dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2549
share rss forum feed


SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA

1 edit

[IPv6] Lost on configuring IPv6

I consider myself to be fairly familiar with the workings of the IPv4 world, and with comcast's new rollout of IPv6 I'm trying to get things working on my home LAN. With all the different IPv6 technologies available I really don't know how the architecture of what is available now through comcast is supposed to work. Native IPv6, 6to4, IPv6 Tunnels? Is comcast only handing out 1 IPv6 address to each user and then they somehow share that amongst the lan (I thought the point of IPv6 was that all devices can have publicly routeable IP's...)

I am using Astaro Security Gateway on my router (an x86 pc and 2 nics) and an SB6121. I went into interfaces, enabled ipv6, enabled 6 to 4 for the WAN (that's the only interface it will let me enable it on). The 6to4 relay addreess is set to the default anycast of 192.88.99.1.

With that setup, at the router's network tools page I can use the ping tool to ping ipv6.google.com no problem. If I use the traceroute tool it works great and routes all the way from my router to google with all IPv6 addresses. This would indicate to me that my link from my router to comcast via IPv6 is good.

Now the problem is, how do I make IPv6 work on my Windows 7 desktop connected to my network? What do I need configured on my windows 7 box for this to work? Do I need an IPv6 address on my machine? Do I need to enable a DHCPv6 server on my router( I have the option in dhcp). Is my ipv6 traffic supposed to tunnel through my IPv6 192.x.x.x address? I the adapter status shows I have a link local IPv6 address, but I think that's relevant to what I'm trying to accomplish here. Everything I can find on comcast's site only describes how to setup the router, not the hosts. Can someone please shed some light on how I'm supposed to have this setup to be able to access the ipv6 internet?

Pings from Win 7 desktop

C:\> ping -6 ipv6.google.com
Ping request could not find host ipv6.google.com. Please check the name and try again.
 
C:\> ping -6 2001:4860:800a::93
 
Pinging 2001:4860:800a::93 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
 
Ping statistics for 2001:4860:800a::93:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
 

Ping from Router
PING ipv6.google.com(atl14s08-in-x13.1e100.net) 56 data bytes
 
64 bytes from atl14s08-in-x13.1e100.net: icmp_seq=1 ttl=58 time=37.8 ms
 
64 bytes from atl14s08-in-x13.1e100.net: icmp_seq=2 ttl=58 time=37.6 ms
 
64 bytes from atl14s08-in-x13.1e100.net: icmp_seq=3 ttl=58 time=41.6 ms
 
64 bytes from atl14s08-in-x13.1e100.net: icmp_seq=4 ttl=58 time=38.3 ms
 
64 bytes from atl14s08-in-x13.1e100.net: icmp_seq=5 ttl=58 time=36.8 ms
 
--- ipv6.google.com ping statistics ---
 
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
 
rtt min/avg/max/mdev = 36.878/38.478/41.688/1.670 ms
 


SHoTTa35

@optonline.net

Re: Lost on configuring IPv6

Not really knowing your router software but you've se it wrong as you shouldn't be using 6to4 in the first place. Comcast will give each person TONS more addresses than they'll ever need, a few Quintillions! - yes that's correct as they give a /64 for now. So every hair on your pets body can have it's own IP address and you'll still have trillions to spare The WAN interface needs to be DHCPv6-PD (PD being Prefix Delegation). If you don't have that you need to get that setup. Plus the WIndows 7 machine directly to the router to see if IPv6 is even enabled on your line first.


voiptalk

join:2010-04-10
Gainesville, VA
reply to SimbaTLK1

Astaro Security Gateway does not currently support DHCPv6-PD necessary to pull a prefix for Native Dual-Stack IPv6.

Since the 6to4 tunnel is coming up, have you enabled the Prefix Advertisment on your internal interface (the next tab in the GUI)? Once you do that, the Windows 7 machine should auto-configure IPv6 and you will be good to go.



SolarPup
Hardware God
Premium
join:2002-03-07
Greeley, CO

I believe in version 9, it will support PD.. finding that might be part of my issue too.
--
...I don't have a 50mb speedy connection, I fly through the net at low altitudes!



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9
reply to SHoTTa35

said by SHoTTa35 :

Plus the WIndows 7 machine directly to the router to see if IPv6 is even enabled on your line first.

Do you mean *plug* it directly to the modem ?


SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA

1 recommendation

reply to voiptalk

Click for full size
Click for full size
said by voiptalk:

Astaro Security Gateway does not currently support DHCPv6-PD necessary to pull a prefix for Native Dual-Stack IPv6.

Since the 6to4 tunnel is coming up, have you enabled the Prefix Advertisment on your internal interface (the next tab in the GUI)? Once you do that, the Windows 7 machine should auto-configure IPv6 and you will be good to go.

Can you briefly explain the difference between native dual stack and 6to4?

Also, I guess I really can't do much until v9, but what is prefix advertisements? Will that basically pass DHCPv6 requests through the router to pull another IPv6 IP address for the machines on my network?

With IPv6, how will one control what IP addresses are used on their lan if they are all assigned by comcast? Will we have to rely more heavily on DNS now?

I'm not sure what settings are supposed to be in a new prefix, but when I click save it mentions that the internal interface has no IPv6 address configured. If I go to interfaces I can see where I would enter an IPv6 Address, but where is that supposed to come from? Is there an equivalent of a 192.x.x.x network in IPv6 that I just pick an address from or is that supposed to come from comcast and be set to me internal interface automatically?

voiptalk

join:2010-04-10
Gainesville, VA

1 recommendation

reply to SimbaTLK1

Re: [IPv6] Lost on configuring IPv6

said by SimbaTLK1:

Can you briefly explain the difference between native dual stack and 6to4?

With 6to4 and 6in4 (Tunnel Broker), the IPv6 packet is encapsulated (tunneled) in an IPv4 packet and transported to the other end of the tunnel. Then the IPv4 wrapper is removed and the IPv6 packet is handed off to the IPv6 network.

With Native Dual-Stack, IPv4 packets and IPv6 packets run independently end-to-end.

--

Unfortunately, I don't currently have a live ASG box to get the right config for you.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

1 recommendation

reply to SimbaTLK1

Re: Lost on configuring IPv6

said by SimbaTLK1:

Can you briefly explain the difference between native dual stack and 6to4?

If you have the option of going with a static 6in4 tunnel over 6to4 (which it appears you do, via the screenshot), please do so.

Even though Comcast runs a 6to4 relay, it only guarantees your outbound traffic will use Comcast's 6to4 relay. Inbound traffic will use the closest 6to4 relay to the sender of the traffic.

This leads to a lot of breakage and slow speeds.

A static tunnel from either tunnelbroker.net or sixxs.net is a much better solution until you have native v6/DHCPv6-PD.

voiptalk

join:2010-04-10
Gainesville, VA

1 edit

said by whfsdude:

A static tunnel from either tunnelbroker.net or sixxs.net is a much better solution until you have native v6/DHCPv6-PD.

Agree with that! I used Hurricane Electric (tunnelbroker.net) for over a year and it performed than Comcast's 6to4 tunnel.


SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA
reply to SimbaTLK1

Re: [IPv6] Lost on configuring IPv6

So I upgraded to Sophos UTM (formerly astaro) v9 and I'm still not having any luck getting ipv6 working.

For testing purposes I connected my computer directly to my modem, pulled an ipv4 and ipv6 address and got 10/10 on the comcast test website, able to connect to ipv6 sites, etc.

As before, if I enable 6 to 4 in utm, the ipv6 configuration screen shows "2002:43a3:d049::1/48". Similarly if I connect my computer to the modem I get the ip 2002:43a3:d176:43a3:d176 on my machine.

If i disable 6to4 in but leave the overall global ipv6 turned on, I now seem to have no ipv6 addr on the wan side. From the router's shell, i can no longer ping or resolve ipv6 dns names. With no ipv6 on the wan side, there isn't much point to anything else, but when someone can steer me in the right direction on that, I still don't know how to get an IP in that subnet (or am i supposed to use a local subnet) on my LAN interface, and then somehow use prefix advertisements to pass that along to my hosts.

Does anyone have a dual stack, native ipv6 configuration working on their sophos utm v9 box? I tried some searching around the sophos forums, but the threads all seem to end in "i guess my modem is too old, I'll have to upgrade." So, that doesn't do me much good.

Thanks in advance,
Matt



SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA

Click for full size
direct attached to modem
Click for full size
connected through router
some screenshots


SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA

No one?


netcool
Premium,VIP
join:2008-11-05
Englewood, CO
kudos:61

said by SimbaTLK1:

No one?

Bethel Park is served by a Cisco CMTS which means you won't be seeing an IPV6 address at this time from Comcast.


SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA

I'll update that right now. I've actually moved to the robinson twp area.



SimbaTLK1
Rawrrr

join:2001-09-07
Pittsburgh, PA
reply to SimbaTLK1

So it looks like I got this working by looking at the directions here: »www.astaro.org/closed-forums-rea···st139118.

I turned on ipv6 (global), turned on 6to4 in my router, then took the address that appeared in the ipv6 global tab that ended in 1/48 and pasted that into the internal interface ipv6 address box, changing the last digit to 2 (it said ::1 was in use) and the netmask to 64. Then under prefix advertisements, I added one with the interface as internal and the dns server 1 defaulted to the ipv6 address of the internal interface on my router. After bouncing the interface on my machine on my LAN it pulled an IPv6 address in that range and passed all the comcast tests.

I'm not 100% sure of what I did, but it seems to be working. Can anyone explain to me how DNS records are getting resolved? The machines on my lan are using the internal interface IP of the router as its DNS server. There are no ipv6 dns servers defined anywhere, can someone tell me how this is working?


voiptalk

join:2010-04-10
Gainesville, VA

1 edit

said by SimbaTLK1:

Can anyone explain to me how DNS records are getting resolved? The machines on my lan are using the internal interface IP of the router as its DNS server. There are no ipv6 dns servers defined anywhere, can someone tell me how this is working?

You don't need an IPv6 DNS server defined. If the IPv4 DNS server returns a AAAA record (an IPv6 address) then that can be used by the browser or whatever application.

On another note. DHCP-PD capability to go Dual-Stack is still a feature request, at least as seen here: »feature.astaro.com/forums/17359-···ype-ipv6

For now, the 6-to-4 tunnel will get you going.