---

@IMM wrote:

 

I don't understand why the IPv6 address seems to be a link local one but when I set up the Lan as below, I seem to have IPv6 connectivity.

Yeah, I'd say you have IPv6 connectivity too. What does the output of ipconfig (or ifconfig) on a client say? Alternatively, how is a visit to test-ipv6.com looking?

As @MisterW said don't be too misled by the apparent lack of a global IPv6 address on the WAN. It isn't required for general IPv6 connectivity as the link-local address on the WAN port is sufficient for this. It'd only be needed for things link remote configuration over the Internet, or perhaps certain types of IPv4-IPv6 transition mechanism.

Incidentally, my Dratek router *does* happen to have a global IPv6 address on its WAN port (as well as a link local). It obtains a /56 prefix from Plusnet via DHCPv6, assigns the first /64 to the WAN (and creates a /128 address from it to the WAN port using SLAAC) and then assigns the second /64 to the LAN from which clients can either generate their own /128 addresses using SLAAC or request one via DHCPv6 from the router.

---

@IMM wrote:

Can anyone recommend a IPv6 port scanner similar to grc.com's "shields up" that is safe to use. I'd like to check that I'm not leaving myself open to attacks from the Wan side.

---

There's a good one at https://ipv6.chappell-family.com/ipv6tcptest/ (further info about what it does here).

Note that it only tests the specific address that it detects you are coming from i.e. the specific machine the browser is on. Whilst with IPv4, and the use of NAT and port forwarding against a single IPv4 WAN address, this has the effect of testing the exposure of the entire network it is a different story with IPv6 and so really needs to be run from individual hosts to determine how exposed they each are.

All that said, the router ought to have a default DENY ALL firewall rule blocking unsolicited incoming IPv6 connections and thus require you to poke specific holes through if/when you want specific services on specific devices exposed. Worth checking this. On my Draytek, so will of course be different for other vendors but it represent the sort of language that might be used, this is found in Firewall > General Setup as Block routing connections initiated from WAN which is disabled by default for IPv4 (given that NAT effectively does the same thing) but enabled by default for IPv6.

I'm using a Hub2 with just the out of the box settings and the router gets a 2a02:168c:xxxx::1 as the WAN interface. Unfortunately that IP isn't pingable (yet, we're looking) from the WAN so I can't set up an IPv6 Thinkbroadband graph on it, it is pingable from the LAN though. It doesn't though need that to work because each device on your network will get at least one IPv6 address (I think my Mac has 8!). The prefix is allocated by DHCPv6 from the network.

I've got a pinhole configured to the Hub2 to run a web server on my Linux box, not worked out yet if we can get ICMP through the firewall to allow ping to my server.

Hub 2 also supports stateless (SLAAC) and stateful (DHCPv6) allocation of the IPv6 addresses to the clients.

Interesting to see the variety of devices out there, I think there's a few still to reboot their routers and pick up the IPv6 address.

I have IPv6 working with:

Billion 8800NL 

Billion 8899NL R2

tp-link AC2100

They were all reset to factory defaults and then the username & password were entered. 

All of them needed IPv6 enabling on the WAN

The two Billion routers needed Issue Router Advertisements enabling on the LAN

I can confirm the the Plusnet Hub One does not support IPv6.

There is an IPv6 Status page in Advanced Settings > Broadband which states:

IPv6 Hub Status: Disabled

IPv6 Network Status: Disabled

IPv6 will be disabled on your Plusnet Hub and Plusnet Broadband Network until supported by future services

All working as of yesterday with a BT Home Hub 5 Type A (same as Plusnet Hub One), running OpenWrt 24.10.01 instead of the original BT-provided OS.

I'm also running several IPv6 web sites internally, with multiple internal subnets (each with their own /64 delegation) and an internal SMTP server (I was before using a 6in4 tunnel, so this just required some DNS changes).

BTW, I was a bit surprised see I'm the only one using OpenWrt... I can whole-heartedly recommend using it (although possibly not on something as old as the router I'm using) - it does everything (e.g. LLDP, 802.11k/v/r, traffic shaping, wifi airtime fairness, mesh networking, every type of firewall feature you can think of and lots more), and supports router hardware (with continuous security and feature updates) long long after the original manufacturers drop support.  Best wifi support is for devices with MediaTek chipsets.

> "I can confirm the the Plusnet Hub One does not support IPv6."

Well not with the original firmware :-).  I should note that whilst it's possible to run OpenWrt on a Hub One, it's not something I'd necessarily recommend doing now because there are a lot of better performing newer options available at low prices, and it's much easier to install OpenWrt on many of them (the Hub One requires opening the case and soldering - whereas with many routers you can instead just flash the OpenWrt firmware via the original firmware's web UI).

BTW, I was a bit surprised see I'm the only one using OpenWrt..

You're not, I'm running it on a TpLink ER605. 😀

---

@TimSmall wrote:

[...] and an internal SMTP server (I was before using a 6in4 tunnel, so this just required some DNS changes).

Any issues with outgoing mail given the lack of reverse DNS for the server's IPv6 address? I know problematic it can be with IPv4 but was wondering how sensitive receiving servers are when it comes to IPv6?

IPv6 looks to be working for me, using a Ubiquiti UCG Ultra - using DHCPv6 with /56 Prefix Delegation.

I have setup a TBB monitor, see how things go

---

@dave wrote:

I'm using a Hub2 with just the out of the box settings and the router gets a 2a02:168c:xxxx::1 as the WAN interface. Unfortunately that IP isn't pingable (yet, we're looking) from the WAN so I can't set up an IPv6 Thinkbroadband graph on it

---

Don't know whether this will help you diagnose it at all, but from the WAN side, the router _does_ respond to traceroute requests if you ping something it would need to route

Tracing route to 2a02:16c8:xxxx:yyyy:412e:bdd6:3b24:e192 over a maximum of 30 hops

7 16 ms 16 ms 17 ms core2-hu0-2-0-7.southbank.ukcore.bt.net [2a00:2380:14::4e]
8 14 ms * * 2a00:2380:3014:9000::d
9 16 ms 14 ms 15 ms 2a00:23a0:111:4::3
10 15 ms 16 ms 13 ms 2a00:23a0:137:4::2
11 15 ms 15 ms 16 ms 2a00:23a0:133:41::3
12 21 ms 22 ms 21 ms 2a02:16c8:xxxx:yyyy::1
13 * * *

Hi Dave, all,

I have refreshed how things were hooked up and have the ONT directly connected to a Debian Linux 12.  Short version - it works fine.

It was a bit of a learning experience though, so I outline here what I did.

1. Using pppoeconf built the /etc/ppp/peers/dsl-providers file having detected the PPPOE packets.

I then tweaked to enable IP6.  W.X.Y.Z is my static IP4.  enp7s0 is the ethernet port connected to the ONT.  I also renamed it plusnet-providers.

# Configuration file for PPP, using PPP over Ethernet to connect to a DSL provider.

# See the manual page pppd(8) for information on all the options.

W.X.Y.Z:

defaultroute

hide-password

lcp-echo-interval 20

lcp-echo-failure 3

ipcp-accept-remote

+ipv6

defaultroute6

ipv6 00:00:00:00:00:00:00:01

# Override any connect script that may have been set in /etc/ppp/options.

connect /bin/true

noauth

persist

mtu 1500

mru 1500

noaccomp

default-asyncmap

maxfail 0

plugin rp-pppoe.so

nic-enp7s0

user "my_plusnet_email@plusdsl.net"

Running 'pon plusnet-providers' then brought up IP4 quite happily.

2. Getting the IP6 address and PD delegation

The other part of this is then using wide-dhcp6-client to pull the PD prefix.  I spent a long time trying to get a non-PD response from the PlusNET DHCPv6 server.  This doesn't appear to be configured as I was getting no addresses available (but isn't necessary for IP6 to work).

The dhcp6c.conf file to pull the PD prefix and assign it out to other ethernet interfaces on the debian router:

# Default dhpc6c configuration: it assumes the address is autoconfigured using

# router advertisements.

profile default

{

  information-only;

  request domain-name-servers;

  request domain-name;

  script "/etc/wide-dhcpv6/dhcp6c-script";

};

interface ppp0 {

#  Non-PD address request - doesn't appear to be setup

#  send ia-na 0;

  send ia-pd 0;

};

#id-assoc na 0 {

#};

id-assoc pd 0 {

  prefix-interface enp2s0 {

    sla-id 88;

    sla-len 8;

    ifid 1;

  };

  prefix-interface enp3s0 {

    sla-id 111;

    sla-len 8;

    ifid 1;

  };

};

3. Routing fun

The final part was setting up a script in /etc/ppp/ip-up.d/00_plusnet_routes that puts in place all the IP4 and IP6 routes that I use for the home lab.

The key part here is realising that 'ip -6 route add default dev ppp0' is sufficient without needing an IP6 address on the ppp0 interface to route the IP6 traffic, or a next-hop gateway.

4. Running RADV on the other interfaces so clients work with autoconf

The documentation on radvd.conf was fine, so I won't go over that here.

@dave Can I check that the plusnet dhcp6 server isn't setup to assign out non-temporary addresses, just the PD ranges?  

Thanks,

Mark

Now that I have IPv6 connectivity, I have discovered that I know even less than I thought I did about using it.

So, I have lots of questions about the use of IPv6 on my home network that are not really Plusnet IPv6 trial related. Where should I post those questions? As new topics in this forum, as they are IPv6 related - or in  "Everything else" or "Tech Help? I don't want to post them in the wrong place so the moderators keep having to move them.

Ian