Tata Sky Broadband: Static IPV6 - Unable to Configure

[panks21]

yeah.. I have done that.. but its not getting advertised to the client..
Also please hide your NextDNS IPv6 DNS addresses. They are unique to you..
Surprisingly, nextdns doesnt detect that I have a IPv6 enabled machine.. even though I can ping their IPv6 DNS address

alpha@alpha-mbp ~ % ping6 2a07:a8c0::xx:xxxxx -c 5
PING6(56=40+8+8 bytes) 2401:4900:1f30:xxxx:xxxx:xxxx:xxxx:xxxx --> 2a07:a8c0::xx:xxxx
16 bytes from 2a07:a8c0::xx:xxxx, icmp_seq=0 hlim=58 time=13.542 ms
16 bytes from 2a07:a8c0::xx:xxxx, icmp_seq=1 hlim=58 time=8.428 ms
16 bytes from 2a07:a8c0::xx:xxxx, icmp_seq=2 hlim=58 time=8.399 ms
16 bytes from 2a07:a8c0::xx:xxxx, icmp_seq=3 hlim=58 time=8.364 ms
16 bytes from 2a07:a8c0::xx:xxxx, icmp_seq=4 hlim=58 time=8.121 ms

 

[Chip]

@panks21 I think there's an install procedure for routers check their setup guide. Can you shift temporarily to OpenDNS/Google DNS etc to check if it works. Can you also do an IPv6 test on one of the more common v6 test sites? My setup passes all of them. Of course that's only TSBB not Airtel.

BTW those NextDNS values are not mine.. thanks for the tip though They just appeared (browser specific) when I opened the page and are valid for 7 days. I created an account with new values of course out of curiousity and using it on my phone but I can see latency increases whilst surfing.

PS - I'll try these nextDNS settings on pfSense and report back.

 

[panks21]

none of the DNS works... be it cloudflare or google..
ipv6-test.com passes but test-ipv6.com fails

never mind.. I am giving up on IPv6 for the 5th time and reverting back to my Static IP.

 

[tatyasky]

In Windows, I run these 2 commands in elevated cmd to disable temporary IPv6 assignment. Reboot afterwards.

netsh interface ipv6 set global randomizeidentifiers=disabled
netsh interface ipv6 set privacy state=disabled

The static IPv6 now assigned to Windows PC remains unchanged till I format Windows. I believe this is how static IPv6 works.

I also for the lulz assigned 1:2:3:4 as last quartets of static IPv6 manually from Windows settings. So whatismyip.com actually started showing me that as IP on their test page.

Here are my IPv6 settings

@Chip what is your use case scenario with pfsense? I use Asus RT-AX88U and enbling IPv6 and adding 3 DNS servers is literally 1 click job of hitting Apply button. It just works and I never had to worry about anything. Just add the PC's IPv6 as an exclusion in Router's firewall and boom ! my pc is accessible via remote desktop IPv6. The PiHole which I tried running off a QNAP server from LAN left a lot of empty white spaces on webpages so switched to Adguard Browser addons for iOS and Firefox. Newest beta firmware of RT-AX88U has added support for Wireguard so even that part has been taken care off. But most important of them all.... system stability. My router is now running more than 30 days uptime and AiMesh is as good as ever. Similar settings can be used on cheaper Asus RT-AX55

Asus RT-AX55 AX1800 Dual Band WiFi 6 (Black) Router Supporting MU-MIMO and OFDMA Technology, with AiProtection Powered by Trend Micro™, Compatible with ASUS AiMesh WiFi System, and Parental Controls. - Buy Asus RT-AX55 AX1800 Dual Band WiFi 6 (Black)

Amazon.in: Buy Asus RT-AX55 AX1800 Dual Band WiFi 6 (Black) Router Supporting MU-MIMO and OFDMA Technology, with AiProtection Powered by Trend Micro™, Compatible with ASUS AiMesh WiFi System, and Parental Controls. online at low price in India on Amazon.in. Check out Asus RT-AX55 AX1800 Dual...

www.amazon.in

Because of CG-NAT on IPv4 and most routers don't have their own static IPv6 address, I have installed Tailscale on QNAP and set up a static route of Asus's LAN IP address 192.168.1.1
So if I have to access my router's GUI from outside LAN, I simply start tailscale app on iPhone or android and type 192.168.1.1 and am taken to router's home page. Tailscale can even be installed on Raspberry Pi or low power Windows PC like NUC which can run 24x7. That's the only downside of CG-NAT and using tailscale.

What am I missing?

 

[Chip]

@panks21 I am a bit surprised maybe it has something to do with Airtel's implementation. Whenever they roll out v6 in my area I'll certainly be testing it out.

@tatyasky pfsense mainly because it has an IDS/IPS plus a fully controllable open source firewall. My old Asus AC3200 does the job just like your AX88U after all these routers are meant to be easy to setup and use. I don't need to access my desktop or home network remotely as I work from home and for those instances I am away or travelling I have my files backed up in an encrypted cloud

 

[panks21]

It is indeed some erratic implementation... Few weeks ago, I tested it on ubiquiti edgerouter and it worked perfectly.. but it was bumpy ride when I use Juniper SRX320 and doesn’t work at all on PFSense / OPNSense
In none of the case, I get default route.. but if I add a static route on edgerouter it works smoothly

 

---

[Chip]

@panks21 I updated the config with the NextDNS servers on the general setup page and DHCPv6 server page n pfSense and it works. Just make sure you go to the RA tab and check the "Provide DNS configuration via radvd" and "Use same settings as DHCPv6 server", See this --> Config

PS - seeing your latest reply..maybe Airtel's v6 implementation is facing teething issues and its the reason why they're rolling it out slowly. TSBB on the other hand has had v6 for a pretty long time, some years actually, according to what the tech told me.

 

[pillaicha]

Took a new connection from them today. Ipv6 works out of the box. Everything was simply configured from their end and I didn't have to manually add any routes or DNS servers.

 

[Chip]

@pillaicha if you're using their router it works without a hitch whether on v4 or v6. But getting pfSense to work with v6 is a bit of an issue. Not simple. But once you get it done it works. On pfSense let RA do the hard work is my advice.

 

[Chip]

Ok guys, an update you will need to create a rule to allow ICMP echo on v6 from your WAN to LAN. See here Configuring Unifi IPv6 on pfSense

Changing MTU on LAN is not really required but you can drop it from 1500 to 1492 or similar assuming you do the ping test with IPv4. I have not changed LAN MTU.