IPV6 Not Working on Firewall Gold Router Mode

Comments

19 comments

  • Avatar
    Firewalla

    Is your xfinity router in bridge mode?

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    Yes the Xfinity router is also in bridge mode.

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    I take that back. I just checked and the Negear CM1150v doesn't have bridge mode.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Can you make sure you turn on ipv6 both on the WAN side and also on the LAN side. (DHCPv6 should be on as well) See this article https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Gold-Feature-Guide-Network-Manager

     

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    Thank you yes it is enabled on the LAN as well, which I only have one created. I just toggled the switches for IPV6 and IPV6 DHCP. Still have not passed the IPV6 tests. Maybe it takes awhile.

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    I was able to fix the issue by doing the following:

    • Changed the Linksys Velop Mesh from bridge to router mode
    • Changed Firewalla from Router to Experimental Simple Mode
    • In the Linksys app, changed the IPV6 from DHCP to Passthrough, saved and rebooted
    • Tested IPV6 tests, same failed results
    • In the Linksys app, changed from Passthrough back to IPV6 DHCP, saved and rebooted
    • Tested IPV6 and passed all tests!
    • In the Linksys app, reverted back to bridge mode
    • In Firewalla, reverted back to router mode
    • Rebooted Xfinity modem and Firewalla
    • Tested IPV6 and passed all tests!
    0
    Comment actions Permalink
  • Avatar
    Firewalla

    My theory is the "Reboot Xfinity modem" probably fixed the issue.  Mine is an XB6, and a long time ago, Comcast fixed the ipv6 allocation ... by a remote reboot :(

     

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    I actually reboot the Xfinity router at least bi-weekly, but maybe the different combinations of reboots and messing with the DHCP configurations fixed it or flushed out conflicting data or what have you.

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    Looks like I am back to square on.  After noticing some slowness on one of the Velop nodes I again decided to reboot the entire system, i.e. Firewalla box, Linksys Velop Nodes, as well as Xfinity modem.

    Once everything was back up I retested IPV6 and again it failed at the following points:

    • No IPV6 address detected
    • Connections to IPV6-only sites are timing out

    Any suggestions?

    I double checked the Firewalla Network WAN and LAN settings and both have IPV6 enabled (as well as the other IPV6 options, connection type DHCPv6 and Interface Type Prefix Delegation).

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    Just opened up case 26185 through Support.

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    On a side note - I reverted the Linksys Velop Mesh system from Bridge to normal DHCP mode and reverted the Gold from router to Experimental Simple Mode.  I am able to pass all IPv6 tests in this configuration, but take a small hit in regards to performance.

    Update - had disconnect issues in normal DHCP mode on the Velop system. Reverted back to bridge mode and back to Router mode on the Gold.  For now, whatever changes were made with iPv6 and stuck and I am passing all tests. 

    0
    Comment actions Permalink
  • Avatar
    joshua lauer

    I have a similar issue. I have two lan segments with dhcp v6 enabled. I also have dhcp v6 enabled in both my wan segments. Comcast and fios. Comcast has modem/router in bridge mode. Fios is direct from ONT. getting no ipv6 addressing from either. I validated that V6 is indeed being pushed from both providers as I had other routers connected previously where both were confirmed working. Seems as V6 is dead on my Firewalla. I should at least get some LAN assignments correct?

    0
    Comment actions Permalink
  • Avatar
    joshua lauer

    I’m also running dual wan in load balance if that was not clear

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    OK - so I've joined the club and so far Firewalla support are blaming my ISP - hoping this changes as a pfsense box works fine - so seems to be the dhcpcd6 settings (or lack thereof).

    With the my Technicolor modem (in bridge mode) and a pfsense box, I am able to get IPv6 working.

    My pfsense settings are:

    WAN:
    IPv4 Configuration Type: DHCP
    IPv6 Configuration Type : DHCP6
    DHCPv6 Prefix Delegation size: 56
    Send IPv6 prefix hint - enabled
    Do not wait for a RA - enabled  
    -- everything else is default
     
    LAN:
    IPv6 Configuration Type: Track Interface
    IPv6 Interface: WAN
    -- everything else is default
     
    This has fully filled out all IPv6 on the WAN, and provides full access with IPv6 addressing and DNS etc to clients.
     

    Seems Firewalla need to add "Send IPv6 prefix hint", "Do not wait for a RA" and "track interface" capability into some advanced settings.

    Thanks,
    Shane.

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    Update - all fixed and likely will fix others.

    See my post here: https://www.reddit.com/r/firewalla/comments/mtv9ar/ipv6_on_aussie_broadband/

    For posterity:
    Firewalla support (along with information from Aussie Broadband) have made changes and all is now working. Fix is below (requires SSH to router):

    Setup IPv6 setting on WAN in UI and save.

    SSH into Firewalla and edit:

    /home/pi/.router/config/dhcpcd/eth0.conf

    Change line:

    ia_pd 1/::/56

    to

    ia_pd 1

    Note: may have a different value to /::/56 - just remove everything after the 1.

    Save the file and issue:

    sudo systemctl restart firerouter_dhcpcd6@eth0

    If it occurs again (ie if you change settings or reboot config may not stay for now), make the file change and issue the above restart command again.

    1
    Comment actions Permalink
  • Avatar
    heath

    Just a note that this same fix is required if you are using Spectrum (former TimeWarner area).

    Any word from support on if they are going to fix this or offer this as an option to make it persist?

    0
    Comment actions Permalink
  • Avatar
    James Beldock

    Minor correction to Shane's fix (thank you, Shane!):  the file you're editing is at this path:

    /home/pi/.router/config/dhcpcd6/eth0.conf
    1
    Comment actions Permalink
  • Avatar
    Dion Warj

    Just chiming in that the above mod didn't work in my situation :( FWG gets an IPv6 WAN address (as shown in dynamic DNS and via SSH), but the gateway is local for some reason. Help?

    0
    Comment actions Permalink
  • Avatar
    heath

    I actually no longer need this on Spectrum, it works with the defaults.

    It may be that your ISP doesnt support prefix delegation? What ISP?

    0
    Comment actions Permalink

Please sign in to leave a comment.