Page 1 of 1

IPv6 only setup help

Posted: Thu Feb 04, 2021 6:10 am
by JoshKelly
Hey all I need someone much smarter in networking to help me out please.

Recently with having to work from home I find the need to connect to my server remotely essential.
I can achieve this with a dns service like duckdns and a service that automatically updates my ip every so often because of the dynamic ip. My problem is port 80 and 443 I believe.

Problem starts with the lack of IPv4 addresses and most if not all isps using a cgnat unless you pay for a static ip. I use tmobile for service and they like most others are doing this.

So I cannot port forward port 80 and 443 because my understanding is this is blocked by default on cgnats.

So the solution I hear is IPv6. Which is now counter productive to what I have tried to achieve in disabling IPv6 on my wg1608.

My setup is a wg1608 with the em160 in dmz mode letting my er12 handle the actual routing, dhcp, dns etc...

My question is can I disabled IPv4 on the wg1608 and re-enable IPv6 with dmz mode still working and ttl settings working. I believe I have read where people have problems with IPv6 data showing as hotspot.

Basically I want my public IP to be a IPv6 on the wg1608 and have that passed to the er12 I think as the wan in? Would that allow me to keep all my internal addresses in the 192.168.1.xxx format in the er12?

Again sorry for my lack of knowledge on this and any help is greatly appreciated :)

Re: IPv6 only setup help

Posted: Sat Feb 13, 2021 9:03 pm
by Didneywhorl
WAYYYY over my head too. I hope someone swoops in with big brainz

Re: IPv6 only setup help

Posted: Mon Feb 15, 2021 7:02 am
by JoshKelly
I am on a journey right now trying to figure out a IPv6 tmobile setup. Currently what I think I have figured (I definitely could be wrong):

First off all of my testing is done with a wg1608 and we826. Modems tested are ep06 and em160. Tmobile plan tested is a magenta plus plan with 3 lines. All firmware is the latest from dairyman. Downstream router mentioned below is an edgerouter12.

1. T-Mobiles is exclusively IPv6 and uses ds-lite to give out IPv4 addresses to their customers. So most remote access is blocked for IPv4, ie ports 80, 443 etc...

2. T-mobile gives out a /64 prefix and a /128 unlike most ISPs that give out a /60 or /56. This /64 makes it difficult to hand over addresses to a downstream router from rooter.

3. Rooter does a great job at handling this /64 prefix and does prefix delegtion automatically. So if you have the latest firmware it should work right away I believe, at least it does for me. But like mentioned above a downstream router is difficult to configure and I've yet to figure this out.

I will let you know if I figure out the prefix delegation to a downstream router. If anyone else has this figured out already PLEASE let me know, I would greatly appreciate it!

Things I've tried:
Server mode
Relay mode
Hybrid mode
NDP proxy enable
Stateless
Stateful
Stateless+stateful

I have not tried a VLAN passed to the down stream router yet because I am not 100% certain I am handling prefix delegtion on the second router correctly yet.

Also for me with the em160, QMI & ECM doesn't work and the mbn autoconfig needs to be disabled with an AT command

Re: IPv6 only setup help

Posted: Mon Feb 15, 2021 4:27 pm
by baldwine
JoshKelly wrote: Thu Feb 04, 2021 6:10 am My question is can I disabled IPv4 on the wg1608 and re-enable IPv6 with dmz mode still working and ttl settings working. I believe I have read where people have problems with IPv6 data showing as hotspot.
Okay, so I tried something similar for a small moment in time last year and I can tell you that I failed miserably. In order to use only IPV6 on the router, you would have to block all IPV4 traffic through the Firewall for that port. So in your Firewall settings, you would create conditions to reject all IPV4 traffic on your Network. I use a USG for all of my traffic and establishing rules is a lot easier in that than in your Edgerouter12. I am only a little familiar with the Edgerouter OS and can't tell you how to proceed. I also could not make it work for more than a moment, I failed miserably remember.

All of your clients will need an IPV6 address. A lot of IoT devices and older devices do not utilize or have the ability to utilize IPV6. That being said, by blocking IPV4 traffic on your WAN/Network port, your traffic should only utilize IPV6. The problem with using IPV6 only, you will lose access to websites and services that require IPV4.

Google has an IPV6 test website and a couple of others can help you troubleshoot your connection.

That's the best answer that I could provide, it's about as far as I could get.

Re: IPv6 only setup help

Posted: Mon Feb 15, 2021 8:00 pm
by toddw
IPV6 is a long way from maturity, I wrestled with this not too long ago and like baldwine said, using it exclusively causes loads of access issues. You can get static IPV4 IP from T-mobile, I use it everyday. You have to call it into support and its bloody painful. If you can't do so, hit up the Wireless Joint FB group and message me (I think PMs are disabled here) and I'll tell you what you need to do.