usg-kpn-ftth icon indicating copy to clipboard operation
usg-kpn-ftth copied to clipboard

Published 20 hours ago verified publisher icon coolhva

IPv6 address public

Open bolijndotme opened this issue 2 years ago • 4 comments

Hi,

I followed your guide to set up the USG3 with KPN FTTH, including IPTV. This works great and both internet and TV work !

I noticed that when i go to whatismyip.com it shows my ipv6 address, but i expected ipv6 to only be used internally. I followed your guide for debugging (link) and see i have two IPv6 subnets when running show interfaces while your printscreen only has one.

Two questions :

  1. How to only use IPv6 internally ?
  2. Is there something wrong in my config for having two IPv6 addresses ?
Schermafbeelding 2022-09-12 om 15 51 38

Thank you for your efforts ! Michel

bolijndotme avatar Sep 12 '22 14:09 bolijndotme

IPv6 allows computers to communicate with each other directly again, just like how in the beginning of the internet every computer had a public IP address. The firewall decides who can access your devices. If you want to use IPv6 locally you should use the fd00::/8 range and assign it to your interfaces. But, if you want to access Ipv6 services on the internet you will need a public IPv6 address, there is no NAT anymore.

The first address is the configured address, which can be referenced by other devices, or used for SSH. The second address is created automatically using the SLAAC protocol.

coolhva avatar Sep 12 '22 15:09 coolhva

Thank you for your quick reply ! Is there a way to disable IPv6 ?

bolijndotme avatar Sep 12 '22 16:09 bolijndotme

Yes, you can edit the json config and remove the pd section from the wan interface. But why would you want to do that?

coolhva avatar Sep 12 '22 18:09 coolhva

I have several services (such as Wireguard and Pi-hole) running in my network and this was working fine, but since i'm using your script i have DNS errors. When i type nslookup www.google.com 1.1.1.1 from any subnet it says ;; connection timed out; no servers could be reached. I also removed the nameservers and radvd-options (like suggested in this ticket), but it didn't work for me.

So i want to see if the problem is fixed when i disable IPv6, so that i am sure the issue is not anything else.

you commented:

remove the pd section from the wan interface

By this you mean to remove the following code block ?

"pd": {
    "0": {
        "interface": {
            "eth1": {
                "host-address": "::1",
                "prefix-id": ":1",
                "service": "slaac"
            }
        },
        "prefix-length": "/48"
    }
}

bolijndotme avatar Sep 13 '22 07:09 bolijndotme