configuration would be that wanup script line setting the IP address on the WAN interface. So the client computers should never see anything about it.. and if the /126 causes a connection drop it should drop everything.. the router and the LAN from IPv6 connectivity.. not selective clients on the LAN. You may try omitting the prefix entirely from that line, providing it doesn't just spit back a syntax error.

    Code:
    ip -6 addr add 2a01:260:8004::2 dev `nvram get wan_iface`
    If it takes the address, check ifconfig and see if left the prefix off.. or if it simply appended a prefix to it. If it appended a prefix you may lose connectivity right away or soon after.. or just keep seeing the same issue. If so, or if the lack of prefix didn't change anything you may try going into the router GUI under Basic->IPv6 and disabling (uncheck) Accept RA from WAN. This configuration is different than you'd normally see due to your static /64. Because of the static subnet you're unable to allow the normal SLAAC/DHCPv6 process to occur between your WAN interface and the ISP's routers as the prefix you get could change any time you disconnect/reconnect.. hence why the wanup script is having to configure the WAN interface. RA's carry more information than just prefix offerings, but it may not be needed at all in this situation.. and perhaps is actually causing a conflict.


    Actually, try disabling the Accept RA from WAN first. That should be the issue. Considering the time gap between IPv6 interruptions, it's spot on to the fact routers use a timer to space out how often they broadcast RA's onto the network.
     
    Jacky444 likes this.
  78. tvlz

    tvlz LI Guru Member

    A /126 is perfectly valid, your ISP gives you 4 IPv6 WAN addresses & 1 /64 LAN prefix. Try this it should get rid of the prefix with wrong length 126 error
    Code:
    ip -6 addr add 2a01:260:8004::0/126 dev `nvram get wan_iface`
    I also had another go at making a patch.
    Hopefully you will add the changes & compile this one, you will still have to make changes needed for the AT GUI.
     
    Last edited: Jul 20, 2017
    Jacky444 and Elfew like this.
  79. Elfew

    Elfew Network Guru Member

  80. Jacky444

    Jacky444 LI Guru Member

    I think Accept RA could also be an issue correct. I will try and let you know in a while :).
    Thanks a lot TVLZ I will try some time this week if I find time, I got really busy week coming up =(. Will try to make some time tomorrow after work maybe!

    P.S.: @tvlz the fix for prefix 126 issue went away after setting router IP to 0. thanks!
     
    Last edited: Jul 17, 2017
  81. Sean B.

    Sean B. LI Guru Member

    Didn't your ISP state your routers IP is ::2?

    Strange. Glad it works though :)
     
  82. Jacky444

    Jacky444 LI Guru Member

    They did yes :) But for some reason this way it works too without problematic debugging problem with prefix. Also disabling WAN RA seems to fix the problem with dropouts, for now :).

    So If I get it right, I only have 4 IPv6 addresses? That can be a problem, at home I have like 8 devices connected to the internet >_<. Soon maybe 9 lol.
     
  83. Sean B.

    Sean B. LI Guru Member

    No. Remember how I explained the difference now between the WAN interface ( now basically a router in your ISPs subnet ) and the LAN interface ( your router in your subnet ).. your LAN interface has a /64 ... that's the huge number of addresses I was talking about several posts ago.

    Out of curiosity.. what does the output of "ifconfig vlan2" show?
     
  84. Jacky444

    Jacky444 LI Guru Member

    I still get dropouts tho, just tested IPv6 on my computer again and its again "Destination host unreachable". Its really annoying haha...

    The VLAN2 config follows:
    Code:
    vlan2     Link encap:Ethernet  HWaddr C4:04:15:3B:B1:FC
              inet addr:84.255.204.237  Bcast:84.255.255.255  Mask:255.255.192.0
              inet6 addr: 2a01:260:8004::/126 Scope:Global
              inet6 addr: fe80::c604:15ff:fe3b:b1fc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:17398642 errors:0 dropped:0 overruns:0 frame:0
              TX packets:25637331 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3292366086 (3.0 GiB)  TX bytes:34771256288 (32.3 GiB)
    
    I've just added @tvlz changes to the AdvancedTomato GUI. I'm just about to compile / test it :)

    P.S.: I'm guessing router doesn't need WAN IP on VLAN2 ^^. I have no idea lol
     
  85. Sean B.

    Sean B. LI Guru Member

    As @tvlz said, a /126 is a valid prefix. However, as I stated it's very odd and comes across as an attempt to minimize address use on point to point links. I've found this doc describing what I believe is the situation with your ISP:

    CPE stands for Customer Premises Equipment. So it's saying using a /126 as the link (WAN) IP is a way to reduce prefix/address use, as I stated my gut feeling was. I think this poses oddities when it comes to routing.. and really isn't the right way for the ISP to handle this. It explains the wrong prefix issue, the links are getting confused, and packets destined for one are going out on the other.. and getting a wrong prefix reply.

    Just thought of something. Try changing the vlan2 (WAN) configuration to use the 2a01:260:8004::2/126 address as a LINK instead of GLOBAL.
     
  86. Jacky444

    Jacky444 LI Guru Member

    @tvlz
    I'm having a problem, after compiling firmware using the changes you provided in patch above, I get these routes generated:
    Code:
    2a01:260:8004::1 dev vlan2  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004::/126 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    2a01:260:8004:1::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev vlan2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
    default via 2a01:260:8004::1 dev vlan2  metric 1024  mtu 1500 advmss 1440 hoplimit 0
    
    But they don't seem to work. My computer lost IPv6 connectivity. If I add back routes like before it starts to work again. Something is going bad here.
    These things with prefixes really confuse me... For some reason adding IP as "link" doesn't work unless I'm using wrong command (Tried both ::0 or ::2 on end):
    Code:
    ip -6 addr add 2a01:260:8004::2/126 dev `nvram get wan_iface` scope link
    
    P.S.: After reboot I had to re-add 2a01:260:8004::2/126 as WAN IP otherwise DHCP6 didn't work? I don't really understand the problem that occurred, but the 2a01:260:8004::0/126 works if I don't reboot. If I reboot router the IPv6 on PC stops working even after DHCP6 properly configures interface. I don't understand anymore, honestly something is screwing up and I'm very much sure its a bug in something kernel, hardware I don't know. Could be Windows bug or Tomato, I don't know. But I'm spending so much time on this and wasting your time as well. Its really not worth the hassle. I don't give up easily but this thing is taking so much time...
     
  87. Sean B.

    Sean B. LI Guru Member

    Hold on, it's only after a reboot of the router that this issue occurs? Are you releasing and renewing IPv6 on the client machines? If not, do a reboot of the router and wait for it to fully come BAC online.. then on a Windows client machine open an admin command prompt and do "ipconfig /release6" then "ipconfig /renew6" and check connectivity.
     
  88. Jacky444

    Jacky444 LI Guru Member

    If I apply settings using TVLZ's patch above IPv6 on PC doesn't work at all. If I apply previously applied commands (as we did manually) it works after renewing IP on IPv6. But either way the command:
    Code:
    ip -6 addr add 2a01:260:8004::0/126 dev `nvram get wan_iface` scope link
    does not work after renewing IPv6 on PC / rebooting router. So I have to use 2 on end. That's what I was trying to say. Now few hours IPv6 works fine, but before it stopped working again even after disabling WAN RA. I don't really understand why but from time to time it simply stops working and resetting network interface on Windows seems to fix it.

    Weird stuff going on lolz. I will ignore the debug info in router's log, its really nothing. I have custom scripts setup to prevent logs going overboard anyway (I use custom logging paths so I can keep stuff). I have external SSD connected to the router (yeah I know, TRIM doesn't work and since its 1gbps network speed is useless) for various stuff.

    P.S.: Basically "fix" was to set "nvram set ipv6_wan_prefix=2a01:260:8004::2"
     
  89. Sean B.

    Sean B. LI Guru Member

    Ahhhhhhhhhh *face->palm* .. I should have known there'd be an nvram variable for it. But have never had to set it manually sense I've never dealt with a static IPv6 configuration. Good find Jacky!
     
  90. Jacky444

    Jacky444 LI Guru Member

    Oh ^^ you didn't properly understand :p. Umm this is new thing tvlz wrote code few posts above about it. I merged his changes with my firmware and with that code we added ability to add that nvram variable :) but GUI doesn't allow it (with the changes) because tvlz assumed prefix works like 2a01:260:8004. I'm not yet sure how/why that's done that way. But without gui I was able to set it to
    2a01:260:8004::2 which works.

    Tomato it self has no option like that yet. Does that make sense?
     
  91. tvlz

    tvlz LI Guru Member

    Can you try this from back in post #50 it will allow traffic on all of the /126 WAN addresses
     
  92. tvlz

    tvlz LI Guru Member

    Another thought maybe change the IPv6 WAN Gateway to be your router addr?
     
  93. tvlz

    tvlz LI Guru Member

    Error Checking ;)
     
  94. Sean B.

    Sean B. LI Guru Member

    Well, I think this issue is as resolved as I can be of assistance for. I'd have to trial and error explore with a setup like your ISP is running with that /126 to gain more understanding of what it's doing. And, obviously, I don't have access to a network with such configuration. Glad there's at least been some headway for ya @Jacky444 , if I may be able to assist on anything in the future I'm happy to help.
     
  95. Jacky444

    Jacky444 LI Guru Member

    Sorry I've had a bad day didn't have time to answer. That doesn't work :(

    Not working either =(.

    yeah I'm glad too. Just bad part is that I'm still not having 100% stable connection but not sure we'll be able to solve that. Basically when I reboot PC or something happens on router IPv6 doesn't come back and i have to do release/renew. I don't see any changes between commands either which is weird.
     
  96. Sean B.

    Sean B. LI Guru Member

    At first I thought you were losing IPv6 from the router.. as in no connectivity at all.. then you stated it's just the clients, and now pointing out it's only after a reboot of the client or the router that the client does not re-gain IPv6 connectivity. Any chance these are Windows clients? If so.. this may be a client issue and not router or IPv6 configuration.

    https://social.technet.microsoft.co...eaks-dhcpv6-client?forum=win10itpronetworking

    Quote from the technet thread:

    This issue came about after the August anniversary update of last year. I see posts as of March of this year saying it's been fixed, but I see posts after that siting specific builds of Windows still having the issue.

    What you can do is go into the router GUI under Advanced->DHCP/DNS and enable (check the box) for SLAAC under Advertise IPV6 on LAN. This will result in your clients having several IPv6 IP's, this is ok, as IPv6 allows for multiple addresses per client. If the IPv6 dropouts stop.. this is a good indication that it's a client issue with DHCPv6 and we'll have to assign static IPv6 IP's into the network adapter configuration of each client rather than use the method we both normally use.
     
  97. Sean B.

    Sean B. LI Guru Member

    Actually, just skip the step of trying SLAAC and configure a static IP in a client computers network adapter properties. Then see if it maintains IPv6 connectivity when others drop out.
     
  98. Jacky444

    Jacky444 LI Guru Member

    I always configure static IPv6 but I'm still losing connection on Windows after some time. Next time It happens I will copy/paste ipconfig on Windows to see what changed. But If I remember right, last time I checked nothing did. It just stopped working.

    I never really liked idea to use DHCP/SLAAC on my own computer. I also have some stuff hosting and for port forwarding static IP is required anyway.
     
  99. Sean B.

    Sean B. LI Guru Member

    Ok, that's not how I explained to do it when you asked how to make them static, so was unaware you had done so. Sorry, that was my only other idea. But so you know, if the ipconfig isn't changing when IPv6 drops, I'd suggest checking if something changes with the routes.. in Windows Powershell the command "get-netroute" will list the routing table.
     
  100. Jacky444

    Jacky444 LI Guru Member

    Thanks @Sean B. I think it's working now, tho only using static IPv6. I will try SLAAC too, well the solution you wrote above. I am really grateful for all your time and help. Now somehow I need to get this working with GUI and @tvlz 's code. Hopefully it will work for every one.

    My last question, why do we use all these (from windowses iproute'):
    Code:
    4       ff00::/8                                       ::                                               256 25       Ac
    1       ff00::/8                                       ::                                               256 75       Ac
    4       fe80::e1d5:cd06:341b:e8ad/128                  ::                                               256 25       Ac
    4       fe80::/64                                      ::                                               256 25       Ac
    4       2a01:260:8004:1::5/128                         ::                                               256 25       Ac
    4       2a01:260:8004:1::/64                           ::                                               256 25       Ac
    1       ::1/128                                        ::                                               256 75       Ac
    4       ::/0                                           2a01:260:8004:1::1                               256 25       Ac
    If IPv6 is using external addresses for every thing, why does router use "fe80::" and "fe80::e1d5:cd06:341b:e8ad". I'm guessing thats for interfaces like eth0, eth1 and vlan1, but why can't we use br0 like that as well? It just confuses me a little, the double prefixing and addresses.
     

Share This Page