Hi all, I'm writing here to understand if anyone had successfully setup a FWG in router mode for a dual stack IPv4/IPv6 PPPoE connection.
My IPS offers PPPoE connection (small ISP in Italy, 1gb fiber with planned upgrade to 2.5gb). On top of this, my ISP offers a dual stack connection, so IPv4 and IPv6 are on different stacks (if for any reason IPv6 goes off, I can continue using the IPv4, and viceversa).
Now, setting up the FWG in router mode in this scenario was a pain in the a.. since the beginning, mainly due to the fact that FWG keeps waiting for the RA while this would never happen due to the PPPoE itself, resulting in having to manually (via ssh) set the route to the pppoe interface to local ipv6 address, otherwise none of the clients would receive a correct ipv6 address. Downside of this is that if, for any reason, the PPPoE session goes down, I have to re-set the route, entering ssh etc. There should be another thread on this, but anyway, this is something I can afford all in all (even if with a very fast research on the web, made by a complete dummy like me, I found some interesting posts/guide on how to correctly setup an IPv6 PPPoE connection on Ubuntu...).
But yesterday my ISP completely disabled my IPv6 due to the fact that their logs are full (flooded...) by an event named "Can't add dual-stack queue: DUID contains no mac". These events are coming from my FWG, and it seems like there's been a consistent amount of that, so high that my ISP had some trouble in managing their log systems. On top of this, seems like there's another FWG user using the same ISP, and the 2 of us were the responsible of this flooding. The other user ended up by disabling IPv6 which for me, sincerely, is not an option in 2022. I made a quick research on the web, trying to understand what can cause that specific message, finding anything but some generic explanation about DUID etc. This, and the fact that there's at least another user running into this issue, made me think that the problem is on FWG side. I already opened a ticket to support yesterday, enabling them to remote access, but the first answer didn't make me "safe", being told to ask details (meaning and root cause) to my ISP. They of course can't know what that message means and of course they can't know the root cause, so know I'm waiting for some magic to happen. Benefits of having such a "small" ISP (even though their main business is DDoS protection layer for large companies) is that I can talk directly with their technician, but I can't (and don't want to) cause any problems due to a misconfiguration or something else of my network.
Is there anyone in this forum who is using ipv4 AND ipv6, on a dual stack PPPoE connection with their FWG?
I placed the order for the FWG+ 'cause I love Firewalla, but if I have to choose between this and a consistent IPv6 support provided by simply any other CPE manufacturer, I'd choose the latter...
Please sign in to leave a comment.