Interface with GUA but not ULA; possible?

tectonic · July 21, 2020, 9:39am

I think I have exactly the same problem as described here. But I need my ULA-Prefix (for evil NAT6 purposes since Mullvad only give me a /128). I'm thinking about moving my Nests to an interface which assigns GUAs but not ULAs. Is this achievable? I guess something like this would work; whereby ip6class is used:

config globals 'globals'
	option ula_prefix 'fdf3:e716:6c30::/48'

config interface 'wan'
	option proto 'pppoe'
	option ifname 'eth0'
	option ipv6 'auto'
	option peerdns '0'
	option dns '185.228.168.9 185.228.169.9'
	option username '...'
	option password '...'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2a0d:2a00:1::2 2a0d:2a00:2::2'

config interface 'iot'
	option type 'bridge'
	option proto 'static'
	option ip6assign '64'
    option ip6hint 'BB'
    list ip6class 'wan6 wan'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.0'
	option ifname 'eth1.20'

trendy · July 21, 2020, 9:57am

Very possible if you use this option.

tectonic · July 21, 2020, 10:43am

oddly, the 'iot' interface stopped dishing-out GUAs and ULAs with list ip6class 'wan6 wan' added. Must be something simple (syntax error) so will dig deeper.

jow · July 21, 2020, 11:39am

If must be:

list ip6class wan
list ip6class wan6

tectonic · July 21, 2020, 12:38pm

that's done the trick. Thanks!

trendy · July 21, 2020, 12:54pm

I don't see why you need to add the wan interface there. IPv6 is handled by wan6 anyway.

tectonic · July 21, 2020, 1:05pm

oops..yes, you're correct. Changed to:

list ip6class wan6
list ip6class wan_6

jbrossard · July 21, 2020, 7:06pm

It turns out ULA had nothing to do with the issue Nest Protect disassociated due to inactivity

tectonic · July 21, 2020, 7:47pm

thanks, @jbrossard; appreciate the extra info. Conincidentally, I was having trouble adding a new protect to my Nest account earlier today but was able to resolve it by changing DNS Servers. I'll do similarly (turning off DNSSEC) and keep an eye on it over the next few days.

jbrossard · July 22, 2020, 1:47am

What did you change from/to?

tectonic · July 22, 2020, 8:57am

I temporarily switched from CleanBrowsing.org to Google (8.8.8.8). When I've got a bit of time at the weekend, I'll probably switch to NextDNS; will let you know how it goes.

jbrossard · July 22, 2020, 12:31pm

My Nest Protect has been trouble free since turning off DNSSEC at the router.

I'm using Quad9 but have switched to Quad9 with ECS (dns11.quad9.com) to see if streaming lag when starting streaming a video will improve. Does Quad9 implement DNSSEC and What is EDNS Client-Subnet

I am also running stubby for DoT. That pretty much sums up my DNS setup.

tectonic · July 22, 2020, 2:09pm

thanks. That's really helpful. Very similar to my set-up: Stubby for DoT but with Cleanbrowing's DNS servers. I've turned DNSSEC off on the router now, so hopefully that'll sort it out!

Thanks, again!

jbrossard · July 22, 2020, 11:09pm

I see cleanbrowsing.org also enforces DNSSEC so doing it at the router is redundant, just like my setup with DNSSEC enabled was redundant when using Quad9.

I hope the Nest Protects stay online! I've been working on this issue for a week!

tectonic · July 25, 2020, 9:36am

Just to close-off this topic:

Everything is running perfectly since turning-off DNSSEC on the router, as suggested by @jbrossard. My Nest Protects have remained online.

I've also susbcribed to NextDNS which enforces DNSSEC and provides some additional really neat features.

Job done, I think!

system · August 4, 2020, 9:36am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.