How to check if DS-Lite is working and correctly configured?
I guess try to access IPv4 and IPv6 only websites from a device in your network, if that works I guess ds-lite would work...
1 Like
Thanks that was a good idea, could confirm with that that it works.
but i still have a question;
MTU is 1280 but the wiki/doc says it might be better to have it at 1452, so should i set it to that or maybe even to 1492/1500 ? and what difference would that make?
https://openwrt.org/docs/guide-user/network/wan/isp-configurations#vdsl_ds-lite
and also the wiki/doc at the bottom is saying when using DS-Lite IPv4 NAT must be disabled in the firewall config.. Is that really true?? And if yes how can i do that?
and the doc/wiki is saying the tunnel interface must be added to the firewall zone, how do i do that?? security is important i want the firewall set up correctly!
1460 or 1452 if pppoe
1452
all the encapsulations grow packet header leaving less space for packet data. 1500 normal -40 for dslite -8 for pppoe
Check providers homepage, likely they have option for native passthru like both protocols at 1500 from cpe connector.
Okay, so for now i've set ds-wan6_4 to -40 for dslite so 1460, im confused cuz documentation said it should be 1452 but ok.
so i wonder can i set both the tunnel ds-wan6_4 and tunnel pppeo-wan to 1500, not sure what my "provider" is, i use maxxim dsl provider but they are using drillisch online gmbh provider and that is using either kabel deutschland or o2 on the backend i think, so what from that is the provider.
And is it true that for DS-Lite IPv4 NAT must be disabled like written in the first doc link??? and if yes how?
and can someone tell me if i need to add the ds-wan6_4 to the wan firewall zone now? like is that meant in the second doc link? and how can i do that?
(also why is that not default, isnt that a giant security risk??)
1452 please
but didnt you say -40 for dslite? so why 1452 and not 1460? ive entered 1460 and all seems fine, ipv6 is working.
Major cdns use even less
if your wan is with pppoe you need to retract additional 8
1 Like
well, its about the ds-wan6_4 tunnel device/interface created by DS-Lite (Dual-Stack Lite) not sure if that counts as wan or as dslite for you/for them.
yes my main wan interface is using pppoe
So set to 1452 so be on the safe side or what's the safest or correct option?
and set only the normal MTU or also the IPv6 MTU in that tunnel device ds-wan6_4?
And is it true that for DS-Lite IPv4 NAT must be disabled like written in the first doc link??? and if yes how?
and does anyone know if i need to add the ds-wan6_4 to the wan firewall zone now? like is that meant in the second doc link? and how can i do that?
(also why is that not default, isnt that a giant security risk??)
It sums up, your wan is mtu 1492 after pppoe header within that 40 more is consumed by dslite.
1 Like
AH! now i get it, it makes sense. 1492(used by PPPoE)-40(used by dslite)=1452!
thank you.
Now im only wondering about that nat and firewall question, i guess anyone can access my stuff now huh? since the ipv6 is completely without firewall huh?
1 Like
NAT is also automatically disabled, and the firewall should also be set up correctly with the auto-created "wan6_4" interface (even if it isn't colored correctly in the web interface).
Is there some way to verify it its actually configured? sometime the auto configuration fails or messed up and i want to be sure
wget -4 -O- https://google.com/generate_204
wget -6 -O- https://google.com/generate_204
wget -4 -O- https://google.com/generate_204
wget -6 -O- https://google.com/generate_204
what is that supposed to do? should i read out stdout after doing that command? how?
Or use luci network diagnostics...
ping works, traceroute gives this:
traceroute to openwrt.org (64.226.122.113), 20 hops max, 46 byte packets
1 192.0.0.1 3.722 ms
2 24.40.131.41 6.046 ms
3 80.81.197.40 5.355 ms
4 80.81.193.141 11.496 ms
5 *
6 *
7 *
8 *
9 64.226.122.113 12.055 ms
but what is that supposed to tell me about firewall and ipv4 nat?
Check ip4 and ip6 connectivity and you are all set?