Posted: Thu Aug 02, 2018 10:02 Post subject: No internet access over IPv6 on Netgear R7800
Hello,
I'm a newbie on DD-WRT. I have Netgear R7800 router with last DD-WRT firmware. This firmware is perfect for me. But I've faced with issues during setting IPv6 up.
There are next parameters from my ISP:
IPv6 Type: DHCPv6 with Prefix Delegation.
SLAAC: enabled
DHCP PD Mode: stateless
Prefix lenght: 64.
RA Interval:200-600
RA Delay: 3
RA Lifetime:1800
DNSMasq - enabled
Encrypt DNS - disabled
Cache DNSSEC data - disabled
Validate DNS Replies (DNSSEC) - disabled
Check unsigned DNS replies - disabled
Local DNS - enabled
No DNS Rebind - enabled
Query DNS in Strict Order - enabled
Add Requestor MAC to DNS Query - enabled
And I have DHCP IPv6 address, gateway and DNS server set up on clients (Windows, MacOS, Android):
As for me, everything looks not bad and probably should work. But it's not true. When I'm trying to reach some IPv6 resource I'm always getting fail:
Code:
C:\Users\Probity>ping google.com -6
Pinging google.com [2a00:1450:4011:80e::1003] with 32 bytes of data:
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Ping statistics for 2a00:1450:4011:80e::1003:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
An I can see the next state of my adapter settings:
I've checked on other devices (my laptop with Win10, wife's MacBook Pro with MacOs HighSierra, my Android phone with Android 8 ) and got the same issue.
Also, I've tried to connect the internet cable directly to my computer and set a new WAN connection up. And Ipv6 works perfectly.
Well, it seems something wrong with my settings on DD-WRT. I've tried to do a lot of experiments, but I'm only getting similar results.
Dear DD-WRT gurus, could you help me, please? What I did wrong?
In short, you must setup dhcpv6 properly. Publishing the ipv6 addresses is important. Depending on the dhcpv6 scheme you are using you must have all the dhcpv6 initiatives in place. SLAAC, etc. I'm looking for answers too. Publishing to the external network is the trick.
You have to find out what your service provider uses, or recommends. IA-PD, etc. is among the other topics. You must setup dhcpv6 server options as well. As far as I know, you must setup the main dhcpv6 connection settings properly, with ra ,etc, . So,
Setup dhcpv6 server settings,(to your clients).
Setup, SLAAC, IA-PD, or whatever protocol
the ISP uses. (Part I need to learn)
Some like Comcast use all or most ways.
Allow a client on your network to use dhcpv6 as a client. For starters.
I am using my dd-wrt boxes as AP's. So my base gateway(non dd-wrt) does the dhcp stuff. I want to match what I'm doing on my dd-wrt boxes. I have only setup dhcpv6 server to my client settings. This means the DNS servers(ISP), with base prefixes, provided by the ISP. 2001, 2601, etc. Also the group of servers that communicate the dhcpv6 signals. It seems to communicate better with this set but you must be careful with dhcp because my gateway knows how to send dhcp even to static hosts. Dd-wrt doesn't do this, and the client I think handles this. This is why client and server are separate modules. Dd-wrt stuff like --dhcp-host aren't static.
I have found that you can still enable Radvd even if you have scripts. YOU NEED Radvd to run in the gui settings. They say to turn it off but I think it's because it is temporary.
I have also found that turning on the firewall with no settings at all is acceptable. It's required to make the network run good. Your upper and lower net boundaries are controlled this way. Doesn't mean not to use settings, just means that it MUST be enabled.
I'm pretty sure you must add ipv6 addressing to get the route/gateway to advertise properly. This is what you are wondering about. I am using my dd-wrt as passthroughs. This means that vlan, eth0, etc,,, can reside anywhere and still send a signal that gets pruned. To set it up right you must setup the vlan address fe80::/x . The eth0 as 2001::/x .The eth0 also as 2601::/x . The last two are per Comcast, so you may have differently. Your fe80 is already calculated for you. ping it. You can convert the main br0 Mac to this fe80 - 2001 - 2601. It's using the fe80 already. Because there is a bridge it confuses me and I haven't tried to do this yet. My gateway got no bridge. The point is to make it pass all traffic including dhcp traffic.
Tracing route to www.google.com [2a00:1450:4011:80e::1013]
over a maximum of 30 hops:
1 Destination net unreachable.
Trace complete.
eugene1973
I'm not sure how it's possible to answer you without quoting (you've asked me don't quote you), but I'll try.
1. All the IPv6 parameters I've got from my ISP are in my first post. There are no additional parameters. They said that these parameters must be enough. And they not aware of DD-WRT at all.
2. telnet lldp - I can enable it. Which commands should I perform for getting the data you are interested in?
3. Radvd - I've enabled it, but I've got no significant positive result. Should I enable "Radvd custom" and something to the configuration for that?
Moreover, when I enable Radvd I stop getting IPv6 from ISP.
4. Firewall - it's on. Moreover, added next parameters here:
5. About IPv6 addressing - that's interesting. How is possible to set it up? I would appreciate you for step-by-step instruction, as I said I'm not an expert with DD-WRT. Or, at least, could you inform me about links where I can read more about that.