Anyone have IPv6 working with router-behind-router/DMZplus mode?

Anyone have IPv6 working with router-behind-router/DMZplus mode?

I have an IPv6-enabled 3600HGV U-verse router with a Linksys E4200 configured as the DMZplus device behind it (for Wireless-N and IPv6 Firewall configuration). DHCPv6 is enabled on the 3600. The E4200 is set for automatic IPv6 configuration. While the E4200 status page show that it gets its own global unicast IPv6 address, the gateway address is a unique local address (fd02:..) and the devices on the network behind the E4200 only get an IPv6 unique local  address (fd02:...) instead of a global unicast address (2602:306:...) in addition to their link-local address (fe80:...). Consquently the IPv6 addresses are not routable so I can't get to external IPv6 sites with this configuration.

 

If I connect my local network directly to the 3600HGV the IPv6 network works properly for outbound connections, but I haven't found a way to configure the firewall to permit incoming IPv6 connections to pass through to the addressed device. The firewall looks like it only supports IPv4 port forwarding.

 

Has anyone workout out how to get IPv6 autoconfiguration working to assign global unicast addresses to devices on the network behind a router that is behind the U-verse router? Alternatively does anyone know how to poke a hole in the U-verse firewall to permit an IPv6 connection to pass through to a specific port on the IPv6 device?

 

I need both inbound and outbound IPv6 connections to work on software development for a site that has only IPv6 access to devices behind their firewall (a HughesNet Gen4 customer with a router-behind-router with which IPv6 autoconfiguration works properly). A Hurricane Electric tunnel provided the necessary functionality with my previous DSL service, but apparently the 3600HGV blocks this. Thanks in advance for any insights.

Message 1 of 11 (6,015 Views)
Expert
Solution
Accepted by SomeJoe7777 (Expert)
‎09-30-2015 1:39 AM

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

At this time, all of the 2Wire/Pace gateways, including the 3600HGV, 3800HGV-B, 3801HGV, i3812V, and 5031NV do not fully support IPv6. While AT&T is beginning to put some of the infrastructure in place to support it, the gateway will need a new firmware update at some point in the future to fully support it.

As you've also discovered, because of AT&T's efforts to begin supporting IPv6, the gateway is blocking IP protocol 41, which effectively blocks any IPv6-in-IPv4 tunnels like those used to Hurricane Electric. There is currently no work-around for this.

Message 2 of 11 (6,009 Views)

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

Thanks. It looks like I'll just have to use the E4200 as a wireless access point until AT&T catches up so that I can use out-bound IPv6 connections, which is the largest part of what I need. I have a fall-back strategy for testing in-bound connections at the target site. Unfortunately I know better than to ask if AT&T has an ETA on the rest of the functionality!

Message 3 of 11 (5,986 Views)
Highlighted
Teacher

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

In case this affects your plans, you should know that at last check AT&T is not only blocking IPv6 on the residential gateways, but also at the border. Some of us managed to work around the defects in the 3801HGV by upgrading to the NV589 that doesn't have the bug that filters protocol 41, but after a few weeks of glorious IPv6 our tunnels broke again. It was finally confirmed with the AT&T networking tier that they consider IPv6 tunnels to be a security risk to their infrastructure (!!), so when the bugs are resolved it's likely that the only target to which you'll be able to establish a tunnel will be AT&T's own 6rd server.

Message 4 of 11 (5,817 Views)

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

Thanks. With my 3600HGV enabled for IPv6 (which apparently uses AT&T's tunnel) and my original router configured in Bridge Mode I am able to make out-bound IPv6 connections and use the wireless N speed provided by my router, which is the bulk of what I need. The only functionality I am missing is the ability to configure the 3600HGV firewall to allow an in-bound IPv6 connection. So if and when the 3600HGV firmware gets updated either so that it correctly delegates an IPv6 prefix to the DMZ+ router or gets its firewall interface expanded for IPv6 I'll have all of the functionality I need.

Message 5 of 11 (5,803 Views)
Contributor

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

Ok, I'm no expert but I wanted to contribute. I have a NVG589. It is IPv6 enabled via SLAAC ?. I don't believe it is using tunneling over IPv4. I have a netgear WNDR4500 router behind it. I want to configure the NVG and the WNDR to work using the IPv6. my test-ipv6/com results indicate that I have the IPv6. 

Message 6 of 11 (5,033 Views)
Tutor

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

This probably won't work, but try taking your Linksys router out of the DMZ (and reboot both routers).  You can still disable the firewall on the 2Wire under Settings -> LAN -> IP Address allocation.

 

I can't try this myself, as I don't have ipv6 functionality.  In the ipv4 world, the Linksys will get a DHCP-assigned local address from the 2Wire, and will set the 2Wire as the default gateway, but this works fine, at least for me.  My hope is that the Linksys will be able to pick up the ipv6 prefix from the address that the 2Wire assigns to it.

 

Sorry if this turns out to be a dumb idea.  I don't know much about ipv6.

Message 7 of 11 (4,584 Views)

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

Message 8 of 11 (3,756 Views)

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

My problem was ultimately solved by AT&T replacing my 3600HGV with an NVG589 and running my Cisco/Linksys router in Bridge mode. I still can't get in-bound IPv6 connections (no firewall configuration feature), but I can reach the IPv6-only place I need to, which is behind a HughesNet Gen4 satellite connection that doesn't support IPv4 port forwarding.
Message 9 of 11 (3,724 Views)

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

That's an interesting setup. If you had another cisco router, you could do DMVPN.

Message 10 of 11 (3,722 Views)
Contributor

Re: Anyone have IPv6 working with router-behind-router/DMZplus mode?

I know this is an ancient thread, but I was wondering if anything new might have happened since the last post.

 

I have an i3812V router with the 6.11.1.29-enh.tm firmware.  Everything IPv6-related looks good on the AT&T router, and the router I have behind that one (old Linksys running Shibby Tomato 1.28) looks like it's getting everything it's supposed to from the 3812.  The Linksys gets an appropriate IPv6 address, and my Windows box gets one as well, with the Windows gateway being set to the link local address of the Linksys router.  So far, so good - I can ping the Linksys's link local address just fine from Windows, and the Linksys is successfully responding on the global IP when attempting to do a traceroute of an IPv6 address from the Windows box.

 

Where I run into problems is getting upstream of that.  From a command prompt on the Linksys, I attempted to ping ipv6.google.com.  No dice.  I then tried pinging the gateway shown on the i3812V Settings/Broadband/Status page from the Linksys, and didn't get any response there either. Pinging the public IPv6 address directly from the i3812 is successful, and both routers can ping each other, although the 3812 can't ping the Windows box. Since the AT&T router appears to be giving the Linksys a valid IPv6 address and delegating the address space, I'm not sure where else to start looking for the problem.

 

Has anyone had any luck using the 3812?

Message 11 of 11 (1,947 Views)