Hi guys, its me, im back for a tutorial!
I read that someone is interested for a tutorial. so i assume maybe at least half of the edgerouters owner wanna use ipv6.
ipv6 is all cli based setup.

1)first step is to enable ssh. Go to login page and click system then enable and save.

2)use putty to ssh on windows, or terminal on mac.

3)copy and paste these commands

configure

edit firewall ipv6-name WAN6_IN

set default-action drop

set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable

set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable

set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

edit firewall ipv6-name WAN6_LOCAL
set default-action drop

set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable

set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable

set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6

set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top

set interfaces ethernet eth0 vif 500 pppoe 0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 vif 500 pppoe 0 firewall local ipv6-name WAN6_LOCAL

set interfaces ethernet eth0 vif 500 pppoe 0 dhcpv6-pd pd 0 interface eth1 service slaac
set interfaces ethernet eth0 vif 500 pppoe 0 dhcpv6-pd pd 0 prefix-length 64
set interfaces ethernet eth0 vif 500 pppoe 0 dhcpv6-pd prefix-only
set interfaces ethernet eth0 vif 500 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 vif 500 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth0 vif 500 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 vif 500 pppoe 0 ipv6 enable

commit

save

exit



these settings are assuming your(please check and adjust accordingly):
-eth0- is your wan port(the one connects no your fiber/vdsl2/adsl modem) [etc - eth0 / eth1 / eth2 ]
-eth1- is your lan port(the one connects to your computer or switch or access points) [etc - eth0 / eth1 / eth2 / or br0 if you have bridge interface]
-pppoe0- is your pppoe interface [etc - pppoe0 / pppoe1]

-vif 500- is your vlan tag (your vlan based connection according to you isp) [etc - vif 500 for unifi / vif 621 for maxis fibre / remove vif 500 entirely for anything else like time fibre]

dont forget to setup your ipv6 dns server at name server
you can use cloudfare google or opendns.
go to login page, system and fill up system name server

cloudfare
2606:4700:4700::1111
2606:4700:4700::1001

google
2001:4860:4860::8888
2001:4860:4860::8844

opendns
2620:0:ccc::2
2620:0:ccd::2

This post has been edited by wanttotree: Feb 2 2019, 11:47 AM

Thank you so much @wanttotree, you've been more help than even Ubiquiti's Commuity forum! It took some time but it finally worked.

Some of my connections and DNS requests in IPv6 were timing out, these settings fixed that.



Also, to avoid using TM's DNS servers I had to do this after setting up system nameservers.


EDIT: Tried rebooting the router, looks like WAN (pppoe0) doesn't always get an IPv6 address, which means no IPv6 connectivity.

This post has been edited by ncys1: Sep 27 2018, 12:15 AM

i have always had problem with unifi obtaining ipv6. in my opinion, unifi ipv6 is kinda broken. sometimes it wont behave like it should. plus, the router is powerful enough to nat ipv4 without hitch anyway. thanx for the kind words. ubnt forums need u to specify your problem and what u r trying to achieve in detail. u do need someone that have the knowledge in the forum to reply for you. the ubnt engineer have a lot more important things they have to attend to. the problem not getting ipv6 might not cause by the router. anyway i hope u enjoy it, and not having to face the problem ipv6 on unifi. i had mine turned off after having frustrations in months. ipv6 on my maxis fibre has been flawless in comparison. i can get both ipv4 and ipv6 in seconds. cheers

ps: oh yea forgot bout the mss clamp. change it to 1452 instead. its the max size u can set it to. didnt know about the tm dns when i set mine. thanx btw.

This post has been edited by wanttotree: Sep 27 2018, 12:34 AM

I would like to report that works well on Maxis Fiber, kudos!!

Awesome. Glad to hear another success.

Hi @wanttotree

We meet again, this time in another thread.

After having my internet working, I can confirm that the steps that you shared works on EdgeRouter-4. Both my eth0 and eth1 have IPv6 addresses.

However, you are right about Unifi; their IPv6 is not consistent. When checking with websites that run IPv6 check, they reported no IPv6. This is not my first time, I did tried before when using Archer C2. I believe forum.lowyat.net has similar feature when we post a message here.

Thanks

Well hello again. Glad you checked out the tutorials. I would advice to disable ipv6. Dont forget to enable all hardware offload too. A quick google will show you how to do it(assuming you havent already). Cheers.

I'm using TM Unifi with ER-X, found that if I have IPv6 on, ping to facebook will always has ping drop in every few pings, others like youtube has no problem, only facebook. Tried MSS 1440/1400/1380, still ping drop within few pings (20+ ping drops when ping 100 times), anyone has this problem?

Hi,
I want to enable hardware offload but the guide clearly stated that I must use the v2.0.0 firmware. Currently I'm using v1.10.11. Will try that later.

About the IPv6, its weird. When I used Archer C2, the IPv6 worked almost all the time with my Unifi. It passed the Google IPv6 check and other website too, including our Lowyat.Net site. (As u can noticed from the top of my post here, I have IPv6!!)

My feedback so far about this ER-4 is, it is quite laggy in terms of internet browsing (there is no laggy at all at the router's website), as compared to when I used the Archer C2. What I meant by laggy is, sometimes when I want to open certain websites, it can take 1-2 seconds before it can open the sites correctly. Wi-Fi too, it takes a couple of seconds to connect. Internet speed is not an issue, including torrenting from my NAS.
[UPDATE]: After re-flashing with the v2.x.x firmware (the latest one), I can use PPPOE (unlike what I've mentioned in my other post and in your other thread), and the internet performance is gooooood. Very fast browsing compared to before. Only sometimes, right after connected to my WiFi from my Mate20Pro, I would receive no internet connection for a while only. I can also create L2TP/IPSec server and use it from my mobile without any issue. Previously, I set-up the same server inside my NAS, AS4004T (Asustor) using their VPN Server app but usually after disconnecting from the server, my local access to the NAS would be lost. So, I retract my statement above, don't know how to strikethrough those, sorry.

Can I ask, what is the version of firmware that u currently use?

This post has been edited by hayenadeblue: Aug 16 2020, 03:26 PM

Did you used the ssh commands posted by @wanttotree here before?

When I used Archer C2 before, I didn't have problem at all; but I never test the ping to facebook. Sorry.
UPDATE: I just tested to ping to www.facebook.com, with my default MSS of 1412, and no lost packets. On Unifi too, with IPv6.

This post has been edited by hayenadeblue: Aug 16 2020, 03:26 PM

Update:

Hopefully can be beneficial to the others, for Unifi and EdgeRouter 4 (I'm not quite sure for EdgeRouter X), make sure for hardware offload, ipv6 pppoe is DISABLED and ipv6 vlan is ENABLED. I'm using the following commands (try at your own risk, beware), and I can get connected easily to TM's IPv6:

configure

set system offload ipv4 forwarding enable
set system offload ipv4 gre enable
set system offload ipv4 pppoe enable
set system offload ipv4 vlan enable
set system offload ipv4 bonding enable

set system offload ipv6 forwarding enable
set system offload ipv6 pppoe disable
set system offload ipv6 vlan enable
set system offload ipv6 bonding enable

set system offload ipsec enable

commit ; save

Frankly, I've no idea on WHY, but when I enable ALL the above, I end up have ipv6 vlan disable. It looks like we can enable hardware offload for either ipv6 pppoe OR ipv6 vlan. Since the commands execute from top-to-bottom, ipv6 pppoe was enabled and ipv6 vlan was disabled. This has caused failure in ipv6. When I swapped (i.e. disable the ipv6 pppoe and enable the ipv6 vlan as shown above), it works.

Thank you for your post bro hayenadeblue. Hopefully it can help others achieve similar result to yours.

Anyone else here using ALIEN?

hi wanttotree,
new ER-X user here.

I'm on TIME, looking to enable my ipv-6.

in the comment


is it possible to set interface directly to switch1 as my eth1-eth3 are all setup in a switch?

Yes definitely set it to your switch interface in that case.

thank you! IPV6 seems to be working (can see ipv6 address on both pppoe0 and switch0 on the dashboard)
How do I set-up dhcp static routing for devices? I currently have them set up based on IPV4.

Congrats for the new setup with ipv6.
About dhcp static routing, im not sure i understand that question. Either i don't understand the question or its out of my knowledge scope. If you could elaborate more that would be good.

Hey bro, i've just been playing around with the settings a bit.
Is it possible to use the service dhcpv6-stateless with TIME fibre? instead of pure SLAAC

I havent done stateless dhcpv6 on edgeos bro. Im afraid i cant help you with that.

Hi guys, need to ask about whoever successfully setup ipv6 on their edgerouters. I understand that some firmware is buggy still. May i know which firmware is working so far?