Followed the instructions from TMNET, it now works at my home near Sg Long, but not at my workplace, near Jalan Kuchai Lama, TMNETs DHCPv6 not giving out ipv6 prefixes there. Same router, both sides, Asus RT-N16.

Security is a big issue, since I was previously behind the router's firewall, so everything was open within my network, and ASUS's firmware does not support ipv6 firewall.
Initially, doing an IPv6 port scan here showed a lot of the common were open and responding from the internet!!

ipv6.chappell-family.com/ipv6tcptest/

Fortunately merlins firmware for the RT N16 does enable an ipv6 firewall, he supports a few routers.

http://www.lostrealm.ca/tower/node/79

So now my rt n16 firewalls ipv6 traffic, and a recheck shows that all my ports are in stealth mode now. Saved me the pain of having to secure each pc in my network.

Anyway, for the RT-N16, you just need to click on the ipv6 tab on the left navigation bar, then choose 'Native' as the connection type, 'PPP' interface, and enable DHCP-PD. If you are using merlin's firmware, you can then go the the firewall tab and enable the ipv6 firewall there, but it's enabled by default.

As for my workplace at Kuchai Lama, its really frustrating. I have IPv6 connectivity from the router itself, I can ping ipv6.google.com from the router, but Router Advertisement is disabled because radvd can't get the ipv6 prefix from TMNET.

radvd[439]: no auto-selected prefix on interface br0, disabling advertisements.

If only there is a way for me to specify my own prefix......, have been looking this up but to no avail.

Yup a host-based firewall becomes important in an IPv6 setup.

IMO you negate many of the end-to-end benefits of IPv6 by using a firewall at the router to block incoming tcp connections by default.

Wouldn't a host based firewall block unsolicited tcp connections as well?

Yes, however the difference is where control lies. A host-based firewall can be configured by the host, either manually by the user or programatically like Windows INetFwRule. I think the Windows implementation is pretty nice where it gives you the choice of trusted/untrusted whitelist for each network you join and each application.

With a perimeter firewall, how would a home user do that? I believe troubleshooting firewalls or logging into one's router to edit firewall rules is beyond most lusers ability - and that is assuming the ISP even offer that option. TM for example is known not to disclose password to their routers.

UPNP to punch holes in the firewall? A complicated solution to a problem which should be solved at the host anyway. For example, what if you bring your computer somewhere which doesn't block incoming connections by default? You will want a host firewall protecting you by default.

Perimeter firewalls still have their place to enforce security in depth, but it should be in addition to host firewalls and not in place of it... and for it to be effective it should be locked down with no way for holes to be punched by hosts.

As answered earlier uh , yes and no.

Your CCTV/IP camera needs to support IPV6. It is useless and most ones I have seen does not even have ipv6 stack installed (my cctv for instance runs on old linux 2.4.x kenrel without ipv6 compiled). So it is useless , even if my Telco network supports ipv6 and my router is able to handle IPV6 , but the device itself is not compatible with IPV6

Yes , Android 4.x and iOS 5 and above supports IPV6. Not sure about earlier version of Android as I have not tested before

The phone might not show it has a IPV6 address under Settings , but try surfing with a browser and it is able to view IPV6 content and for some reason , like iPhone with iOS 7 for instance , it seems to prefer to fall back to ipv4 instead of ipv6 , when it is given a choice between the two.

Thanks for the explanation dude, understood, I totally didn't think of that, but now that you explained it, it seems so obvious

iOS kernel is based on Mac OSX darwin BSD kernel.
The operating system kernel itself will constantly select what is best for communication based on latency and speed.

A possible bandaid is to setup a IPv6-to-IPv4 proxy. With practically unlimited IPv6 addresses, you can even assign 1 IPv6 IP to 1 internal IPv4.

Thanks for the heads up. Didn't think of that , I am still searching the source code or any sort of information about the cctv in the internet so that it would be possible to recompile with ipv6 stack

IPv6 test with Tomato RAF firmware runs well.

@ssslayerrr , you can try other firmware versions where prefix options are enabled ....

This post has been edited by Victek: Oct 30 2013, 05:12 PM


Attached thumbnail(s)

Hi, hahaha, the man himself. I've used your tomato firmware on my wrt54gl s, thanks for that. Actually, the Asus firmware allows me to disable the dhcp-pd and hence, specify my own prefixes, it's just that I have no idea on what to put in there, just blindly googling now hoping to find some info on this, no luck so far......

OK, just posted here by other forum members comments and the lack of knowledge about ipv6 ....everybody wants, ISP's offer as commercial advantage but infrastructure not ready ...

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:42 AM

anybody got problem with his ipv6 slow connectivity? my unifi is 5mb and 20mb. both decreased to 2mb and 11mb. if i change back to ipv4, speed came back to normal. why? please help. thank you.

same here. how do you resolve the problem?

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:42 AM

I didn't enable ipv6
just ignore it

yet still getting frequent dc

How would the configuration be in OpenWRT? There are so many options & methods, have tried it for a day and still no go. Even broke the DHCP and probably some other stuff, now i'm back with TM's router.

I'm using TM's DIR615 as a VLAN Bridge, stripped the v.500 there.
With a DIR615-C2 on OpenWRT to simply dail PPPoE via the bridge.
That's for IPv4.

So what direction should i be heading? What packages to download and what to input? I'm not a network guy i just follow online instructions really well

If i get it correctly, what i need to do is configure it for Dual-Stack as we're running ipv6 concurrently with v4.
And TM uses SLAAC with DHCPv6 to assign addresses.
The address needs to be routed to clients via something like radvd, something like a DHCP for ipv6?
Anything else needed? 6to4 / 6rd?

At one point i managed to get TM's ipv6 assigned address.
But there was no network connectivity, some routing somewhere didnt work out...
I'm veri confused
Any detailed guides or ideas?

This post has been edited by andrew9292: Nov 5 2013, 06:46 PM

I have access to 3 locations with unifi and all 3 have different 'situations'.

No. 1. The first location gets an wan, lan ipv6 address and lan prefix, ipv6 works with tm's dir 615, but now I'm using the asus RT N16 over there. no problems.

No. 2. The second location is able to get a wan ipv6 address, but no lan ipv6 address and no lan prefix, so, while the router itself has ipv6 internet connectivity (can ping ipv6.google.com etc), the lan clients don't.

No. 3. The third location, doesnt even get a wan ipv6 address.

So, it could be very frustrating trying to configure it when it might not be 'fully' available. I suggest you try tm's dir 615 router first and confirm that you are getting complete ipv6 functionality, if you are, then go ahead and try openwrt.

What you describe in your last paragraph sounds like the my situation no. 2, ie, your area is not getting ipv6 prefixes from tmnet yet.

Assuming that you use Barrier Breaker, all you need to do is to run a DHCPv6-PD client on '@wan' interface, assuming of course the PPPoE interface runs on 'wan' interface. No need to get a second /64 prefix, because OpenWRT can actually use the /64 supplied to the 'wan' interface for all supporting devices in your network.

Kinda work the opposite way of routerOS.