IPv6 Roll Out

blunt said:
ye no i know, i've got my parents and uncles v6 setup fine but their routers arent Mikrotik.
when OS goes live then I'll need to know how to set that up on Mikrotik using PPPoE
Click to expand...
Oh, I get you now.

Thats easy. You create an IPv6 DHCP client for the PPPoE interface, then dial up the PPPoE.
 
killerbyte said:
Oh, I get you now.

Thats easy. You create an IPv6 DHCP client for the PPPoE interface, then dial up the PPPoE.
Click to expand...

Cool - so for the sake of completeness, if I log in via WebFig:

Screenshot 2021-05-17 at 12.34.50.png

Under here, I add a new client, then what should be ticked under "Request" and I assume "Add Default Route" should be enabled too?

Screenshot 2021-05-17 at 12.40.45.png

Then under the IPv6 menu again all sub menu items are empty except on ND I have:

Screenshot 2021-05-17 at 12.37.53.png

Does this need to be here?

And under Settings I'm assuming these are fine:

Screenshot 2021-05-17 at 12.39.15.png

Do I need to setup Mangle entries under the v6 firewall?
 
killerbyte said:
FF is IPoE, so you just need to turn on the IPv6 DHCP client.

@AfriNatic I assume the IPv4 DHCP client needs to be disabled.
Click to expand...

No we run dual stack IPv4 and IPv6. Depending on the router as I'm not familiar with the Mikrotik you would likely need 2 x DHCP connection. One for IPv4 and one for IPv6 DHCv6 if the Mikrotik is anything like the D-link.

With Huawei for example you simple enable or disable IPv6 which brings up the DHCPv6 settings from a drop down.
 
blunt said:
Cool - so for the sake of completeness, if I log in via WebFig:

View attachment 1070143

Under here, I add a new client, then what should be ticked under "Request" and I assume "Add Default Route" should be enabled too?

View attachment 1070199

Then under the IPv6 menu again all sub menu items are empty except on ND I have:

View attachment 1070167

Does this need to be here?

And under Settings I'm assuming these are fine:

View attachment 1070187

Do I need to setup Mangle entries under the v6 firewall?
Click to expand...
Leave all the other settings as they are.

As per @AfriNatic last post, please leave DHCP v4 on, due to dual stack.
 
blunt said:
@AfriNatic does "soon" mean today, this week, next week, or next month?
Click to expand...

I don't have an ETA. I'm cc'd in a trail of mails between us and Openserve. We have setup the routes just waiting for Openserve to do their part and then clients will start seeing IPv6 addresses being allocated.

Hopefully before the end of the month if we stay on track.
 
blunt said:
@AfriNatic I assume this means ADSL clients will also get IPv6 or is there some kind of differentiation on Openserve?
Click to expand...

Unlikely.

There is significant changes that needs to happen on both Openserve and Afrihost side for that to work. It's not a hard no just not a priority now. We focusing on getting IPv6 on all fibre lines first then from there we will likely move to hosting.
 
AfriNatic said:
@Gimli

We have our Openserve routes ready and BGP is ready.

Openserve IPv6 to go live soon.
Click to expand...
Thanks for letting me know. Great news.

Unfortunately I moved to another provider as I didn't know how long this was going to take. But I will definitely test the waters in future (maybe as a trial first) and might even be tempted with that new wifi6 router on offer.

Could you please tell me, is your PrefixDelegation /56 or /64?
 
For those wondering on how does IPv6 work when it comes to ports you can use this handy tool.


It scans for common open ports and you can see if you configure your firewall correctly.

By default the D-Link, Huawei WS5200 and the Huawei WS7100 we supply will have the firewall on. This means none of the allocated IPv6 ips on you devices will have open ports. The firwall will also block ping requests.

The Huawei WS5200 and WS7100 has pretty basic Firewall settings. It's either ON or OFF. ON meaning blocks everything coming in on IPv6. OFF meaning which ever ip is allocated if there is services running with open ports they will be exposed. This is only an issue if you running service that has open ports and are not secured.

The D-Link has quite a nice firewall setting. It allows you to open specific ports to specific IPv6 IP address or the whole prefix allocated to you or a specific range of IPv6 addresses.

A simple rule to open a specific port you intend to use for the whole prefix allocated to you will look like this. This will open up port 26895 to allow remote traffic to come in. In my case it' a torrent client. It will allow it to the whole /62 allocated to you.


bitcomet.PNG


When using https://www64.chappell-family.co.uk/cgi-bin6/ipscanfastjs.cgi with the firewalls turned on like they are by default @blunt ports will be blocked and the test should show this.

firewall_on.PNG


You need to specify rule to intentionally block incoming traffic but you can if you want to.

When the firewall is turned off it would expose any open ports to the internet if there is a running service listing on that port. For example.

firewall_off.PNG
 
Gimli said:
Thanks for letting me know. Great news.

Unfortunately I moved to another provider as I didn't know how long this was going to take. But I will definitely test the waters in future (maybe as a trial first) and might even be tempted with that new wifi6 router on offer.

Could you please tell me, is your PrefixDelegation /56 or /64?
Click to expand...

We allocate /64
 
you normally allocate static v6 prefixes otherwise your local clients will have no connectivity until their autoconfig / RA expires
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X