No more ipv6 in Singtel home 1G fibre broadband?

Mach3.2 · Nov 27, 2023

I think it's one of those pfsense peculiarities. They seem to hard code a /64 if you select the IPv6 config type to track interface with no way of changing it to a prefix length shorter than /64.

new_house · Nov 27, 2023

Newbie question,
What is the down side of ISP not supporting IpV6?

bert64 · Nov 27, 2023

new_house said:
Newbie question,
What is the down side of ISP not supporting IpV6?

IPv6 is the production version of IP designed for a global network, IPv4 was an experimental protocol designed for the ARPANET and cannot properly support a global network, such that you need all kinds of complex workarounds (eg NAT and others) to keep it limping along. These workarounds add complexity, cost, performance bottlenecks and security risks.

Without IPv6, an increasing number of sites will be inaccessible to you and some things won't work, other things may still work but in a degraded fashion.

Several governments including China and the US have policies of moving completely to IPv6 and eliminating IPv4.

new_house · Nov 27, 2023

bert64 said:
IPv6 is the production version of IP designed for a global network, IPv4 was an experimental protocol designed for the ARPANET and cannot properly support a global network, such that you need all kinds of complex workarounds (eg NAT and others) to keep it limping along. These workarounds add complexity, cost, performance bottlenecks and security risks.

Without IPv6, an increasing number of sites will be inaccessible to you and some things won't work, other things may still work but in a degraded fashion.

Several governments including China and the US have policies of moving completely to IPv6 and eliminating IPv4.

Understood. So in layman terms, the impact is that we will not be able to surf sites that uses ipv6 if the isp does not support it?

bert64 · Nov 27, 2023

new_house said:
Understood. So in layman terms, the impact is that we will not be able to surf sites that uses ipv6 if the isp does not support it?

Well yes if the site is ipv6-only, but also some sites/services that support both ipv4/ipv6 will perform in a degraded mode if forced to use ipv4.
Many hosting providers (including large ones such as aws) charge extra for ipv4 support too.

xiaofan · Nov 27, 2023

xiaofan said:
Now it seems to work fine with a fresh installation of pfSense CE 2.71 -- no packages installed, changed to Kea DHCP server.

I will not touch this for a while to see if it runs stable or not.

Unfortunately I hand-itchy and changed the LAN port from "Track Interface" to "DHCPv6" yesterday and it no longer worked after that even after I changed it back to "Track Interface".

I was hoping it to go back to working today but it is still the same.

xiaofan · Nov 28, 2023

xiaofan said:
Unfortunately I hand-itchy and changed the LAN port from "Track Interface" to "DHCPv6" yesterday and it no longer worked after that even after I changed it back to "Track Interface".

I was hoping it to go back to working today but it is still the same.

Then I switched to OPNsense a bit later yesterday m and it was the same -- not working.

However, I just checked again at 7:30pm today, it starts to work again. Now I will not change any settings and see if it is still working tomorrow.

WAN DHCPv6 and LAN settings:
https://forums.hardwarezone.com.sg/threads/opnsense-discussions.6943166/page-3#post-150259870

LAN DHCPv6 server and RA settings:
https://forums.hardwarezone.com.sg/threads/opnsense-discussions.6943166/page-3#post-150328982

Bash:

PS C:\Users\xiaof> cd c:\work\
PS C:\work> nslookup www.google.com
Server:  OPNsense.localdomain
Address:  2400:d802:xxxx:xxx0:xxxxxxxx:xxxx:xxxx

Name:    forcesafesearch.google.com
Addresses:  2001:4860:4802:32::78
          216.239.38.120
Aliases:  www.google.com

PS C:\work> ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c02::66] with 32 bytes of data:
Reply from 2404:6800:4003:c02::66: time=5ms
Reply from 2404:6800:4003:c02::66: time=8ms
Reply from 2404:6800:4003:c02::66: time=8ms
Reply from 2404:6800:4003:c02::66: time=8ms

Ping statistics for 2404:6800:4003:c02::66:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 8ms, Average = 7ms

Mach3.2 · Nov 28, 2023

xiaofan said:
However, I just checked again at 7:30pm today, it starts to work again. Now I will not change any settings and see if it is still working tomorrow.

I suspect my hunch is right; if you request for a prefix delegation one too many times, Singtel's DHCPv6 server will ignore any further requests for 24 hours. Same as M1.

I got around this by not releasing the DHCPv6 lease upon disconnection.

xiaofan · Nov 28, 2023

Mach3.2 said:
I suspect my hunch is right; if you request for a prefix delegation one too many times, Singtel's DHCPv6 server will ignore any further requests for 24 hours. Same as M1.

I got around this by not releasing the DHCPv6 lease upon disconnection.

I already enabled that on pfSense and OPNsense. I do not see that option for OpenWRT.

I will check this OPNsense for another two days to see if it is stable or not. Then I will check out pfSense.

xiaofan · Nov 29, 2023

xiaofan said:
I already enabled that on pfSense and OPNsense. I do not see that option for OpenWRT.

I will check this OPNsense for another two days to see if it is stable or not. Then I will check out pfSense.

OPNsense is still working fine today. So I will declare that OPNsense is fine with Singtel IPv6. I will try other routers before trying out pfSense which seems to be problematic with IPv6 judging from the reports from this forum (related to Starhub) and from the internet.

One interesting thing is that Tom Lawrence does not use IPv6 and never release videos on IPv6 with pfSense, even though he has produced tons of video covering many aspects of pfSense.

xiaofan · Nov 29, 2023

xiaofan said:
OPNsense is still working fine today. So I will declare that OPNsense is fine with Singtel IPv6. I will try other routers before trying out pfSense which seems to be problematic with IPv6 judging from the reports from this forum (related to Starhub) and from the internet.

One interesting thing is that Tom Lawrence does not use IPv6 and never release videos on IPv6 with pfSense, even though he has produced tons of video covering many aspects of pfSense.

Rebooting to OpenWRT and IPv6 does not really work. I will wait for tomorrow to see if is works at that time.

TanKianW · Nov 29, 2023

xiaofan said:
One interesting thing is that Tom Lawrence does not use IPv6 and never release videos on IPv6 with pfSense, even though he has produced tons of video covering many aspects of pfSense.

Idealist: IPV6 is the future! Live or Die!

Realist: Meh........

Guess which one Tom falls into??

xiaofan · Nov 29, 2023

TanKianW said:
Idealist: IPV6 is the future! Live or Die!

Realist: Meh........

Guess which one Tom falls into??

I think in the end more and more will use dual stack IPv4/IPv6 as there are some real benefits. But if there are still many major companies and websites using IPv4 (current situation and the situation may continue for many years), then you can continue to use IPv4 only.

Reference:
https://forums.hardwarezone.com.sg/...ibre-broadband.6006714/page-12#post-150282158

Some of the world's biggest companies which do not use IPv6 for the websites (in June 2022).

xiaofan · Nov 29, 2023

This is just for reference -- Singtel 6rd IPv6 (not native IPv6 using DHCPv6) settings for OpenWRT

Bash:

root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd50:64a0:e3e0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.28.1'
        option netmask '255.255.255.0'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'
        list dns '2606:4700:4700::1113'
        list dns '2620:fe::fe'
        option ip6assign '64'
        list ip6class 'wan6'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'
        option force_link '1'

config interface 'wan6'
        option proto '6rd'
        option peeraddr '202.166.127.6'
        option ip6prefix '2400:d803::'
        option ip6prefixlen '32'

config interface 'lan2'
        option proto 'static'
        option device 'eth2'
        option ipaddr '192.168.38.1'
        option netmask '255.255.255.0'
        option delegate '0'

config device
        option name 'eth1'

root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        option serversfile '/var/run/adblock-fast/dnsmasq.servers'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ndp 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'lan2'
        option interface 'lan2'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'wan6'
        option interface 'wan6'
        option ignore '1'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'
        option master '1'

Test results:

Bash:

PS C:\work> nslookup ipv6.google.com
Server:  UnKnown
Address:  fe80::xxxx:xxxx:xxxx:xxxx

Non-authoritative answer:
Name:    ipv6.l.google.com
Addresses:  2404:6800:4003:c1c::65
          2404:6800:4003:c1c::8a
          2404:6800:4003:c1c::8b
          2404:6800:4003:c1c::66
Aliases:  ipv6.google.com

PS C:\work> ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c1c::66] with 32 bytes of data:
Reply from 2404:6800:4003:c1c::66: time=6ms
Reply from 2404:6800:4003:c1c::66: time=9ms
Reply from 2404:6800:4003:c1c::66: time=8ms
Reply from 2404:6800:4003:c1c::66: time=9ms

Ping statistics for 2404:6800:4003:c1c::66:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 6ms, Maximum = 9ms, Average = 8ms

Mach3.2 · Nov 30, 2023

TanKianW said:
Idealist: IPV6 is the future! Live or Die!

Realist: Meh........

Guess which one Tom falls into??

Ya the idealist will roll in their graves when they see I'm using network prefix translation (NPTv6)

xiaofan · Nov 30, 2023

Mach3.2 said:
Ya the idealist will roll in their graves when they see I'm using network prefix translation (NPTv6)

Interesting. Just wondering what is your reason to use NPTv6. Is it because of multi-wan as mentioned by Netgate?

Reference:
https://docs.netgate.com/pfsense/en/latest/nat/npt.html
https://docs.paloaltonetworks.com/p...-nptv6#id0a9098a7-6237-422c-a4d6-9a3d3f4fc48a

Mach3.2 · Nov 30, 2023

xiaofan said:
Interesting. Just wondering what is your reason to use NPTv6. Is it because of multi-wan as mentioned by Netgate?

Reference:
https://docs.netgate.com/pfsense/en/latest/nat/npt.html
https://docs.paloaltonetworks.com/p...-nptv6#id0a9098a7-6237-422c-a4d6-9a3d3f4fc48a

Share the /64 prefix across multiple VLANs.

I don't like it too, but I guess that's just how it's gonna be until M1 starts to delegate a prefix shorter than /64.

xiaofan · Nov 30, 2023

xiaofan said:
Rebooting to OpenWRT and IPv6 does not really work. I will wait for tomorrow to see if is works at that time.

And it works with Singtel Native IPv6 (DHCPv6) after 24 hours. I will keep this running for 2 days and then switch to pfSense to see if it works or not.

My Windows 11 client will get two IPv6 addresses, one from DHCPv6 and the other one from SLAAC.

Code:

root@OpenWrt:~# cd /etc/config/
root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd50:64a0:e3e0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.28.1'
        option netmask '255.255.255.0'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'
        list dns '2606:4700:4700::1113'
        list dns '2620:fe::fe'
        option ip6assign '64'
        list ip6class 'wan6'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'
        option force_link '1'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'eth1'
        option reqaddress 'try'
        option reqprefix '56'

config interface 'lan2'
        option proto 'static'
        option device 'eth2'
        option ipaddr '192.168.38.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list ip6class 'wan6'
        option ip6ifaceid '::2'

root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        option serversfile '/var/run/adblock-fast/dnsmasq.servers'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ndp 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'lan2'
        option interface 'lan2'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'
        option dhcpv6 'server'
        option ndp 'relay'

config dhcp 'wan6'
        option interface 'wan6'
        option ignore '1'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'
        option master '1'

Test results:

Code:

PS C:\work> nslookup ipv6.google.com
Server:  UnKnown
Address:  2400:d802:xxxx:xx00::1

Non-authoritative answer:
Name:    ipv6.l.google.com
Addresses:  2404:6800:4003:c00::65
          2404:6800:4003:c00::71
          2404:6800:4003:c00::8b
          2404:6800:4003:c00::66
Aliases:  ipv6.google.com

PS C:\work> ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c00::65] with 32 bytes of data:
Reply from 2404:6800:4003:c00::65: time=30ms
Reply from 2404:6800:4003:c00::65: time=6ms
Reply from 2404:6800:4003:c00::65: time=8ms
Reply from 2404:6800:4003:c00::65: time=6ms

Ping statistics for 2404:6800:4003:c00::65:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 6ms, Maximum = 30ms, Average = 12ms

TanKianW · Nov 30, 2023

Mach3.2 said:
Share the /64 prefix across multiple VLANs.

I don't like it too, but I guess that's just how it's gonna be until M1 starts to delegate a prefix shorter than /64.

My main LAN for admin management and servers are running IPv4 on MR static IP and IPv6 from M1.

Sometimes this will even confused “what’s my ip” testing website.

Mach3.2 · Nov 30, 2023

TanKianW said:
My main LAN for admin management and servers are running IPv4 on MR static IP and M1 IPv6.

Sometimes this will even confused “what’s my ip” testing website.

MrRepublic has been looking into IPv6 since at least 2013 :spin:

No more ipv6 in Singtel home 1G fibre broadband?

Great Supremacy Member

Junior Member

Senior Member

Junior Member

Senior Member

High Supremacy Member

High Supremacy Member

Great Supremacy Member

High Supremacy Member

High Supremacy Member

High Supremacy Member

Supremacy Member

High Supremacy Member

High Supremacy Member

Great Supremacy Member

High Supremacy Member

Great Supremacy Member

High Supremacy Member

Supremacy Member

Great Supremacy Member