No more ipv6 in Singtel home 1G fibre broadband?

X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
xiaofan said:
It is strange that I can not get pfSense and OPNsense working with Singtel DHCPv6 native IPv6.

There are very few recent IPv6 configuration video for pfSense. But there are a few videos for IPv6 configuration for OPNsense.

I will try a bit more.
Click to expand...

Finally got pfSense to work with SIngtel DHCP IPv6.

LAN2 setting is very much the same as LAN, just need to use a different IPv6 Prefix ID compared to LAN -- I use 1.

Good thing is that loal Unbound DNS server and pfBlockerNG-devel work perfectly with IPv6 and I do not see DNS leaks and differences in Ads blocking test results.

1) WAN IPv6 Settings

knEq5D4.png


2) LAN IPv6 Settings

zyFtKj3.png


bGbfyPF.png


3) LAN2 IPv6 Settings are very much similar to LAN.

vIgF2hW.png


vIgF2hW.png


4) LAN DHCPv6 Server & RA settings

ZxPIe4k.png


5GLqsou.png


5) LAN2 DHCPv6 Server & RA settings

RA Setting is exactly the same as LAN, so I skip it.

HzqgmXy.png
 
Last edited:
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
Using Asus router and wireless connection in the below test.

Router: Asus RT-AX86U router
Wireless client: Acer Windows 11 computer with Intel AX201 WiFi 6 adapter
Singtel 1Gbps plan, Singtel native IPv6 (dual stack) with DHCPv6

IPv6 is worse with s.taobao.com.

Code: 
PS C:\work\speedtest> ping ipv4.google.com

Pinging ipv4.l.google.com [172.217.194.139] with 32 bytes of data:
Reply from 172.217.194.139: bytes=32 time=4ms TTL=105
Reply from 172.217.194.139: bytes=32 time=8ms TTL=105
Reply from 172.217.194.139: bytes=32 time=9ms TTL=105
Reply from 172.217.194.139: bytes=32 time=8ms TTL=105

Ping statistics for 172.217.194.139:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 9ms, Average = 7ms
PS C:\work\speedtest> ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c04::64] with 32 bytes of data:
Reply from 2404:6800:4003:c04::64: time=4ms
Reply from 2404:6800:4003:c04::64: time=6ms
Reply from 2404:6800:4003:c04::64: time=7ms
Reply from 2404:6800:4003:c04::64: time=6ms

Ping statistics for 2404:6800:4003:c04::64:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 7ms, Average = 5ms
PS C:\work\speedtest> ping -4 s.taobao.com

Pinging v6-sh-sz-zb.wagbridge.alibaba.taobao.com.gds.alibabadns.com [59.82.122.10] with 32 bytes of data:
Reply from 59.82.122.10: bytes=32 time=89ms TTL=82
Reply from 59.82.122.10: bytes=32 time=89ms TTL=82
Reply from 59.82.122.10: bytes=32 time=90ms TTL=82
Reply from 59.82.122.10: bytes=32 time=90ms TTL=82

Ping statistics for 59.82.122.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 90ms, Average = 89ms
PS C:\work\speedtest> ping -6 s.taobao.com

Pinging v6-sh-sz-zb.wagbridge.alibaba.taobao.com.gds.alibabadns.com [2408:4001:f00::1a8] with 32 bytes of data:
Reply from 2408:4001:f00::1a8: time=87ms
Reply from 2408:4001:f00::1a8: time=95ms
Reply from 2408:4001:f00::1a8: time=185ms
Reply from 2408:4001:f00::1a8: time=195ms

Ping statistics for 2408:4001:f00::1a8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 195ms, Average = 140ms
PS C:\work\speedtest> ping -6 s.taobao.com

Pinging v6-sh-sz-zb.wagbridge.alibaba.taobao.com.gds.alibabadns.com [2408:4001:f00::1a8] with 32 bytes of data:
Reply from 2408:4001:f00::1a8: time=270ms
Reply from 2408:4001:f00::1a8: time=172ms
Reply from 2408:4001:f00::1a8: time=188ms
Reply from 2408:4001:f00::1a8: time=202ms

Ping statistics for 2408:4001:f00::1a8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 172ms, Maximum = 270ms, Average = 208ms
PS C:\work\speedtest> ping -4 s.taobao.com

Pinging v6-sh-sz-zb.wagbridge.alibaba.taobao.com.gds.alibabadns.com [59.82.122.10] with 32 bytes of data:
Reply from 59.82.122.10: bytes=32 time=87ms TTL=82
Reply from 59.82.122.10: bytes=32 time=90ms TTL=82
Reply from 59.82.122.10: bytes=32 time=90ms TTL=82
Reply from 59.82.122.10: bytes=32 time=88ms TTL=82

Ping statistics for 59.82.122.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 90ms, Average = 88ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
No differences between IPv6 and IPv4 for Google DNS and Cloudflare DNS.

Code: 
PS C:\work\speedtest> ping -4 cloudflaredns.com
Ping request could not find host cloudflaredns.com. Please check the name and try again.
PS C:\work\speedtest> ping -4 dns.cloudflare.com

Pinging dns.cloudflare.com [104.16.133.229] with 32 bytes of data:
Reply from 104.16.133.229: bytes=32 time=39ms TTL=51
Reply from 104.16.133.229: bytes=32 time=42ms TTL=51
Reply from 104.16.133.229: bytes=32 time=40ms TTL=51
Reply from 104.16.133.229: bytes=32 time=39ms TTL=51

Ping statistics for 104.16.133.229:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 42ms, Average = 40ms
PS C:\work\speedtest> ping -6 dns.cloudflare.com

Pinging dns.cloudflare.com [2606:4700::6810:85e5] with 32 bytes of data:
Reply from 2606:4700::6810:85e5: time=37ms
Reply from 2606:4700::6810:85e5: time=42ms
Reply from 2606:4700::6810:85e5: time=42ms
Reply from 2606:4700::6810:85e5: time=38ms

Ping statistics for 2606:4700::6810:85e5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 42ms, Average = 39ms
PS C:\work\speedtest> ping -4 dns.google.com

Pinging dns.google.com [8.8.8.8] with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=5ms TTL=114
Reply from 8.8.8.8: bytes=32 time=6ms TTL=114
Reply from 8.8.8.8: bytes=32 time=10ms TTL=114
Reply from 8.8.8.8: bytes=32 time=4ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 10ms, Average = 6ms
PS C:\work\speedtest> ping -6 dns.google.com

Pinging dns.google.com [2001:4860:4860::8844] with 32 bytes of data:
Reply from 2001:4860:4860::8844: time=4ms
Reply from 2001:4860:4860::8844: time=4ms
Reply from 2001:4860:4860::8844: time=4ms
Reply from 2001:4860:4860::8844: time=5ms

Ping statistics for 2001:4860:4860::8844:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 5ms, Average = 4ms
PS C:\work\speedtest> ping -6 dns.google.com

Pinging dns.google.com [2001:4860:4860::8844] with 32 bytes of data:
Reply from 2001:4860:4860::8844: time=5ms
Reply from 2001:4860:4860::8844: time=7ms
Reply from 2001:4860:4860::8844: time=6ms
Reply from 2001:4860:4860::8844: time=7ms

Ping statistics for 2001:4860:4860::8844:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 7ms, Average = 6ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
IPv6 is better than IPv4 for Adguard DNS.
IPv6 is worse than IPv4 for ControlD DNS.

Code: 
PS C:\work\speedtest> ping -4 dns.adguard.com

Pinging dns.adguard.com [94.140.15.15] with 32 bytes of data:
Reply from 94.140.15.15: bytes=32 time=282ms TTL=42
Request timed out.
Reply from 94.140.15.15: bytes=32 time=301ms TTL=42
Reply from 94.140.15.15: bytes=32 time=306ms TTL=42

Ping statistics for 94.140.15.15:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 282ms, Maximum = 306ms, Average = 296ms
PS C:\work\speedtest> ping -6 dns.adguard.com

Pinging dns.adguard.com [2a10:50c0::ad2:ff] with 32 bytes of data:
Reply from 2a10:50c0::ad2:ff: time=214ms
Reply from 2a10:50c0::ad2:ff: time=230ms
Reply from 2a10:50c0::ad2:ff: time=239ms
Reply from 2a10:50c0::ad2:ff: time=242ms

Ping statistics for 2a10:50c0::ad2:ff:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 214ms, Maximum = 242ms, Average = 231ms
PS C:\work\speedtest> ping -4 dns.controld.com

Pinging dns.controld.com [76.76.2.22] with 32 bytes of data:
Reply from 76.76.2.22: bytes=32 time=41ms TTL=47
Reply from 76.76.2.22: bytes=32 time=41ms TTL=47
Reply from 76.76.2.22: bytes=32 time=42ms TTL=47
Reply from 76.76.2.22: bytes=32 time=43ms TTL=47

Ping statistics for 76.76.2.22:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 43ms, Average = 41ms
PS C:\work\speedtest> ping -6 dns.controld.com

Pinging dns.controld.com [2606:1a40::22] with 32 bytes of data:
Reply from 2606:1a40::22: time=225ms
Reply from 2606:1a40::22: time=180ms
Reply from 2606:1a40::22: time=181ms
Reply from 2606:1a40::22: time=179ms

Ping statistics for 2606:1a40::22:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 179ms, Maximum = 225ms, Average = 191ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
More tests for some DNS servers.

No differences for Cisco OpenDNS FamilyShield and Cloudflare Family DNS.
IPv6 is much better for Quad9 DNS server.

Code: 
PS C:\work\speedtest> ping -4 doh.familyshield.opendns.com

Pinging doh.familyshield.opendns.com [146.112.41.3] with 32 bytes of data:
Reply from 146.112.41.3: bytes=32 time=36ms TTL=50
Reply from 146.112.41.3: bytes=32 time=42ms TTL=50
Reply from 146.112.41.3: bytes=32 time=41ms TTL=50
Reply from 146.112.41.3: bytes=32 time=42ms TTL=50

Ping statistics for 146.112.41.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 42ms, Average = 40ms
PS C:\work\speedtest> ping -6 doh.familyshield.opendns.com

Pinging doh.familyshield.opendns.com [2620:119:fc::3] with 32 bytes of data:
Reply from 2620:119:fc::3: time=37ms
Reply from 2620:119:fc::3: time=38ms
Reply from 2620:119:fc::3: time=40ms
Reply from 2620:119:fc::3: time=40ms

Ping statistics for 2620:119:fc::3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 40ms, Average = 38ms
PS C:\work\speedtest> ping -4 family.cloudflare-dns.com

Pinging family.cloudflare-dns.com [1.0.0.3] with 32 bytes of data:
Reply from 1.0.0.3: bytes=32 time=40ms TTL=51
Reply from 1.0.0.3: bytes=32 time=43ms TTL=51
Reply from 1.0.0.3: bytes=32 time=41ms TTL=51
Reply from 1.0.0.3: bytes=32 time=45ms TTL=51

Ping statistics for 1.0.0.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 45ms, Average = 42ms
PS C:\work\speedtest> ping -6 family.cloudflare-dns.com

Pinging family.cloudflare-dns.com [2606:4700:4700::1113] with 32 bytes of data:
Reply from 2606:4700:4700::1113: time=38ms
Reply from 2606:4700:4700::1113: time=40ms
Reply from 2606:4700:4700::1113: time=41ms
Reply from 2606:4700:4700::1113: time=40ms

Ping statistics for 2606:4700:4700::1113:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 41ms, Average = 39ms
PS C:\work\speedtest> ping -4 dns.quad9.net

Pinging dns.quad9.net [9.9.9.9] with 32 bytes of data:
Reply from 9.9.9.9: bytes=32 time=39ms TTL=51
Reply from 9.9.9.9: bytes=32 time=43ms TTL=51
Reply from 9.9.9.9: bytes=32 time=40ms TTL=51
Reply from 9.9.9.9: bytes=32 time=40ms TTL=51

Ping statistics for 9.9.9.9:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 43ms, Average = 40ms
PS C:\work\speedtest> ping -6 dns.quad9.net

Pinging dns.quad9.net [2620:fe::9] with 32 bytes of data:
Reply from 2620:fe::9: time=4ms
Reply from 2620:fe::9: time=8ms
Reply from 2620:fe::9: time=6ms
Reply from 2620:fe::9: time=8ms

Ping statistics for 2620:fe::9:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 8ms, Average = 6ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
Last test today: no differences here. And no differences from previous tests using 6rd.

Code: 
PS C:\work\speedtest> ping -4 tserv1.sin1.he.net

Pinging tserv1.sin1.he.net [216.218.221.42] with 32 bytes of data:
Reply from 216.218.221.42: bytes=32 time=37ms TTL=52
Reply from 216.218.221.42: bytes=32 time=38ms TTL=52
Reply from 216.218.221.42: bytes=32 time=39ms TTL=52
Reply from 216.218.221.42: bytes=32 time=38ms TTL=52

Ping statistics for 216.218.221.42:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 39ms, Average = 38ms
PS C:\work\speedtest> ping -6 tserv1.sin1.he.net

Pinging tserv1.sin1.he.net [2001:470:0:17c::2] with 32 bytes of data:
Reply from 2001:470:0:17c::2: time=38ms
Reply from 2001:470:0:17c::2: time=40ms
Reply from 2001:470:0:17c::2: time=40ms
Reply from 2001:470:0:17c::2: time=38ms

Ping statistics for 2001:470:0:17c::2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 40ms, Average = 39ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
No idea why it is no bad with ping for www.google.com, no matter using IPv4 or IPv6.

Windows 11 does prefer IPv6 when it is available.

Router: Asus RT-AX86U router
Wireless client: Acer Windows 11 computer with Intel AX201 WiFi 6 adapter
Singtel 1Gbps plan, Singtel native IPv6 (dual stack) with DHCPv6

Code: 
PS C:\work> nslookup www.google.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4008:806::2004
          142.250.64.228

PS C:\work> ping www.google.com

Pinging www.google.com [2607:f8b0:4008:806::2004] with 32 bytes of data:
Reply from 2607:f8b0:4008:806::2004: time=246ms
Reply from 2607:f8b0:4008:806::2004: time=221ms
Reply from 2607:f8b0:4008:806::2004: time=263ms
Reply from 2607:f8b0:4008:806::2004: time=274ms

Ping statistics for 2607:f8b0:4008:806::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 221ms, Maximum = 274ms, Average = 251ms

PS C:\work> ping -4 www.google.com

Pinging www.google.com [142.250.64.228] with 32 bytes of data:
Reply from 142.250.64.228: bytes=32 time=307ms TTL=108
Reply from 142.250.64.228: bytes=32 time=230ms TTL=108
Reply from 142.250.64.228: bytes=32 time=229ms TTL=108
Reply from 142.250.64.228: bytes=32 time=235ms TTL=108

Ping statistics for 142.250.64.228:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 229ms, Maximum = 307ms, Average = 250ms

PS C:\work> ping -6 www.google.com

Pinging www.google.com [2607:f8b0:4008:806::2004] with 32 bytes of data:
Reply from 2607:f8b0:4008:806::2004: time=289ms
Reply from 2607:f8b0:4008:806::2004: time=297ms
Reply from 2607:f8b0:4008:806::2004: time=222ms
Reply from 2607:f8b0:4008:806::2004: time=319ms

Ping statistics for 2607:f8b0:4008:806::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 222ms, Maximum = 319ms, Average = 281ms
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
Interesting experiment to see if the ISPs are interested in IPv6 or not.

It seems only M1 is really interested in IPv6.

Code: 
PS C:\work> nslookup www.singtel.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    6w6nks5.x.incapdns.net
Address:  45.60.35.24
Aliases:  www.singtel.com

PS C:\work> nslookup singtel.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    singtel.com
Addresses:  45.60.35.24
          45.60.33.24

PS C:\work> nslookup singnet.com.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    singnet.com.sg
Address:  202.40.249.81

PS C:\work> nslookup www.starhub.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    u29kuia.impervadns.net
Address:  45.60.79.198
Aliases:  www.starhub.com

PS C:\work> nslookup starhub.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    starhub.com
Addresses:  45.60.76.198
          45.60.79.198

PS C:\work> nslookup www.m1.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.m1.com
Addresses:  2620:12a:8001::3
          2620:12a:8000::3
          23.185.0.3

PS C:\work> nslookup www.myrepublic.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.myrepublic.com
Address:  209.97.49.204

PS C:\work> nslookup viewquest.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    viewquest.com
Address:  185.53.177.31

PS C:\work> nslookup whizcomms.com.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    whizcomms.com.sg
Address:  43.245.96.64

PS C:\work> nslookup simba.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    simba.sg
Address:  210.10.12.91
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
Another experiment with www.gov.sg and 6 local universities.

Code: 
PS C:\work> nslookup gov.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    gov.sg
Addresses:  2404:5800:105:153::2
          13.248.131.96
          76.223.1.167

PS C:\work> nslookup www.ntu.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.ntu.edu.sg
Address:  104.16.4.14

PS C:\work> nslookup www.nus.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    mgnzsqc.x.incapdns.net
Address:  45.60.35.225
Aliases:  www.nus.edu.sg

PS C:\work> nslookup www.smu.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.smu.edu.sg
Addresses:  103.28.249.14
          45.64.64.148

PS C:\work> nslookup www.sutd.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    uzh8ekc.x.incapdns.net
Address:  45.60.67.5
Aliases:  www.sutd.edu.sg

PS C:\work> nslookup www.suss.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    part-0031.t-0009.t-msedge.net
Addresses:  2620:1ec:46::59
          2620:1ec:bdf::59
          13.107.213.59
          13.107.246.59
Aliases:  www.suss.edu.sg
          suss-prod-cdn.azureedge.net
          suss-prod-cdn.afd.azureedge.net
          star-azureedge-prod.trafficmanager.net
          shed.dual-low.part-0031.t-0009.t-msedge.net

PS C:\work> nslookup www.singaporetech.edu.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    pqcbi.x.incapdns.net
Address:  45.60.79.92
Aliases:  www.singaporetech.edu.sg
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
xiaofan said:
No idea why it is no bad with ping for www.google.com, no matter using IPv4 or IPv6.

Windows 11 does prefer IPv6 when it is available.

Router: Asus RT-AX86U router
Wireless client: Acer Windows 11 computer with Intel AX201 WiFi 6 adapter
Singtel 1Gbps plan, Singtel native IPv6 (dual stack) with DHCPv6

Code: 
PS C:\work> nslookup www.google.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4008:806::2004
          142.250.64.228

PS C:\work> ping www.google.com

Pinging www.google.com [2607:f8b0:4008:806::2004] with 32 bytes of data:
Reply from 2607:f8b0:4008:806::2004: time=246ms
Reply from 2607:f8b0:4008:806::2004: time=221ms
Reply from 2607:f8b0:4008:806::2004: time=263ms
Reply from 2607:f8b0:4008:806::2004: time=274ms

Ping statistics for 2607:f8b0:4008:806::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 221ms, Maximum = 274ms, Average = 251ms

PS C:\work> ping -4 www.google.com

Pinging www.google.com [142.250.64.228] with 32 bytes of data:
Reply from 142.250.64.228: bytes=32 time=307ms TTL=108
Reply from 142.250.64.228: bytes=32 time=230ms TTL=108
Reply from 142.250.64.228: bytes=32 time=229ms TTL=108
Reply from 142.250.64.228: bytes=32 time=235ms TTL=108

Ping statistics for 142.250.64.228:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 229ms, Maximum = 307ms, Average = 250ms

PS C:\work> ping -6 www.google.com

Pinging www.google.com [2607:f8b0:4008:806::2004] with 32 bytes of data:
Reply from 2607:f8b0:4008:806::2004: time=289ms
Reply from 2607:f8b0:4008:806::2004: time=297ms
Reply from 2607:f8b0:4008:806::2004: time=222ms
Reply from 2607:f8b0:4008:806::2004: time=319ms

Ping statistics for 2607:f8b0:4008:806::2004:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 222ms, Maximum = 319ms, Average = 281ms
Click to expand...

Looks like a temporary issue. Now it is okay. But IPv6 seems to be a bit worse than IPv4 (with a few rounds of tests).

Code: 
PS C:\work> ping -4 www.google.com

Pinging www.google.com [142.251.10.99] with 32 bytes of data:
Reply from 142.251.10.99: bytes=32 time=4ms TTL=54
Reply from 142.251.10.99: bytes=32 time=7ms TTL=54
Reply from 142.251.10.99: bytes=32 time=7ms TTL=54
Reply from 142.251.10.99: bytes=32 time=10ms TTL=54

Ping statistics for 142.251.10.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 10ms, Average = 7ms

PS C:\work> ping -6 www.google.com

Pinging www.google.com [2404:6800:4003:c01::69] with 32 bytes of data:
Reply from 2404:6800:4003:c01::69: time=4ms
Reply from 2404:6800:4003:c01::69: time=50ms
Reply from 2404:6800:4003:c01::69: time=6ms
Reply from 2404:6800:4003:c01::69: time=21ms

Ping statistics for 2404:6800:4003:c01::69:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 50ms, Average = 20ms
 
B

bert64

Senior Member
Joined
Jan 20, 2020
Messages
1,027
Reaction score
537
xiaofan said:
Finally got pfSense to work with SIngtel DHCP IPv6.

LAN2 setting is very much the same as LAN, just need to use a different IPv6 Prefix ID compared to LAN -- I use 1.
Click to expand...
Seems they give you a proper /56, unlike the other providers.

You can also setup DHCPv6 server with PD, so you can delegate prefixes to downstream routers, that way you can have multiple routers in sequence without double NAT at least for v6.

In theory their ONR should also be able to do this, so you'd be able to add another router behind it and get routable v6, although legacy traffic would still be encumbered by double nat. Whether they configure the ONR to support this is another matter.

With cgnat, double or even triple nat is the norm and consumer providers will all be heading this way sooner or later since it's much more profitable to sell their legacy address space to amazon/microsoft then provide it to low margin home users.
 
Last edited:
B

bert64

Senior Member
Joined
Jan 20, 2020
Messages
1,027
Reaction score
537
xiaofan said:
Interesting experiment to see if the ISPs are interested in IPv6 or not.

It seems only M1 is really interested in IPv6.

Code: 
PS C:\work> nslookup www.singtel.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    6w6nks5.x.incapdns.net
Address:  45.60.35.24
Aliases:  www.singtel.com

PS C:\work> nslookup singtel.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    singtel.com
Addresses:  45.60.35.24
          45.60.33.24

PS C:\work> nslookup singnet.com.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    singnet.com.sg
Address:  202.40.249.81

PS C:\work> nslookup www.starhub.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    u29kuia.impervadns.net
Address:  45.60.79.198
Aliases:  www.starhub.com

PS C:\work> nslookup starhub.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    starhub.com
Addresses:  45.60.76.198
          45.60.79.198

PS C:\work> nslookup www.m1.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.m1.com
Addresses:  2620:12a:8001::3
          2620:12a:8000::3
          23.185.0.3

PS C:\work> nslookup www.myrepublic.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    www.myrepublic.com
Address:  209.97.49.204

PS C:\work> nslookup viewquest.com
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    viewquest.com
Address:  185.53.177.31

PS C:\work> nslookup whizcomms.com.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    whizcomms.com.sg
Address:  43.245.96.64

PS C:\work> nslookup simba.sg
Server:  debian12ct
Address:  192.168.50.6

Non-authoritative answer:
Name:    simba.sg
Address:  210.10.12.91
Click to expand...

They are often using third party CDNs, and incapsula is the only one that doesn't enable v6 by default.

This gets exceptionally annoying in places where you're stuck with CGNAT, as you get bombarded with captcha requests or outright blocked from the site.
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
bert64 said:
Seems they give you a proper /56, unlike the other providers.

You can also setup DHCPv6 server with PD, so you can delegate prefixes to downstream routers, that way you can have multiple routers in sequence without double NAT at least for v6.

In theory their ONR should also be able to do this, so you'd be able to add another router behind it and get routable v6, although legacy traffic would still be encumbered by double nat. Whether they configure the ONR to support this is another matter.

With cgnat, double or even triple nat is the norm and consumer providers will all be heading this way sooner or later since it's much more profitable to sell their legacy address space to amazon/microsoft then provide it to low margin home users.
Click to expand...

Indeed.

I just changed my Asus RT-AX82U (behind an OpenWRT 23.05 router) from AP mode to router mode (Double NAT for IPv4) and enabled the IPv6 on the RT-AX82U router.

From the following traceroute output (from a Windows 11 wireless client of RT-AX82U), we can clearly see that IPv4 traffic goes through Double NAT whereas IPv6 traffic does not.

Code: 
PS C:\work> tracert ipv6.google.com

Tracing route to ipv6.l.google.com [2404:6800:4003:c02::8a]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  RT-AX82U-83E0 [2400:d802:xxxx:1301::1] (RT-AX82U)
  2     4 ms     5 ms     2 ms  2400:d802:xxxx:1300::1 (OpenWRT)
  3     8 ms     6 ms     4 ms  2400:d802:1:606:: (Singtel)
  4    23 ms     4 ms     4 ms  2001:c20:3c00::6
  5     4 ms     3 ms     4 ms  2001:c20:3c00::7
  6     7 ms     3 ms     4 ms  2001:c20:0:3::35
  7     4 ms   118 ms     4 ms  2001:c20:0:3::a
  8     4 ms    24 ms     4 ms  2001:c10:80:2::a21
  9    13 ms     9 ms     5 ms  2001:c10:80:2::915
 10     8 ms     5 ms     4 ms  2001:c10:80:1::a75
 11     4 ms     4 ms    56 ms  2001:4860:1:1:0:1d31:0:20
 12    28 ms     5 ms     6 ms  2001:4860:0:1008::e
 13    13 ms    23 ms    32 ms  2001:4860::c:4003:1c94
 14     6 ms     6 ms     5 ms  2001:4860::cc:4000:fa63
 15     8 ms     5 ms     6 ms  2001:4860:0:1::d9
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     7 ms     5 ms     5 ms  sc-in-f138.1e100.net [2404:6800:4003:c02::8a]

Trace complete.

PS C:\work> tracert ipv4.google.com

Tracing route to ipv4.l.google.com [142.251.175.138]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  RT-AX82U-83E0 [192.168.55.1] (RT-AX82U, Double NAT)
  2     4 ms     1 ms     1 ms  192.168.28.1 (OpenWRT, NAT)
  3    13 ms     3 ms     5 ms  bb121-x-xx-254.singnet.com.sg [121.x.xx.254] (Singtel)
  4    41 ms    14 ms     4 ms  165.21.193.22
  5    74 ms     4 ms     3 ms  165.21.193.21
  6     6 ms     4 ms     6 ms  165.21.138.245
  7     4 ms     3 ms     4 ms  SN-SINQT1-BO403-ae1.singnet.com.sg [165.21.138.85]
  8     4 ms     4 ms     3 ms  203.208.177.213
  9     4 ms     5 ms     4 ms  xn-lhrcl1-bo706.ix.singtel.com [203.208.183.81]
 10    13 ms     4 ms     4 ms  203.208.158.9
 11     5 ms     9 ms     4 ms  72.14.210.117
 12     8 ms     5 ms     5 ms  74.125.242.34
 13    44 ms     7 ms     5 ms  72.14.234.96
 14     6 ms     4 ms     5 ms  209.85.250.141
 15     6 ms     7 ms     5 ms  142.251.247.207
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     6 ms     5 ms     5 ms  sh-in-f138.1e100.net [142.251.175.138]

Trace complete.

OpenWRT IPv6 related settings.
Code: 
root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd50:64a0:e3e0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.28.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list ip6class 'wan6'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix '56'
        option peerdns '0'
        list dns '2606:4700:4700::1113'
        list dns '2606:4700:4700::1003'
        list dns '2620:fe::fe'
        list dns '2620:fe::10'
        list dns '1.1.1.3'
        list dns '1.0.0.3'
        list dns '9.9.9.9'
        list dns '9.9.9.10'

root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        option serversfile '/var/run/adblock-fast/dnsmasq.servers'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
OpenWRT WAN6 status:
Code: 
Protocol: DHCPv6 client
Uptime: 4h 2m 45s
MAC: xx:xx:xx:xx:xx:xx
RX: 5.59 GB (3915466 Pkts.)
TX: 3.45 GB (3695034 Pkts.)
IPv6: 2400:d802:xxxx::1:6250/128
IPv6-PD: 2400:d802:yyyy:zzzz::/56

OpenWRT LAN status:
Code: 
Protocol: Static address
Uptime: 4h 4m 59s
MAC: xx:xx:xx:xx:xx:xx
RX: 1.01 GB (1137992 Pkts.)
TX: 1.91 GB (1646273 Pkts.)
IPv4: 192.168.28.1/24
IPv6: 2400:d802:yyyy:zzzz::1/60

OpenWRT default Firewall rules have IPv6 related settings.

Code: 
root@OpenWrt:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone 'lan'
        option name 'lan'
        option network 'lan wg_lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone 'wan'
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
 
Last edited:
Henry Ng

Henry Ng

Arch-Supremacy Member
HWZ Insider
Joined
Aug 9, 2011
Messages
16,937
Reaction score
928
xiaofan said:
OpenWRT WAN6 status:
Code: 
Protocol: DHCPv6 client
Uptime: 4h 2m 45s
MAC: xx:xx:xx:xx:xx:xx
RX: 5.59 GB (3915466 Pkts.)
TX: 3.45 GB (3695034 Pkts.)
IPv6: 2400:d802:xxxx::1:6250/128
IPv6-PD: 2400:d802:yyyy:zzzz::/56

OpenWRT LAN status:
Code: 
Protocol: Static address
Uptime: 4h 4m 59s
MAC: xx:xx:xx:xx:xx:xx
RX: 1.01 GB (1137992 Pkts.)
TX: 1.91 GB (1646273 Pkts.)
IPv4: 192.168.28.1/24
IPv6: 2400:d802:yyyy:zzzz::1/60

OpenWRT default Firewall rules have IPv6 related settings.

Code: 
root@OpenWrt:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone 'lan'
        option name 'lan'
        option network 'lan wg_lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone 'wan'
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
Click to expand...
Hi,
You are using 10Gbps network or 1Gbps only?
 
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
This is another IPv4 Double NAT case, OpenWRT router behind Asus RT-AX86U.

Asus RT-AX86U router -- OpenWRT 23.05 VM (Intel N100 mini PC, PVE 8.0) -- OpenWRT dumb AP (Linksys EA7500 v2).

OpenWRT 23.05 VM settings: WAN6 will have /64 IPv6 allocation but not LAN.

Code: 
root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdae:4ff6:d9f5::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.60.1'
        option netmask '255.255.255.0'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        option delegate '0'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'
        option interface 'wan6'
        option reqaddress 'try'
        option reqprefix 'auto'
    
root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        list server '127.0.0.1#5053'
        list server '127.0.0.1#5054'
        list server '127.0.0.1#5055'
        option doh_backup_noresolv '-1'
        option noresolv '1'
        list doh_backup_server '/mask.icloud.com/'
        list doh_backup_server '/mask-h2.icloud.com/'
        list doh_backup_server '/use-application-dns.net/'
        list doh_backup_server '127.0.0.1#5053'
        list doh_backup_server '127.0.0.1#5054'
        list doh_server '127.0.0.1#5053'
        list doh_server '127.0.0.1#5054'
        list doh_server '127.0.0.1#5055'
        option serversfile '/var/run/adblock-fast/dnsmasq.servers'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'wan6'
        option interface 'wan6'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'relay'
        option master '1'
        option ignore '1'

Wireless client of the OpenWRT AP has IPv6: Acer Windows 11 laptop in this test.

Code: 
PS C:\work> ping ipv6.google.com

Pinging ipv6.l.google.com [2404:6800:4003:c06::71] with 32 bytes of data:
Reply from 2404:6800:4003:c06::71: time=8ms
Reply from 2404:6800:4003:c06::71: time=6ms
Reply from 2404:6800:4003:c06::71: time=6ms
Reply from 2404:6800:4003:c06::71: time=7ms

Ping statistics for 2404:6800:4003:c06::71:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 6ms, Maximum = 8ms, Average = 6ms
 
Last edited:
Mach3.2

Mach3.2

Great Supremacy Member
HWZ Insider
Joined
Apr 8, 2011
Messages
72,403
Reaction score
2,459
X

xiaofan

High Supremacy Member
HWZ Insider
Joined
Sep 16, 2018
Messages
30,671
Reaction score
8,510
Mach3.2 said:
Not sure if this option is available in your Asus router settings, if you route a prefix shorter than /64 (e.g. /63 for 2 /64 subnets) to the upstream LAN, you can route additional /64 subnet(s) to your downstream router.

See DHCPv6 Prefix Delegation.
https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6.html
Click to expand...

Supposedly it is automatically done by enabling DHCP-PD.

If I do not enable DHCP-PD, then I can set up LAN Prefix Length to be between /56 to /64. However, then it asks me to set a valid LAN IPv6 Address which I can not do (dynamic IPv6 address).

Asus IPv6 settings are a bit limited.
https://www.asus.com/support/FAQ/113990

So far I find out OpenWRT to have the most comprehensive IPv6 settings, beating pfSense. But still I feel none of them have very good IPv6 documentations.
https://openwrt.org/docs/guide-user/network/ipv6/configuration
https://docs.netgate.com/pfsense/en/latest/interfaces/configure-ipv6.html

mFMP1Cl.png
 
You must log in or register to reply here.
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top