• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 to IPv6 tunnel? Forgive my naivety

Started by hobbsfamily, July 08, 2021, 02:57:03 AM

Previous topic - Next topic

hobbsfamily

Here's my situation:

I use Verizon's 5G Home Internet. I'm pretty happy with it as a service. However, I introduced a router between my modem and my network. Things are working OK, except because of the way Verizon / the modem has implemented IPv6, I am not able to get IPv6 addresses on the LAN. The way it appears to work is that the modem itself has a public IPv6 address, and I'm able to get a public IPv6 address as my WAN address on the router. However, Verizon doesn't use prefix delegation. It just hands connected devices a /128 prefix (a single address) which means I have no way to give addresses with any certainty to my LAN once the router is in place. With devices connected directly to the modem they get public IPv6 addresses because the modem is capable of handing out a single /128 at a time via DHCPv6

I started to setup a 6in4 tunnel using HE on my router (it's a Ubiquiti Dream Machine Pro), but I'm running into issues related (I believe) to double NAT and the fact that the modem doesn't appear to forward protocol 41 to a machine in the DMZ. I can get my LAN machines issued IPv6 addresses from my HE network by setting up DHCPv6 in the router but when doing a PING6 after configuring the 6in4 tunnel, I get a single packet response back and then everything stops. (not focused on that right now for this question)

Because I'm able to get a single valid IPv6 address on the router, but only one, I'm wondering if it's possible to use tunnelbroker somehow to tunnel my HE /64 or /48 via my single public IPv6 address? so like instead of making a tunnel between my LAN and HE's IPv4 server address, can I make a tunnel between my LAN and HE's IPv6 server address since I'd be able to reach that from the router itself (but not from machines on the network) My public IPv6 address is quite dynamic but I assume there's a way to update the public address similar to how I'm updating my dynamic IPv4 address..

Apologies if my question is poorly stated, I'm just starting out with this stuff and trying to figure things out.

Thanks in advance for putting up with my ignorance!

broquea

We don't offer 6in6 tunnels with tunnelbroker.net.

Also Verizon doesn't learn route announcements from their residential customers, nor do we issue permission for broker users to have others announce their allocations from our system. So you can't use our IPv6 address space over your native VZ connection, they only work over the tunnel.

tjeske

@hobbsfamily
Doesn't solve missing prefix delegation, but maybe it gets you to where you want to be: Have you tried setting up your router in switch mode instead of as a router?

hobbsfamily

Quote from: broquea on July 08, 2021, 03:29:24 AM
We don't offer 6in6 tunnels with tunnelbroker.net.

Also Verizon doesn't learn route announcements from their residential customers, nor do we issue permission for broker users to have others announce their allocations from our system. So you can't use our IPv6 address space over your native VZ connection, they only work over the tunnel.

Thanks @broquea! That makes sense.

hobbsfamily

Quote from: tjeske on July 08, 2021, 06:08:28 AM
@hobbsfamily
Doesn't solve missing prefix delegation, but maybe it gets you to where you want to be: Have you tried setting up your router in switch mode instead of as a router?

I have 'figured out' how to put their modem in bridge mode, however it does seem to have some negative consequences, so I fell back to having the router be the only device connected and set it up in the DMZ... I think I will have much better luck with it in bridge mode though... I have to experiment to see if protocol 41 gets through (Verizon's bridge mode is a bit kludgy)

Thanks!

hobbsfamily

Well I switched to bridge mode on the modem but no progress... (still trying to set up a tunnel because Verizon doesn't support IPv6 in bridge mode)

When I set up the tunnel, add an IP, create a default route, I'm able to get a SINGLE ping response packet from google.com, and that's it... stops at that point, and then running another ping gets nothing:

# ping6 google.com
PING google.com (2607:f8b0:4023:1004::66): 56 data bytes
64 bytes from 2607:f8b0:4023:1004::66: seq=0 ttl=113 time=20.334 ms
^C
--- google.com ping statistics ---
7 packets transmitted, 1 packets received, 85% packet loss
round-trip min/avg/max = 20.334/20.334/20.334 ms


I'm really not sure what issue I'm running into here...