What's new

Have global ipv6 address but unable to access internet over ipv6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

klunk

Occasional Visitor
Hello all.
I am running latest merlin on Asus rt-86u-pro.
I have global ipv6 address to my devices but unable to access internet over ipv6, ipv4 is ok and works as normal.
I have changed ISP today to one who uses a ipv6 network as standard and I have also paid for a ip4 address as they use cg-nat. The devices on my network get a global ipv6 address yet none can communicate to the internet using ipv6. Wan is set to connect with automatic ip and the ipv6 to connect using native. I get a /56 prefix from the isp. I have minimum experience with ipv6 and my isp will not give support to anything but their router. Pictures attached of my settings. I hope that someone with ipv6 experience can point to where I am going wrong. Thanks in advance.
 

Attachments

  • vivaldi_K2rbCGbbd5.jpg
    vivaldi_K2rbCGbbd5.jpg
    60.3 KB · Views: 182
  • vivaldi_yZazZGGXz0.jpg
    vivaldi_yZazZGGXz0.jpg
    64.5 KB · Views: 172
  • vivaldi_YlXlRw27Ma.jpg
    vivaldi_YlXlRw27Ma.jpg
    116 KB · Views: 168
Try using a /64 instead of a /56.
 
Until you have everything up and running I'd take the PiHole out of the equation. Also how are you testing that you are not connecting using IPv6? The Chrome/Edge extension IPFoo can be a useful tool - it can be enlightening to see how much you are still pulling over IPv4 even when IPv6 is working!
 
Until you have everything up and running I'd take the PiHole out of the equation. Also how are you testing that you are not connecting using IPv6? The Chrome/Edge extension IPFoo can be a useful tool - it can be enlightening to see how much you are still pulling over IPv4 even when IPv6 is working!
If I try to ping google.com using ping -6 google.com, I get host unreachable.
 

Attachments

  • explorer_4loRDnDMh5.jpg
    explorer_4loRDnDMh5.jpg
    81.8 KB · Views: 177
Look at your IPv6 routes on both the router (System Log / Routes) and on a client (route print -6).
 
If I try to ping google.com using ping -6 google.com, I get host unreachable.
You have assigned a private ip block (10.200.100.250) with your WAN DNS. Change that to your ISP's DNS server or any in the list.
 
Does this make any sense to you?
The default route is to your router, so that’s good. Can you ping over IPv6 from the router itself?

If you have Entware installed, install tcpdump to watch the IPv6 router advertisements on WAN and LAN interfaces. dnsmasq will only advertise a /64 to the LAN, even if you’re delegated a /56.
Code:
opkg update
opkg install tcpdump
tcpdump -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)' -i eth0
tcpdump -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)' -i br0
 
how about a ping -6 to ipv6.google.com?
Still get host unreachable error. I am thinking this is a routing error within the asus router as if I use the isp router it passed the tests on test-ipv6.com and I can ping ipv6 addresses. But alas the isp router sucks as it is locked down and many options are missing.
 
As @dave14305 has suggested above, could you try pinging over IPv6 from the router itself, rather than the PC. While we can see that the PC has been allocated an IPv6 address and route print -6 appears normal, it is not clear whether the problem lies between the router and the internet (via your ISP) or between the router and the devices on your LAN, though the former seems more likely.

It might also be worth seeing if cloning the ISP's router's MAC address makes any difference
 
As @dave14305 has suggested above, could you try pinging over IPv6 from the router itself, rather than the PC. While we can see that the PC has been allocated an IPv6 address and route print -6 appears normal, it is not clear whether the problem lies between the router and the internet (via your ISP) or between the router and the devices on your LAN, though the former seems more likely.

It might also be worth seeing if cloning the ISP's router's MAC address makes any difference
Hi, mac address is already cloned to the isp router mac address. Ping fails on the router. So I assume this is a routing fault?
 

Attachments

  • putty_EfScFfziHY.jpg
    putty_EfScFfziHY.jpg
    61.5 KB · Views: 112
  • putty_0czBM31BYN.jpg
    putty_0czBM31BYN.jpg
    111.3 KB · Views: 140
Hi, mac address is already cloned to the isp router mac address. Ping fails on the router. So I assume this is a routing fault?
It definitely looks that way. If you try running traceroute to ipv6.google.com under IPv6 from network tools - how far does it get?

on my RT-AX8U the first stop is the bound address allocated by the ISP, which may be different from the router's LAN address (it depends on the ISP). So when i restart my route I can see in the Syslog
Code:
Router dhcp6_client: bound address 2a02:6b60:0:be::a1/128, prefix 2a02:6b67:e9c0:a300::/56
where the bound address will correspond to the ipv6 address shown running ifconfig eth0. As I understand it, this should be the first hop from the router to your ISP.

Also as mentioned by @bluepoint , the WAN DNS is showing a private ip block (10.200.100.250). Is this a result of accepting "Get the DNS IP from your ISP automatically", or is this a setting you have added, and if so what is the reason?
 
It definitely looks that way. If you try running traceroute to ipv6.google.com under IPv6 from network tools - how far does it get?

on my RT-AX8U the first stop is the bound address allocated by the ISP, which may be different from the router's LAN address (it depends on the ISP). So when i restart my route I can see in the Syslog
Code:
Router dhcp6_client: bound address 2a02:6b60:0:be::a1/128, prefix 2a02:6b67:e9c0:a300::/56
where the bound address will correspond to the ipv6 address shown running ifconfig eth0. As I understand it, this should be the first hop from the router to your ISP.

Also as mentioned by @bluepoint , the WAN DNS is showing a private ip block (10.200.100.250). Is this a result of accepting "Get the DNS IP from your ISP automatically", or is this a setting you have added, and if so what is the reason?
Hi,
traceroute fails with network is unreachable error.

Router Logs shows
Apr 9 16:41:45 dhcp6_client: WAN Prefix Size Requested:/56, Received:/56
Apr 9 16:41:45 dhcp6_client: bound address 2a12:f43:1300::38f0/128, prefix 2a12:f43:1210:9600::/56

ifconfig eth0 shows

eth0 Link encap:Ethernet HWaddr C8:7F:54:45:43:68
inet6 addr: fe80::ca7f:54ff:fe45:4368/64 Scope:Link
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

The 10.100.200.250 address is my pihole which returns both ipv4 & ipv6 addresses correctly when queried, given time it's link local address also appears (fe80: etc)
 
Surely no gateway means no internet? Maybe we should look at why there's no assigned gateway for IPv6?
(first screenshot, first post)
 
Yes, there’s no default route on the router. Seeing tcpdumps on the WAN interface would help explain if the router lifetime from the ISP is valid (non-zero).
tcpdump -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)' -i br0 returns the following


andy@RT-AX86U_Pro-4368:/tmp/home/root# tcpdump -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)' -i br0
tcpdump: listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:11:36.343741 IP6 (class 0xc0, flowlabel 0xd1d5a, hlim 255, next-header ICMPv6 (58) payload length: 88) fe80::ca7f:54ff:fe45:4368 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 88
hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a12:f43:1210:9600::/64, Flags [onlink, auto], valid time 600s, pref. time 600s
mtu option (5), length 8 (1): 1500
source link-address option (1), length 8 (1): c8:7f:54:45:43:68
rdnss option (25), length 24 (3): lifetime 600s, addr: fe80::ba27:ebff:fe48:77e7
18:11:43.345347 IP6 (class 0xc0, flowlabel 0xd1d5a, hlim 255, next-header ICMPv6 (58) payload length: 88) fe80::ca7f:54ff:fe45:4368 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 88
hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a12:f43:1210:9600::/64, Flags [onlink, auto], valid time 600s, pref. time 600s
mtu option (5), length 8 (1): 1500
source link-address option (1), length 8 (1): c8:7f:54:45:43:68
rdnss option (25), length 24 (3): lifetime 600s, addr: fe80::ba27:ebff:fe48:77e7
18:11:51.828688 IP6 (flowlabel 0x500ca, hlim 1, next-header UDP (17) payload length: 66) fe80::a295:88d4:da5a:3377.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=d87f6 (elapsed-time 0) (client-ID hwaddr/time type 1 time 761798802 d843ae2b151e) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list lifetime))
18:11:51.829227 IP6 (class 0xc0, flowlabel 0x828f6, hlim 64, next-header UDP (17) payload length: 72) fe80::ca7f:54ff:fe45:4368.547 > fe80::a295:88d4:da5a:3377.546: [bad udp cksum 0x97c4 -> 0xfad7!] dhcp6 reply (xid=d87f6 (client-ID hwaddr/time type 1 time 761798802 d843ae2b151e) (server-ID hwaddr type 1 ae93df2744f2) (DNS-server fe80::ba27:ebff:fe48:77e7) (lifetime 600))
18:11:51.830566 IP6 (class 0xc0, flowlabel 0xd1d5a, hlim 255, next-header ICMPv6 (58) payload length: 88) fe80::ca7f:54ff:fe45:4368 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 88
hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a12:f43:1210:9600::/64, Flags [onlink, auto], valid time 600s, pref. time 600s
mtu option (5), length 8 (1): 1500
source link-address option (1), length 8 (1): c8:7f:54:45:43:68
rdnss option (25), length 24 (3): lifetime 600s, addr: fe80::ba27:ebff:fe48:77e7
18:11:52.430915 IP6 (flowlabel 0x59f9f, hlim 1, next-header UDP (17) payload length: 66) fe80::f311:640a:78e:772e.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=db3fe7 (elapsed-time 0) (client-ID hwaddr/time type 1 time 710629654 d8bbc19ab65e) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list lifetime))
18:11:52.431303 IP6 (class 0xc0, flowlabel 0x9f6d0, hlim 64, next-header UDP (17) payload length: 72) fe80::ca7f:54ff:fe45:4368.547 > fe80::f311:640a:78e:772e.546: [bad udp cksum 0x3461 -> 0xbadd!] dhcp6 reply (xid=db3fe7 (client-ID hwaddr/time type 1 time 710629654 d8bbc19ab65e) (server-ID hwaddr type 1 ae93df2744f2) (DNS-server fe80::ba27:ebff:fe48:77e7) (lifetime 600))
18:12:01.432880 IP6 (class 0xc0, flowlabel 0xd1d5a, hlim 255, next-header ICMPv6 (58) payload length: 88) fe80::ca7f:54ff:fe45:4368 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 88
hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a12:f43:1210:9600::/64, Flags [onlink, auto], valid time 600s, pref. time 600s
mtu option (5), length 8 (1): 1500
source link-address option (1), length 8 (1): c8:7f:54:45:43:68
rdnss option (25), length 24 (3): lifetime 600s, addr: fe80::ba27:ebff:fe48:77e7
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel

tcpdump -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)' -i eth0

tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel


Returns nothing
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top