Firewalla Feature: IPv6

Follow

Comments

2 comments

  • Avatar
    Chris Schenk

    INCOMPLETE article and INCOMPLETE implementation

    First of all, most CONSUMER ISP's (and the majority of buyers of a FWA Firewalla are consumers) have no clue at all (resp. their call centers). So "..you may need to ask your ISP about what configurations, such as IA_NA and prefix delegation size, you should set."  is for most a useless hint. Such ISP often give a /64 subnet only, delegated by the ISP router. Not changeable. And prefix delegation disabled, not discussable with them (if you're lucky to have someone on the phone who even understands what you're talking about). That means, Firewalla will receive IPv6 on the WAN side, but will be UNABLE to delegate any IPv6 address on the LAN side. Means: Everything connected to FWA won't have IPv6 (public). That is why I had to connect an additional direct cable from ISP router to my server for IPv6 protocol only, bypassing the pros of FWA on that protocol. Third, I do NOT UNDERSTAND why I am unable to set my own DNS servers for IPv6 on the FWA (for example Cloudflare). As a result of that lack I now have different DNS servers for Ipv4 (the ones I want, set at the FWA IPv4 setup) plus the DNS of my provider on IPv6 (delegated by the ISP router). That leads to issues.
    One positive aspect is that I can enter at least a gateway address. So, why also not a DNS address? DHCPv6 has some issues and the implementation on provider side is not always clean....

    It is still possible to get IPv6 working on the LAN side of Firewalla with such a provider (yes), by setting up everything manually (NOT using DHCPv6). Then, all devices, are pingable though IPv6. But Internet (browsing) on IPv6 won't work, because Firewalla does not receive a DNS server in that case and there is no option to enter one in the manual setup! ---> Improvement
    Because some Browser or OS first try IPv6 and then rollback to IPv4, the result is WAITING time when opening websites with working both protocols, such as Google. They wait to resolve the hostname on IPv6, what won't work.

    If someone wants to eliminate all that hassle then you need to get a provider who offers you a /48 subnet. Firewalla then will get a /64 subnet from that and is able to delegate IP's from that /64 pool to its devices.

    And last: Why am I unable to configure a LAN interface with IPv6 ONLY? Why is it mandatory to also have IPv4? Why is there no 'Disable IPv4' switch? For testing or routing purpose (in the future) that would be useful.

    (note: I am not english native)

    Firewalla Team: Do not forget: The reason (one but major reason, there are others) why a CONSUMER pays 500 bucks for a Firewalla are the missing configuration options and possibilities on their (mandatory) ISP routers. So, they have to be there in the Firewalla. As for me, owning two Gold units since the very beginning, the lifecycle comes near. I might decide for another solution then, when I still am unable to configure basic stuff.

    0
    Comment actions Permalink
  • Avatar
    Eaglan Kurek

    You can add "Buddy Telco" (https://www.buddytelco.com.au) to the list of ISPs that is missing a rapid-commit flag. They let me know that it is a conscious choice on their side, as it reduces reliability and stability. As such it would be great it this would be configurable in the app, instead of requiring editing config files.

    0
    Comment actions Permalink

Please sign in to leave a comment.