SomeWhereOverTheRainBow
Part of the Furniture
The guys over at broadcomm are on their lunch break. It will have to be whenever they come back...No rush. Take your time whoever is still working on it.
IPv6 question
- Thread starter nospamever
- Start date
- Status
Treadler
Very Senior Member
My ISP implemented IPv6 May 2019.
It is officially still in Beta with them. In this case Beta = no support.
Tech9
Part of the Furniture
In this case Beta = no support.
We offer moral support here. Be a man! Jump in and (let us) see what happens (to you).
bluepoint
Very Senior Member
I've seen that many ip addresses with an ipad here, it happens when the client is set in private wifi address and the connection is unstable(in/out) usually the battery is running low. However, it clears the addresses after 12 hrs., they have very short leases so it seems it's not a bug.By the way:
View attachment 45433
32x IPv6 addresses already and counting... this is getting entertaining. Really, really IPv6 hungry iPhone.
This one is more satisfied in life:
View attachment 45434
Tech9
Part of the Furniture
The phone is in the same room and private address is disabled. This is ridiculous whatever it is.
Anyway, enough volunteers around, I have the problem solved. The best IPv6 setting in Asuswrt:
bluepoint
Very Senior Member
Your choice nothing we can do about that, me, i'll continue my journey.
Treadler
Very Senior Member
House full of idevices here, private wifi enabled, problem not seen.
Might ‘sometimes’ get two or three addresses, but very rarely.
bluepoint
Very Senior Member
This seems to happen when an iDevice or even windows that sleeps in and out of their wireless connections. It appears in ipv6 acquiring addresses is not a problem but it doesn't retain the same IP whenever you come in and out specially if it's rapidly in succession. Good thing the leases are short that it claims it back when its time to renew. I can see trouble when you have a server but I've read that people were able to assign static IP's. When there is a problem like this that's when you learn to find out the solution.
Last edited:
Viktor Jaep
Part of the Furniture
With all this chatter and hype about IP6 and the lack of VPN kill switches that can handle IP6, I decided to take matters into my own hands and see if I could make this work... It's been a good couple of days learning more about the functionality of iptables... Many thanks to @eibgrad for the inspiration from his amazingly efficient kill switch script.
Presenting: KILLMON 0.3 (preview)
Enjoy.
Presenting: KILLMON 0.3 (preview)
Enjoy.
Tech9
Part of the Furniture
To prevent IPv6 leaks you have to kill IPv6 traffic when your IPv4 tunnel is up as well. It doesn't make much sense to me. First you enable IPv6 for unknown reason and then kill it because you want to use IPv4 only tunnel. Keeping IPv6 disabled on the router solves IPv6 leak issues permanently.
Viktor Jaep
Part of the Furniture
This script forces all IP6 traffic through the VPN tunnel... if the VPN tunnel goes down, no IP4 or IP6 traffic will be allowed to get out.
Tech9
Part of the Furniture
If it uses IPv4 tunnel in/out, what's the point of having IPv6 enabled? This is like 6in4 tunnel. Sounds like a solution to non existing problem, created by altering router's default settings. I agree it perhaps does better kill switch function, but IPv6 can be taken out of the equation with one click.
The GUI relies on the output of the command:By the way:
View attachment 45433
32x IPv6 addresses already and counting... this is getting entertaining. Really, really IPv6 hungry iPhone.
This one is more satisfied in life:
View attachment 45434
Code:
ip -f inet6 neigh show dev br0If anyone wants to lower this threshold, you can modify it:
Code:
echo 16 > /proc/sys/net/ipv6/neigh/default/gc_thresh1SomeWhereOverTheRainBow
Part of the Furniture
It should be noted that before anyone chooses to take this approach, they should actually review information about "ARP cache sizes and GC thresholds" to determine if this the actual approach they wish to take.
You actually have 1 2 and 3 gc_thresh:
/proc/sys/net/ipv6/neigh/default/gc_thresh1/proc/sys/net/ipv6/neigh/default/gc_thresh2/proc/sys/net/ipv6/neigh/default/gc_thresh3
Last edited:
sfx2000
Part of the Furniture
Get a VPN provider that support IPv4/v6, problem solved..
Tech9
Part of the Furniture
Or leave IPv6 at default Disabled and choose any VPN provider you like. The problem doesn't exist.
I tried a couple IPV6 supported VPN providers and they still had DNS leaked during my testing.
If you are running the VPN Director VPN clients on the router, then you will have IPv6 leaks, because the clients themselves do not support IPv6. @RMerlin does not have access to an IPv6 ISP and without this it is not practical to do the work necessary to get this to work. As noted elsewhere you can disable IPv6 on the router, or just disable IPv6 on the devices routed through the tunnel(s).
If you want to use VPN providers who supports IPv6 then your current options are
connect via the provider's own clients (not the router)
move your VPN routing to a device that does support dual stack VPN routing (I believe it can be done on a pi, have never tried)
on a supported Asus device, run @ZebMcKayhan's Wireguard Manager (WGM)
I use WGM, with dual stack and no leaks, but I also have a slow ISP (for fast links Wireguard will speed limit your whole network, not just the VPN tunnels)
Last edited:
learning_curve
Senior Member
@Kingp1n As @archiel has correctly posted, those problems can only be due to the specific setup (...that you're currently using).
My own very recent post, which is effectively a less detailed, shortened version of the post by @archiel above
Beta - Asuswrt-Merlin 388.1 Beta is available for select models
Beta-1 is running fine at the moment but I have 1 question: IPV6 traffic is still not routed through OVPN or Wireguard tunnel. Did I do something wrong or is it (still?) not supported? IPv6 not supported with VPN clients. This ^ current status (of the VPN Client not routing the IPv6 traffic)...
www.snbforums.com
- Status
Similar threads
Similar threads
Similar threads
-
-
-
-
-
-
IPv6 WAN Prefix Length Setting in WebGUI (3004.388.8_2)?
- Started by jksmurf
- Replies: 14
-
-
-
-
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
- Started by ComputerSteve
- Replies: 3