So is this something that needs to be applied on the backend, or something we the users need to do? As it stands, right now I am still using the firewall patch that was suggested in the last thread, and I'm not really sure what to do from here.
If you need to use builds older than 05/11/2023 - r52485 for some reason (could be settings that work better an older build currently, depending on your setup), you can apply this patch to your firewall
However, assuming the new builds are working, in theory, you don't have to do anything extra to get IPv6 working. If you need different prefix lengths than /64 or want DNSmasq to handle all your DNS, then you can of course add those settings, but the basic settings should work. I only say should because I haven't flashed the newest build yet and cannot speak from first hand experience.
Also, if you are "using older builds for some reason", you should explain in the applicable build thread why and provide information for developer(s) to fix the problem instead of continuing the circular cesspool mentality that seems to plague this community. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Also, if you are "using older builds for some reason", you should explain in the applicable build thread why and provide information for developer(s) to fix the problem instead of continuing the circular cesspool mentality that seems to plague this community.
Like the six months we had to use older builds or provide work arounds for this specific feature? Sometimes it takes a while to figure things out. Which is also okay. There's no shame in rolling back when there's documented problems awaiting a fix (or suitable work around). I thought this thread was an example of the process working?
The new build with the fix literally came out today, maybe users aren't ready to flash and rebuild their whole network, so for the time being, there's the fix that's likely better than the one I previously suggested. For those who can flash the new build, please do so. I have the setting listed for anyone who needs it in the meantime. I feel bad vouching for today's build because I personally cannot flash and rebuild everything at this exact moment; hence the caveat about things should work. I simply do not know from firsthand testing.
The firewall code change doesn't require a hard reset and reconfigure, not sure what you're on about. I wasn't even commenting on "the process" or this thread, sorry for opening up the aperture to the entire forum's content. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 01 Dec 2021 Posts: 289 Location: Maryland, United States
Posted: Thu May 11, 2023 20:27 Post subject:
silvarios wrote:
The new build with the fix literally came out today, maybe users aren't ready to flash and rebuild their whole network, so for the time being, there's the fix that's likely better than the one I previously suggested. For those who can flash the new build, please do so. I have the setting listed for anyone who needs it in the meantime. I feel bad vouching for today's build because I personally cannot flash and rebuild everything at this exact moment; hence the caveat about things should work. I simply do not know from firsthand testing.
The IPv6 fix was put into the code today. It should be available in the next build.
Joined: 01 Dec 2021 Posts: 289 Location: Maryland, United States
Posted: Fri May 12, 2023 1:54 Post subject:
With my R7000P router, using the modification for a 60 prefix reduces my internet wired speed from 940Mbps to about 350Mpbs. Using the patch for a 64 only prefix, the speed only gets reduced to 850Mbps. So for Comcast, I will stay with the 64 prefix patch. If a better 60 prefix patch is developed, I would be happy to test it.
I have Comcast and I disliked the Technicolor II modem and went back to the SMC. The SMC didn’t support IPv6 all that well and Comcast decided to make the SMC v4-only at some point.
In any event, I had HE.net’s v6 tunnel broker running forever over v4 (6in4 static) and it was stable, fast and gave me a /48. Given the problems with the TCII modem (firewall interferes with traffic that I couldn’t fully shut off, public WiFi kept getting re-enabled, etc), I will keep HE.net, and the tunnel is completely portable if I change ISPs, so no DNS renumbering (which is a bit more PITA on v6). Yes, it’s not native v6, but I haven’t found a real downside to not using the native stack: possibly speed as I’m only on a 150 Mb tier.
Just thought I’d remind people that Comcast still can’t run a reliable and standards-based service without screwing it up somehow or overcharging by 4x. Oh, yeah, HE.net’s broker is free.
I'm seeing a definite decrease in speed when I have IPv6 enabled opposed to just using IPv4. I use a 64 prefix when I have IPv6 enabled with Comcast. My advertised rate is 750 (this speed test site seemed a bit slower than others, but it broke it out to both types of connections for an easy comparison). I'm on the 6/29/2023 firmware for my AC68u.
With my R7000P router, using the modification for a 60 prefix reduces my internet wired speed from 940Mbps to about 350Mpbs. Using the patch for a 64 only prefix, the speed only gets reduced to 850Mbps. So for Comcast, I will stay with the 64 prefix patch. If a better 60 prefix patch is developed, I would be happy to test it.
Is there something special I need to do to get full speed using a 64 prefix? My router is an AC68u, see post above.
Just a “WAG,” but some firewall packet-inspection features can negatively impact CTF, due to the need to perform the inspection on the CPU (via iptables module), instead of the CTF module. This is a general problem if one creates intricate iptables rules on BCM, not just with DD-WRT.
I’d suggest keeping the extra PI features turned off if speed is your goal; just protocol, source and dest. if you want to ensure CTF stays enabled.
Joined: 01 Dec 2021 Posts: 289 Location: Maryland, United States
Posted: Sun Jul 09, 2023 1:29 Post subject:
I just retested the speed using the Ookla Speedtest app on Windows 11. On an IPv4 site, I get 945Mbps download. Initially on a IPv6 site (Comcast) I now get 730Mbps download, but after I go to a IPv4 site and do a test the Comcast IPv6 site and other IPv6 sites have a maximum download of less than 350Mbps. Clearly something has changed for the worse, using IPv6 with DD-WRT.