A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Draytek Vigor 2860 and IPv6



 
 
Thread Tools Display Modes
  #1  
Old February 6th 19, 10:38 AM posted to uk.telecom.broadband
Tony Mountifield
external usenet poster
 
Posts: 45
Default Draytek Vigor 2860 and IPv6

In article . uk,
Angus Robertson - Magenta Systems Ltd wrote:
There seem to be a few people here using Draytek routers, anyone with IPv6?

The Vigor 2860 router is quite happy with outgoing IPv6 over VDSL, but incoming
seems rather more complicated. The network uses DHCP6 addresses for outgoing
connections, but the servers also have static addresses from my /64 range.

For IPv4 I have port redirection set-up for my small subnet redirecting certain
WAN addresses and ports to private LAN addresses to host a couple of public web
servers.

IPv6 however has the same addresses for WAN and LAN, a /64 range, and port
redirection only seems to handle IPv4 addresses.

Found two very old Draytek FAQs for old products, which suggest DMZ is the way
to go, but again this only seems to support IPv4.

There is a LAN IPv6 window in which static IPv6 addresses can be
entered, and I can ping these from the outside world, but can not
connect to the LAN PC with that IPv6 address.

Suspect firewall rules may have something to do with this, the WAN-LAN
diagnostic is happy with outgoing IPv6 but blocks incoming IPv6.

Has anyone got IPv6 working properly on a Vigor for public servers?


I have a 2860 on a VDSL connection from AAISP, and have IPv6 set up,
with a CentOS 5 box on the LAN within the /64 I was allocated by AA.
I also have a couple of Linode VMs with IPv6 addresses, so testing from
the outside is easy.

I first logged in to a Linode, and did "mtr -6 2001:8b0:1653:1:xxxx:xxxx:xxxx:xxxx"
to ping my CentOS box. The trace got as far as my router, but not to the box.

I then looked in the router config under Firewall-General Setup. I found a pair
of checkboxes "Block routing connections initiated from WAN [] IPv4 [] IPv6".
I had a tick in IPv6, so I unticked it and clicked OK.

Repeating the mtr from outside then reached all the way to my internal box.

I then tried "curl -6 -g 'http://[2001:8b0:1653:1:xxxx:xxxx:xxxx:xxxx]'" from the
outside too, and that worked, fetching the index page from the internal box.

After turning the IPv6 checkbox back on, the curl just times out, as expected.

Cheers
Tony
--
Tony Mountifield
Work: - http://www.softins.co.uk
Play: - http://tony.mountifield.org
  #2  
Old February 6th 19, 12:33 PM posted to uk.telecom.broadband
Angus Robertson - Magenta Systems Ltd
external usenet poster
 
Posts: 107
Default Draytek Vigor 2860 and IPv6

There seem to be a few people here using Draytek routers, anyone with IPv6?

The Vigor 2860 router is quite happy with outgoing IPv6 over VDSL, but incoming
seems rather more complicated. The network uses DHCP6 addresses for outgoing
connections, but the servers also have static addresses from my /64 range.

For IPv4 I have port redirection set-up for my small subnet redirecting certain
WAN addresses and ports to private LAN addresses to host a couple of public web
servers.

IPv6 however has the same addresses for WAN and LAN, a /64 range, and port
redirection only seems to handle IPv4 addresses.

Found two very old Draytek FAQs for old products, which suggest DMZ is the way
to go, but again this only seems to support IPv4.

There is a LAN IPv6 window in which static IPv6 addresses can be
entered, and I can ping these from the outside world, but can not
connect to the LAN PC with that IPv6 address.

Suspect firewall rules may have something to do with this, the WAN-LAN
diagnostic is happy with outgoing IPv6 but blocks incoming IPv6.

Has anyone got IPv6 working properly on a Vigor for public servers?

Angus
  #3  
Old February 6th 19, 06:33 PM posted to uk.telecom.broadband
Angus Robertson - Magenta Systems Ltd
external usenet poster
 
Posts: 107
Default Draytek Vigor 2860 and IPv6

I then looked in the router config under Firewall-General Setup.
I found a pair of checkboxes "Block routing connections initiated
from WAN [] IPv4 [] IPv6". I had a tick in IPv6, so I unticked it
and clicked OK.


Thanks, I'd already untick the IPv6 box, did not make any difference for
external routing, unfortunately.

The Draytek syslog does not seem to log any incoming IPv6 traffic either, even
when a ping is returned, but does log 'virtual server' traffic from outside
IPv4 addresses using port forwarding.

Angus

  #4  
Old February 7th 19, 08:46 AM posted to uk.telecom.broadband
Tony Mountifield
external usenet poster
 
Posts: 45
Default Draytek Vigor 2860 and IPv6

In article . uk,
Angus Robertson - Magenta Systems Ltd wrote:
I then looked in the router config under Firewall-General Setup.
I found a pair of checkboxes "Block routing connections initiated
from WAN [] IPv4 [] IPv6". I had a tick in IPv6, so I unticked it
and clicked OK.


Thanks, I'd already untick the IPv6 box, did not make any difference for
external routing, unfortunately.

The Draytek syslog does not seem to log any incoming IPv6 traffic either, even
when a ping is returned, but does log 'virtual server' traffic from outside
IPv4 addresses using port forwarding.


Who is your ISP?

If you would like, I'm happy to help by comparing configs. Email me if so.

Cheers
Tony
--
Tony Mountifield
Work: - http://www.softins.co.uk
Play: - http://tony.mountifield.org
  #5  
Old February 7th 19, 02:56 PM posted to uk.telecom.broadband
Tony Mountifield
external usenet poster
 
Posts: 45
Default Draytek Vigor 2860 and IPv6

In article . uk,
Angus Robertson - Magenta Systems Ltd wrote:
Who is your ISP?


My ISP is Merula, on a par with A&A for technical support, I also have hosted
rack servers in their own premises with IPv6.

But this is not an ISP issue, IPv6 is working to the Vigor router, I can ping
it, but not through it.

Like IPv6 support (if any) in many routers, IPv6 documentation and FAQs are
sparse for the Vigor, some relating to extinct Sixxs services.


I didn't think it was an ISP issue, just wondering for completeness.

Maybe a silly question, but the internal IPv6 box isn't itself firewalling off
the outside ping or connection attempts?

Cheers
Tony
--
Tony Mountifield
Work: - http://www.softins.co.uk
Play: - http://tony.mountifield.org
  #6  
Old February 7th 19, 06:33 PM posted to uk.telecom.broadband
Angus Robertson - Magenta Systems Ltd
external usenet poster
 
Posts: 107
Default Draytek Vigor 2860 and IPv6

Who is your ISP?

My ISP is Merula, on a par with A&A for technical support, I also have hosted
rack servers in their own premises with IPv6.

But this is not an ISP issue, IPv6 is working to the Vigor router, I can ping
it, but not through it.

Like IPv6 support (if any) in many routers, IPv6 documentation and FAQs are
sparse for the Vigor, some relating to extinct Sixxs services.

Angus

  #7  
Old February 7th 19, 06:33 PM posted to uk.telecom.broadband
Angus Robertson - Magenta Systems Ltd
external usenet poster
 
Posts: 107
Default Draytek Vigor 2860 and IPv6

Maybe a silly question, but the internal IPv6 box isn't itself
firewalling off the outside ping or connection attempts?


No, the IPv6 web server is accessible from other PCs on the network using it's
outside address.

Which is actually an annoyance, because I'm trying to make it order a domain
validated SSL certificate and my application thinks IPv6 is OK, whereas port
forwarding on the Draytek means accessing the external IPv4 addresses tests the
routing to the internal server so I know the domain will validate OK.

This is all much easier on the hosted servers since my IP blocks are layer 2
bridged between LAN and WAN by the firewall, and ports and IP ranges blocked.

Angus
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ipv6 dhcp on Technicolor TG582n FTTC Ian uk.telecom.broadband (UK broadband) 9 June 2nd 16 10:02 PM
IPv6 Andy Burns[_2_] uk.telecom.broadband (UK broadband) 2 September 25th 15 02:02 PM
Virgin Media and IPV6 Optimist uk.telecom.broadband (UK broadband) 44 January 8th 15 12:25 PM
Hurricane Electric IPv6 tunnels on FTTC ? Andrew Benham uk.telecom.broadband (UK broadband) 5 July 7th 11 08:44 PM
IPv6 and router choice Timothy Baldwin uk.telecom.broadband (UK broadband) 8 June 5th 04 11:09 PM


All times are GMT +1. The time now is 06:58 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.