ATT U-Verse and IPv6 - update: working now

Discussion in 'Tomato Firmware' started by Mercjoe, Jan 8, 2015.

  1. Mercjoe

    Mercjoe Network Guru Member

    Okay.. I updated to U-verse the other day. Faster speeds, lower price and all that.

    Anyway, I now have IPv6 available but for I can not figure out for the life of me how to get it working. Normally I would not care, but for some reason I get about 1Mbps more on speed tests with IPv6 than on IPv4. This is testing via the provided modem initially and not my router. When I speed check on the router it matches the IPv4 speeds from the modem so I reason the IPv6 have a similar result.

    I am on a WNR3500l v1 running Tomato Firmware v1.28.7506 MIPSR2Toastman-RT K26 USB VLAN-VPN-NOCAT.

    I have a Motorola NVGS510 modem configured into via IP pass-through. No sweat there; disabled wireless, set IP pass-through to manual and forwarded all traffic to The router is set to a static IP on the WAN address of The router is handling all the traffic and normal IPv4 traffic and all appears normal.

    In Basic -> IPv6 I have it configured as Native IPv6 from ISP.

    I saved it and on Status -> overview I immediately got a IPv6 Address in the WAN.

    When I go to test at I get the IPv4 info and IPv6 says 'not supported'

    In the logs I get :
    Tomato daemon.warn dnsmasq-dhcp[8904]: no address range available for DHCPv6 request via br0.

    When I do an ipconfig on my machine, I am not getting a default gateway for IPv6.

    I have read anything and everything I can find (any there is a LOT to read) and can not seem to figure this out.

    Any ideas???
  2. Grimson

    Grimson Networkin' Nut Member

    There is your problem, your modem needs to be in bridge mode.

    Because your "modem" (which is actually a router too) is not in bridge mode it manages the IPv6 address pool. And as it sees the WNR3500l only as a single client it will only delegate 1 IPv6 address to it.

    Now IPv6 does not use NAT but all addresses are public, so the WNR3500l needs access to the whole IPv6 address pool you get from your provider. This AFAIK works only when your "modem" is in true bridge mode and the WNR3500l manages the Internet connection, whether this can be done on the NVGS510 is something you have to google for yourself.
  3. Monk E. Boy

    Monk E. Boy Network Guru Member

    To my knowledge UVerse routers don't allow bridge mode, at least not without trickery that involves voiding the warranty and all hope of support from AT&T (read: very fat bill to pay from AT&T if the router ever blows up for any reason, even if it's technically their fault for it blowing up).

    The closest you can come to bridge mode is to enable DMZ mode and set your router as the DMZ host. In this mode your router will get the public IP addresses (in theory both IPv4 and IPv6) that are assigned to the UVerse router. To your router everything is peachy and it doesn't even know about the UVerse router nor anything attached to it. In reality it doesn't have the public IP address and the UVerse router is doing some god-awful screwing around with packets that quite frankly I don't trust, but I've never witnessed it actually blowing up.
  4. Mr.CTT

    Mr.CTT Serious Server Member

    Grimson is correct, and Monk E.Boy is also correct.... DHCP and Routing do not matter too much where they are unless you are using bandwidth logging or QOS or advanced features like that.

    If you don't use them... put your tomato router in repeater mode (just died a little inside) and your devices should pull IP V6 address if you set them to. (I believe this is true based on my experience with ip V4 stuff but dont have much experience with V6. also because the idea behind repeating is the same as an unmanaged switch, to just pass it, packets may change a little but i have never packet sniffed to confirm with tomato)

    I have never ever seen or found an instance where AT&T has been the fastest option. If you have Time Warner (or equal brand) in your area, and you get a Surfboard sb6121 or any above(modem with 1 port no wifi or crap built in), get a good tomato router, and back it all up by a APC UPS... you will have a significantly more reliable and faster connection when comparing plans with the same speeds to AT&T... I went that route years ago... learned my lesson... I also learned never to use my ISP's modem because they are JUNK! i pay 64.99 for 50mb/s and using my own equipment average 70 and have seen it peak at 100.

    Uverse will give you trouble down the road, this I promise you, they always crap out and lose connection or get super high ping times as they get older (my personal experience may not be all). Any time you mix wireless, with router features, and modem features you will decrease stability. Even the moderators have mentioned that if you turn wifi off on a tomato router, it significantly improves up-time and stability... why pack it all together?

    I never considered the fact your Uverse modem doesn't have an IP V6 pool to choose from. I thought of it from the spectrum of your tomato router is forcing IP V4 because it cannot get any IP V6 addresses from the Uverse modem. My entire comment may be void if that is the case.
    Last edited: Jan 9, 2015
  5. Mercjoe

    Mercjoe Network Guru Member

    There is no SIMPLE bridge mode..

    There is no DMZ mode.

    You can not simply turn off DHCP in the modem. The best it seems that you can do is define the DHCP server on the modem to a single address and then use IP pass-through to pass everything to the router.

    I can get the modem to pass the external IP to the router. All function of the 3500l work EXECPT for IPv6. I get an address but no further.

    Guess it is time to crack the books and relearn all those old skills I used to have. Things like QOS and access restrictions are things that I can not do without.

    It does seem odd to me that the modem gets better throughput that the router I have.

    Wanna know the good part? This is the ONLY option for U-Verse. There is no other DSL modem for this service. While there are options (Comcast and Knology), their track record is not much better.

    Wow.. what an upgrade from DSL this was.....
  6. Mr.CTT

    Mr.CTT Serious Server Member

    I do not know how your router is calculating this speed, but it could be because it is burst and not sustained throughput? If you set everything up correctly, then your modem is holding you back. I have never seen any place that doesn't give me my choice on equipment as an upgrade.

    AT&T came to my house and tried to tell me they just installed fiber in our town. They said if I moved to them I would see fiber speeds. I laughed at the person and had them explain why and how... They couldn't. I then explained to them that their equipment now used the fiber, and from there it was taken to the house as coax or telecom from the distribution areas... You would need a direct fiber line to my house for the speeds they were trying to tell me i would get. For them to do that it would be nearly impossible with the infrastructure in this town. My moral is never believe what they tell you when they come man :/

    As far as comcast ect goes..
    Use your own equipment and you wont have as many problems with Comcast etc bud. then the only thing you have to worry about is that they got your bill right. They have less control over your speed if you do this also.
    Last edited: Jan 9, 2015
  7. Mercjoe

    Mercjoe Network Guru Member

    All speed test are done at

    All tests are done in blocks of 10 to the same server and then averaged. I never trust a 'built in' speed test. To dang easy to skew the results.
  8. Mercjoe

    Mercjoe Network Guru Member

    Posted but had an error in my analysis and testing..

    I will repost after I re-verify
    Last edited: Jan 16, 2015
  9. Mr.CTT

    Mr.CTT Serious Server Member

    I know that Speedtest is a pretty reputable means of testing speeds, but every time that I test. I have a variance in 5-15 mbit/s down and .5-1.5mbit/s up. Using a torrent that is very large in size and has very good speeds or an online website with dedicated speed faster than your connection that hosts 1gb-2gb sized files may be your best option to test your bandwidth. is only uses, if i remember correctly. like 100 megg at most file and that could easily stay within the burst rate of your ISP, giving you inaccurate results in some cases.

    Were you able to figure out a way such that you could get IP v6 through the AT&T modem while having the Tomato router do all your logging?
  10. Mercjoe

    Mercjoe Network Guru Member

    The modem was configured properly. It seems that with the U-verse providing VOIP, it HAS to maintain some control of the connection. The IP passthrough it the correct way to get the router to handle the data side of the network.

    With the WAN port set to DHCP, the IP address, gateway and DNS information is passed to the router with no issues.

    I was able to get IPv6 to work. It works with DHCPv6 with Prefix Delegation but only when configured exactly right.

    Two things I have found:

    1) Turning on Jumbo frames kills it. It does not matter what size frame. Just enabling it disables IPv6. It just plain disables it on the router. No router IPv6 address or anything.

    2) Turning on QOS disables IPv6 connectivity. It does not kill the IPv6. The router sees and and shows the WAN IPv6 address and the LAN side shows the router IPv6 address and IPv6 local link address.

    Strange thing about the QOS. When enabled the computer sees a IPv6 address, DNS server and gateway, but has no internet connectivity. Looking at the ethernet adapter status shows that I have IPv4 and a IPv6 connection. Going to amd it gives me a 'not supported'. Turn off QOS and I immediately gain IPv6 connectivity.

    I am going to do some more testing when the spouse does not need internet access for hours on end.

    Just for information, I am using Tomato Firmware v1.28.7506 MIPSR2Toastman-RT K26 USB VLAN-VPN-NOCAT on a WNR3500l v1. I reflashed and cleared NVRAM to start from a clean slate. All configuring was done manually.
  11. Mr.CTT

    Mr.CTT Serious Server Member

    Well, Ports between IPv6 and IPv4 are the same... TCP & UDP are the same... the MTU is different, but QoS should not affect that...

    It should be working in tomato..

    Saw this when google-ing something and briefly skimmed the 1st paragraph. Could be useful to you?

    There is a problem with another build's QoS, but may be unrelated?
    P.S. dont use BW Linter and QoS with IPv6, itll cause memory leaks "per Shibby post"
  12. Mercjoe

    Mercjoe Network Guru Member

    Yep, read those.. and many many other articles.

    I can use Native IPv6 as well as DCHPv6 and get it to work until I turn QOS on.

    At least I got it down to a single on/off point of failure.
  13. Mercjoe

    Mercjoe Network Guru Member

    Additional info:

    Logs are full of:
    Jan 20 00:49:50 Tomato user.debug kernel: icmpv6_send: no reply to icmp error
    Jan 20 00:49:53 Tomato user.debug kernel: icmpv6_send: no reply to icmp error
    Jan 20 00:49:53 Tomato user.debug kernel: icmpv6_send: no reply to icmp error
  14. Mr.CTT

    Mr.CTT Serious Server Member

    That looks really familiar.... I know I saw a post with someone getting the similar error, but I cant find it. Maybe it was on the ddwrt forum?. hmmmm. Did you try shooting shibby a message on here? He may have a suggestion. I am kind of out of Ideas. If you could DMZ or port forward it would be a much different story.... Does it have UPNP?
  15. Mercjoe

    Mercjoe Network Guru Member

    I searched and I searched and I found THIS post:

    Not quite the same issue but as this point I am frustrated and just trying things.

    I put this is WAN up:

    ebtables -t broute -A BROUTING -i vlan2 -p ! ipv6 -j DROP
    brctl addif br0 vlan2

    and set RA to WAN in Native IPv6 from ISP (the instructions say to turn RA off)

    I now have IPv4 and IPv6 connectivity and pass the tests with QOS ON.

    I am still getting the icmpv6_send: no reply to icmp error errors in the logs but hey.. it is working now.

    Honestly, I have NO idea what those did but it worked.
  16. Mr.CTT

    Mr.CTT Serious Server Member

    If everything works properly and you have the speed, consistency, and stability. I would leave it as is and shoot shibby a PM telling him exactly what you did to make sure it wouldn't cause any problems with anything. You are not doing something that the average Joe is trying to do so an unconventional setup could be what you need and options other people are told to ignore you may need for it. I set up IP V6 here hoping to be able to help out, but everything just worked for me. Just keep an eye on your logs and hit up to make sure there is not problems with anything being lost or flaky that you cannot see and best of luck to you with AT&T. If you are un-happy with them by the end of your contract look into one of the other guys to see if you can use your own equipment so you know it'll work all the time. 90% of a bad rep the cable company gets is because of their really crappy equipment the lines are up all the time or they would have 0 business because 0 people would be connected. re crimping the ends of all your coax with a good tool and ends anywhere you can could help, if you have a bad connector, and you can force them to replace lines to your house 60% of the time.

    Worst case 100ft run of coax costs like 20-30$

    I should have read your post better... read my following response please
    Last edited: Jan 23, 2015
  17. Monk E. Boy

    Monk E. Boy Network Guru Member

    Whatever you did to get the modem to pass the external IP to the router is DMZ mode.

    It used to be called DMZ mode. I guess AT&T execs did a lot of coke on product review day and insisted DMZ be changed to something else. It still functions the same way though.

    Glad to hear you struggled through getting IPv6 working. Tomato & IPv6 feels, to me at least, like a dev branch... very much a work in progress that requires effort to get working smoothly, but will work if you can keep all the duckies in a row.
  18. Monk E. Boy

    Monk E. Boy Network Guru Member

    Unfortunately I've lived in areas where cable companies are psychotic about maintaining the last 1000ft of cable to the customers.

    One time I was near the start of the run into the subdivision. As a result my signal was burning hot, they had to put a couple sinks in line to bring it down to a level where the cable modem would work. Eventually though the install techs got tired of putting sinks on everyone's lines so they adjusted the power levels at the line feeding into the area... which broke everyone's connection coming into the neighborhood who had sinks installed, as well as customers at the end of the line who couldn't get a reliable signal anymore. So then after a series of service calls fixing everyone at the start of the line, removing sinks as they went, they finally got to the people near the end of the line that couldn't be fixed so easily. So then they boosted the signal up to fix them, which broke everyone near the start... they went on this way for 3 years, with one half the company doesn't listen to the other half and nobody is paying attention to the overall picture. For all I know they're still doing it, I got tired of their spotty internet service and moved out of the area. BTW, having the signal too hot will literally burn out your cable modem, and if you're not renting it... you have to buy a new one. And since it's your equipment, and because they didn't keep track of what they've done nor understand why it was done, the cable company won't reimburse you.

    Don't get me wrong, UVerse is often a pain in the butt and is rarely cheaper than their competitors, but that doesn't mean cable companies are competently managed and staffed. They're usually equally FUBAR'd, just in different ways.
  19. Mr.CTT

    Mr.CTT Serious Server Member

    Wow that is so odd. I have never heard of anything like that happening before. You are right, every area will vary as you go to different places. Here each distribution pole has at most 2-300 feet connected to it (that runs to a house/apt). I was thinking in terms of the big city when I said that, where there is so many houses so close together that they could never run over 200 feet. My provider's guys are pretty ok to work with and they listen to you when you show them you aren't totally ignorant towards technology and the equipment involved.

    But guess it is a little different because I have numerous hours on the phone with Time Warner and know who to get transferred to or talk to... I (sadly) have to work with them quite a lot because when they do an installation for a client or business, so I am used to talking to them. If they come to do anything at my house during an outage, I generally immediately approach them and talk to them. My experience has been when I bs with them a little they are a little more willing to listen to me and I would have told them exactly what you told me. I generally keep an eye on them the entire time and when I see them putting stuff away, I generally bring out sodas and bug them to find out what they fixed so that I know what to tell then next tech that comes should it break again haha. I cant really expect a tech to know all the maint he didn't do at my area or a manager to remember that 4 months ago blabla happened, and was fixed by doing blabla and if he did know I would never trust him to remember to tell his techs haha

    I agree with you that both of them suck though... For me I have to use my own stuff I wouldn't even consider at&t since I cant have a modem that is transparent... I also sat with my girlfriend and we played play-station while we waited, Literally I shit you not, 4 hours on hold to cancel her AT&T service after she moved in. If TWC breaks it, they will buy it, I know I could easily call in and talk to a customer service and say "you guys did this and fried my modem and explain why..." and eventually make them credit my bill or something since a modem is like 40-50$ at most for a stupid one like I would want... I have had them credit my bill 50% before just because their stupid modem died (before I bought my own). I have even made them credit me when there was an outage (generally I only do this when I am super pissed about it tho). However this is my experience, some places or even areas can be or are really crappy about stuff, so I guess it just depends on your luck and persistence :/
    Last edited: Jan 23, 2015
  20. Mr.CTT

    Mr.CTT Serious Server Member

    Does your router still have an IPv6 address on the status page?

    I am not very good with this but I am pretty sure it says on the virtual bridge you just created between vlan2 (which default is the WAN port) and br0, for it to take all the traffic that is not ip v6 and is source VLAN2 destination br0 and drop it. All traffic that is Source br0 Destination VLAN2, disregards the gateway's table when routing...

    In short, believe that this put all of your Traffic from br0 towards VLAN2 in transparent mode on your tomato router? Did you input this on your tomato router? ebtables and ip tables are two totally separate things, I am used to working with IP tables and am unsure if ebtables will change your iptables information.

    Does your QoS still work? I am not sure how to test QoS, but you should be able to disable QoS and enable the Bandwidth monitor to see if it is working on your clients still. Is anyone more experienced with ebtables that they know what specifically is being done? That was all based on my reading and tracing through the ebtables syntax and descriptions online, but i have never used ebtables before.

    The command brctl addif <brname> <ifname> will make the interface <ifname> a port of the bridge <brname>. This means that all frames received on <ifname> will be processed as if destined for the bridge. Also, when sending frames on <brname>, <ifname> will be considered as a potential output interface.

    If i were to guess, Based on the chart I would say that...
    all IPv4 traffic, Source WAN to LAN is being dropped (unless IPtables is smart enough to process it)
    all IPv6 traffic, Source WAN to LAN is being handled Via ebtables.
    all traffic Source LAN to WAN is being Forwarded. That is with me google-ing the last 40-50 minutes about the topic. I am not sure if this put whatever you input this on in transparent mode bridging WAN to the LAN or not, but given the fact that you have IPv6 now, my guess is that it is.

    DMZ has not changed as far as I am aware. All it is is setting a source inside the LAN to forward all of it's packets to the WAN ignoring your firewall and rules, opening up all ports to and from it.

    If you did not change something on your Uverse either by script, code, or via the UI, you could not possibly have enable a DMZ or port forward by changing a feature on your tomato router for the Uverse.

    Attached Files:

    Last edited: Jan 23, 2015
  21. Mercjoe

    Mercjoe Network Guru Member

    Always been there. When I enable IPv6 Native from ISP or DHCPv6 with Prefix Delegation I get in the LAN on the status page:

    Router IPv6 Address
    IPv6 Link-local Address

    The only thing is when you turn QOS on you have no IPv6 connectivity on the LAN side of the router. If you turn QOS off then you have connectivity on the LAN side.

    The router has had IPv6 connectivity with QOS on OR off the whole time.

    All I seemed to have accomplished is to be able have QOS on and have connectivity on the LAN side.

    Yes, it works normally.

    Once I set up the ATT modem per I have not changed anything. I try to not introduce too many variables into troubleshooting.
  22. Mercjoe

    Mercjoe Network Guru Member

    After several hours of reading up on just HOW this iptable thing works, I am going to undo all my changes temporarily and get the output of:

    ip6tables -v -L

    and anything else I can think of with QOS on and then QOS off and see what is different between the two.

    Can you think of anything that I can pull that may help? Anyone have any ideas or suggestions?

    Maybe we can nail this down and get a 'fix' put in so that the NEXT person does not have this issue.

    I just need a list and a few days. I need to let my spouse have some un-interrupted internet time before I get a few hours of play time with the network.

    This was almost as much fun as figuring out WDS, Ethernet clients and wireless links.
  23. Mr.CTT

    Mr.CTT Serious Server Member

    ebtables and iptables are two separate things i am unsure how you set your router back to how it was unless your restored it. I am not saying you shouldn't research and learn, but be a little cautious because you could easily block yourself from having any access to your router or leave it wide open to anyone on the net if you were to do something wrong.

    there is no possible way to do what you want by adjusting your tomato router while it is behind the AT&T modem unless you use transparent mode which will disable the features you want. Think about it this way, if you were able to do what you wanted, that would mean anyone in the world could change the security of anyone's network just by bringing a router with them and connecting it. Want to hack the pentagon? Just break in and bring a router with you :) ... If you could SSH or telnet into the AT&T modem using putty and edit the iptables on that to make it manually port forward, then you would have a winner... but doing so may void your warranty. I am also unsure what AT&T uses on their firmware so for all i know they could use something named giggle-herpies that i have never heard of to manage the traffic.

    The only real thing i could see working is a VPN, because it encapsulates your traffic, but then you would be adding 1 more place to go to or more increasing latency and probably dropping bandwidth.
    Last edited: Jan 29, 2015
  24. Mercjoe

    Mercjoe Network Guru Member

  25. GrokMan

    GrokMan New Member Member

    I wanted to append this thread as it seems things may have changed with ATT since the last post.

    So, I have ATT bonded-pair DSL using an Arris BGW210-700 modem. Behind that, I have E2500 with FreshTomato. I set it to "DHCPv6 with Prefix Delegation" & reboot & all was roses.

    My understanding is that the config in that 2013 link which calls for "Tunnel 6rd" mode requires an extra layer of IPv4 <-> IPv6 mapping, which is probably not the ideal ipv6 configuration. I get that that may have been the only path a few years ago. But seems like things may have progressed some. Of course I am not sure if "DHCPv6 with Prefix Delegation" is supported like this everywhere in ATT's network, but certainly worth a shot for the next to come along wondering like I was or if your are still using the "Tunnel 6rd" mode.
  26. Mercjoe

    Mercjoe Network Guru Member

    Talk about a blast from the past.

    You are correct. As of the 2018.5 release all has been well with ATT. It DOES take a few minutes before IPv6 starts working properly, but you have the exact same config that I have now.

    It does NOT work properly in the 2018.4 or previous builds.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice