What's new

IPv6 question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
I can get ipv6 assigned prefixes which according to you icmp6 is required. There are icmp6 test sites that are not reliable then, it shows mine is not responding to icmp6 requests. :rolleyes:
Here is a list of all the different types of icmpv6.


Most firewalls will have types 0 through 4 enabled by default which will return an unusable response to any non-neighbor non local solicitation. That could be the reason why your scan returned stealth.
 
Only local neighbors of your ipv6 would be able to see the icmp6 echo request, that site is not able to achieve that since only your isp or modem can do such. :rolleyes:
So why do sites like this even include icmp6 test if only local neighbors will see the requests?
IPv6 test - IPv6/4 connectivity and speed test (ipv6-test.com)
icmp6.jpg
 
While icmp6 echo request will not work for external request of non-neighbors, it must be enabled for all neighbor request which includes connections with the modem on dhcp lease request. Please review my other post.
Let me rephrase my question. The site I posted do test for icmp6 request, why then would they do that if it will not work? They do not know what they're doing?
 
Because the firewall is doing what it is designed to do for securing your ipv6 connection. If this is confusing you, maybe you should turn it off per @Tech9 mentioning.
I don't want to turn it off because I want to learn ipv6. I have it turned on for a month and looks to me it's safe and little by little learning from it, there's nothing wrong with it I think.;)
 
That looks like an AsusWRT bug - no reason why a device would have/request that many IPv6 addresses...
Ironically this is an actual desired behavior that might be conducive design of the device itself. The way it was explained to me is that a device by design can request as many address rotations as it wants. The bug you refer to might be an actual interpretation issue with the router itself. Those might have been actual address rotations that are still being listed in the gui. They may be reusable by the device or the router may have a specific time frame it decides to purge the listed addresses. The developers of pihole noticed this unique behavior existed as well when trying to distinguish all stateless ipv6 addresses per client in a given network. I am not quite sure you can label this a bug versus an intentional design of a particular client.
 
That looks like an AsusWRT bug

I have enabled it only to show @Treadler the results of the same test he used.

- 1 client has 1x IPv4 address and 19x IPv6 addresses (bug?)*
- The GUI says IPv6 is Disabled, but I score 10/10 on IPv6 tests (bug?)*
- In syslog I see 12x messages for crashed and restarted TM dcd (bug?)**

How many bugs is the acceptable threshold to leave IPv6 enabled on Asuswrt based router or we are going to play the game "don't worry about it, it's just cosmetic" again? From a user prospective - is IPv6 working properly? Is AiProtection working properly?

I've tested both available routers, both running fresh Asuswrt-Merlin 386.7_2 firmware, no scripts.
* - AX86U
** - AC86U

The experience with IPv6 on Asuswrt reminds me of "Trust me, I'm an engineer" videos on YouTube.

1668298491307.png
 
I have enabled it only to show @Treadler the results of the same test he used.

- 1 client has 1x IPv4 address and 19x IPv6 addresses (bug?)*
- The GUI says IPv6 is Disabled, but I score 10/10 on IPv6 tests (bug?)*
- In syslog I see 12x messages for crashed and restarted TM dcd (bug?)**

How many bugs is the acceptable threshold to leave IPv6 enabled on Asuswrt based router or we are going to play the game "don't worry about it, it's just cosmetic" again? From a user prospective - is IPv6 working properly? Is AiProtection working properly?

I've tested both available routers, both running fresh Asuswrt-Merlin 386.7_2 firmware, no scripts.
* - AX86U
** - AC86U

The experience with IPv6 on Asuswrt reminds me of "Trust me, I'm an engineer" videos on YouTube.

View attachment 45423
And in most cases patch work like the ones done in the image you share may hold up for years before another issue presents itself. Here in lies the "Grey" area.
 
I don't want to turn it off because I want to learn ipv6. I have it turned on for a month and looks to me it's safe and little by little learning from it, there's nothing wrong with it I think.;)
It should be safe enough for you. I would be concerned if those sites were not returning stealth for you. To me, that is one more thing you would have to worry about.
 
It should be safe enough for you. I would be concerned if those sites were not returning stealth for you. To me, that is one more thing you would have to worry about.
Unless you're concerned that IPv6 is probably leaking data like crazy, and you have no way of knowing or measuring exactly what the damage really is... :(
 
and you have no way of knowing

Indeed. AC86U in your signature fills the syslog with kernel errors immediately after IPv6 is enabled and security related closed source component starts crashing repeatedly. Would you ignore it and just continue? Further 386 firmware development is unlikely, as you know.
 
Unless you're concerned that IPv6 is probably leaking data like crazy, and you have no way of knowing or measuring exactly what the damage really is... :(
With that thought, the same could be said about any type of connection. The leak may be on the other side of the vpn in an disgruntle employee that aims to damage the organization they work for by exploiting your privacy and trust to the vpn provider. That doesn't stop you from using the vpn, nor does your inability to measure such possibility create enough fear to make you stop using the vpn provider.
 
Ironically this is an actual desired behavior that might be conducive design of the device itself. The way it was explained to me is that a device by design can request as many address rotations as it wants. The bug you refer to might be an actual interpretation issue with the router itself. Those might have been actual address rotations that are still being listed in the gui. They may be reusable by the device or the router may have a specific time frame it decides to purge the listed addresses. The developers of pihole noticed this unique behavior existed as well when trying to distinguish all stateless ipv6 addresses per client in a given network. I am not quite sure you can label this a bug versus an intentional design of a particular client.

No - it's just broken... seriously, it is.

There's a lot of technical debt in AsusWRT - whether it's IPv6 or ARMv8 - and these are things that are out of scope for Eric to fix, as those changes need to come from Asus directly...
 
How many bugs is the acceptable threshold to leave IPv6 enabled on Asuswrt based router or we are going to play the game "don't worry about it, it's just cosmetic" again? From a user prospective - is IPv6 working properly? Is AiProtection working properly?

If people don't test/use - how can those bugs be ID'ed and fixed?

As noted above - there's a lot of debt inside AsusWRT - the BSP isn't the issue, it's the vendor code and third party libraries...
 
If people don't test/use - how can those bugs be ID'ed and fixed?

What bugs are you talking about? IPv6 is a standard from 2017. The latest Asuswrt for AC86U is from 2022. No one is testing anything or the "engineers" still can't figure it out? Need some more duct tape?

When IPv6 arrives in plumbing:

1668300636435.png
 
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top