[Solved] Ipv6 problems from outside my LAN

Just came here from ddwrt. Played a bit with a spare router trying a few things (dyndns and openvpn) until I felt comfortable getting it going and finally made the jump today. Here at home, in lock down, the internet is mission critical.

The router is a Netgear R7800. I uploaded the latest 19.07.3 and was up and running in short order! Yea! The dyndns seems to work as I get an ipv4 and an ipv6 address listed on the DynamicDNS section of the overview page. I get the same addresses listed on the network/interfaces wan and wan6. I have verified that I can use ipv6 addresses on my network (I can open a ipv6 addressed web page from the lan using the ipv6 address). So, it all seems OK here inside my LAN. When I check to see if ipv6 is 'working' from the internet, though, it appears it is not. If I go here:
I get 4/20 and it shows ipv6 not supported. When I go here:
I get 0/10 and "No IPv6 address detected"

Am I doing something wrong? Is there some setting I need to adjust to make this work? Is it a security feature and not a bug? This is a brand new setup (today) and I have not modified much other than to add packages for dyndns and openvpn and set up leases for my local clients. What is going on? When I tried this with my spare wndr3700, I think it worked. I know it worked when I was running ddwrt.

I went here:
but I don't 'get' all of it. I think it should be 'up'. I would like to be able to connect via openvpn using the ipv6 address as well...


That would depend a lot on the requirements of your ISP - and what you're actually testing (e.g. I get 10/10 and 20/20).

The firewall won't allow incoming IPv6 connections by default (mirroring the IPv4 policies), aside from ping6, so if you do want to expose internal systems to the outside, you'll have to whitelist them explicitly (either completely or filtering on a protocol/ port basis).

@slh thanks for the comment. Maybe I just don't understand how this is supposed to work, but my ISP gives me an ipv4 and ipv6 address and duckdns confirms both of them. When I try any of the ipv6 testing web sites, though, they say that ipv6 is non-functional. Also, I cannot reach any ipv6 addresses outside of my LAN.


# ping -6 google.com
PING google.com(ord37s07-in-x0e.1e100.net (2607:f8b0:4009:802::200e)) 56 data bytes
64 bytes from ord37s07-in-x0e.1e100.net (2607:f8b0:4009:802::200e): icmp_seq=1 ttl=54 time=14.6 ms
64 bytes from ord37s07-in-x0e.1e100.net (2607:f8b0:4009:802::200e): icmp_seq=2 ttl=54 time=21.5 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 14.576/18.015/21.455/3.439 ms

but when I try to go to https://[2607:f8b0:4009:802::200e] from a browser I get 'connection has timed out.

If I go to a web server inside my LAN by its ipv6, it works as expected.

The only connection in should be through my openVPN connection. That is another issue, though, that I can resolve later. Right now, I cannot connect out via ipv6 and none of the ipv6 test websites see that I have an IPv6 address, either.

Do I need to enable something?


Ok, I finally got it working. Apparently, the 'ipv6 assignment length' must match between the ISP and my LAN. When I changed the LAN from 60 to 64, I was able to get to ipv6.google.com from a browser and the ipv6-test.com web page now works.

Woo Hoo!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.