Vraag

IPv6 problemen met Ubiquiti USG

  • 10 March 2019
  • 2 reacties
  • 1791 keer bekeken

Hoi allemaal,

Ik heb al enige tijd mijn Xperiabox vervangen voor een Unifi Security Gateway met daarachter een Unifi switch. Nu werkt internettoegang in principe prima, maar heb ik IPv6 nooit helemaal aan de praat gekregen.

Ik heb voornamelijk deze post gevolgd, en het lijkt half te werken. Ten eerste krijgen zowel mijn router als LAN devices een IPv6-adres toegewezen, en kan ik met bijvoorbeeld ping6 google.com prima pingen. De IPv6 test van Google zegt dat alles prima werkt, maar (bijvoorbeeld) test-ipv6.com geeft errors aan, met onder andere de melding "Our tests show that you will have a broken or misconfigured IPv6 setup, and this will cause problems as web sites enable IPv6."

Dit lijkt te kloppen, want een aantal websites, zoals tweakers.net laden niet (blijft eeuwig hangen in de browser op "Performing a TLS handshake").

Door deze mixed signals weet ik niet meer zo goed wat ik het beste kan doen, of hoe ik dit kan debuggen. Heeft iemand suggesties?

Hier mijn config.gateway.json:

code:
{
"firewall": {
"ip-src-route": "disable",
"ipv6-name": {
"WANv6_IN": {
"default-action": "drop",
"description": "WAN inbound traffic forwarded to LAN",
"enable-default-log": "''",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
}
}
},
"WANv6_LOCAL": {
"default-action": "drop",
"description": "WAN inbound traffic to the router",
"enable-default-log": "''",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
},
"30": {
"action": "accept",
"description": "Allow IPv6 icmp",
"protocol": "ipv6-icmp"
},
"40": {
"action": "accept",
"description": "allow dhcpv6",
"destination": {
"port": "546"
},
"protocol": "udp",
"source": {
"port": "547"
}
}
}
}
},
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"log-martians": "enable",
"source-validation": "disable"
},
"interfaces": {
"ethernet": {
"eth0": {
"description": "eth0 - FTTH",
"duplex": "auto",
"speed": "auto",
"vif": {
"4": {
"address": [
"dhcp"
],
"description": "eth0.4 - IPTV",
"dhcp-options": {
"client-option": [
"send vendor-class-identifier "IPTV_RG";",
"request subnet-mask, routers, rfc3442-classless-static-routes;"
],
"default-route": "no-update",
"default-route-distance": "210",
"name-server": "update"
},
"ip": {
"source-validation": "loose"
}
},
"6": {
"description": "eth0.6 - Internet",
"pppoe": {
"2": {
"dhcpv6-pd": {
"no-dns": "''",
"pd": {
"0": {
"interface": {
"eth1": "''"
},
"prefix-length": "/48"
}
},
"rapid-commit": "disable"
},
"firewall": {
"in": {
"ipv6-name": "WANv6_IN",
"name": "WAN_IN"
},
"local": {
"ipv6-name": "WANv6_LOCAL",
"name": "WAN_LOCAL"
}
},
"idle-timeout": "180",
"ipv6": {
"address": {
"autoconf": "''"
},
"dup-addr-detect-transmits": "1",
"enable": "''"
},
"mtu": "1500",
"name-server": "auto",
"password": "kpn",
"user-id": "xx-xx-xx-xx-xx-xx@internet"
}
}
}
}
},
"eth1": {
"description": "eth1 - LAN",
"duplex": "auto",
"speed": "auto",
"ipv6": {
"dup-addr-detect-transmits": "1",
"router-advert": {
"cur-hop-limit": "64",
"link-mtu": "0",
"managed-flag": "false",
"max-interval": "600",
"name-server": [
"2001:4860:4860::8888",
"2001:4860:4860::8844"
],
"other-config-flag": "false",
"prefix": {
"::/64": {
"autonomous-flag": "true",
"on-link-flag": "true",
"valid-lifetime": "2592000"
}
},
"radvd-options": [
"RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {};"
],
"reachable-time": "0",
"retrans-timer": "0",
"send-advert": "true"
}
}
}
}
},
"protocols": {
"igmp-proxy": {
"disable-quickleave": "''",
"interface": {
"eth0.4": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "upstream",
"threshold": "1"
},
"eth1": {
"role": "downstream",
"threshold": "1"
}
}
},
"static": {
"interface-route6": {
"::/0": {
"next-hop-interface": {
"pppoe2": "''"
}
}
},
"route": {
"213.75.112.0/21": {
"next-hop": {
"10.88.184.1": "''"
}
}
}
}
},
"service": {
"dns": {
"forwarding": {
"name-server": [
"1.1.1.1",
"1.0.0.1"
],
"except-interface": [
"eth0",
"eth0.6",
"eth2"
],
"options": [
"listen-address=10.0.1.1"
]
}
},
"nat": {
"rule": {
"5000": {
"description": "IPTV",
"destination": {
"address": "213.75.112.0/21"
},
"log": "disable",
"outbound-interface": "eth0.4",
"protocol": "all",
"type": "masquerade"
},
"5010": {
"description": "KPN Internet",
"log": "enable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"address": "10.0.1.0/24"
},
"type": "masquerade"
},
"6001": {
"disable": "''",
"type": "masquerade"
},
"6002": {
"disable": "''",
"type": "masquerade"
},
"6003": {
"disable": "''",
"type": "masquerade"
}
}
}
},
"system": {
"name-server": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
]
}
}


P.S. TV werkt momenteel ook niet, met foutcode F561. Als iemand hier nog suggesties voor heeft hoor ik het ook graag.

2 reacties

Reputatie 7
Misschien heb je wat aan het configuratiebestand voor de EdgeRouter Lite 3 in het startbericht van het topic "Gebruik een eigen router i.p.v. de Experia Box".
Hoi @wjb, dank voor je reactie! Ik heb de configuratie zoals hij in die post staat doorgenomen. Er zaten wel een paar kleine verschillen met de mijne, maar ook nadat ik deze wijzigingen heb doorgevoerd werkt het nog precies hetzelfde.

Hier de nieuwe versie van mijn config.

code:
{
"firewall": {
"ip-src-route": "disable",
"ipv6-name": {
"WANv6_IN": {
"default-action": "drop",
"description": "WAN inbound traffic forwarded to LAN",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
},
"30": {
"action": "accept",
"description": "Allow IPv6 icmp",
"icmpv6": {
"type": "echo-request"
},
"protocol": "icmpv6"
}
}
},
"WANv6_LOCAL": {
"default-action": "drop",
"description": "WAN inbound traffic to the router",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
},
"30": {
"action": "accept",
"description": "Allow IPv6 icmp",
"protocol": "ipv6-icmp"
},
"40": {
"action": "accept",
"description": "allow dhcpv6",
"destination": {
"port": "546"
},
"protocol": "udp",
"source": {
"port": "547"
}
}
}
}
},
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"log-martians": "enable"
},
"interfaces": {
"ethernet": {
"eth0": {
"description": "eth0 - FTTH",
"duplex": "auto",
"speed": "auto",
"vif": {
"4": {
"address": [
"dhcp"
],
"description": "eth0.4 - IPTV",
"dhcp-options": {
"client-option": [
"send vendor-class-identifier "IPTV_RG";",
"request subnet-mask, routers, rfc3442-classless-static-routes;"
],
"default-route": "no-update",
"default-route-distance": "210",
"name-server": "update"
},
"ip": {
"source-validation": "loose"
}
},
"6": {
"description": "eth0.6 - Internet",
"pppoe": {
"2": {
"dhcpv6-pd": {
"no-dns": "''",
"pd": {
"0": {
"interface": {
"eth1": {
"host-address": "::1",
"no-dns": "''",
"prefix-id": ":1",
"service": "slaac"
}
},
"prefix-length": "/48"
}
},
"rapid-commit": "enable"
},
"firewall": {
"in": {
"ipv6-name": "WANv6_IN",
"name": "WAN_IN"
},
"local": {
"ipv6-name": "WANv6_LOCAL",
"name": "WAN_LOCAL"
}
},
"idle-timeout": "180",
"ipv6": {
"address": {
"autoconf": "''"
},
"dup-addr-detect-transmits": "1",
"enable": "''"
},
"mtu": "1500",
"name-server": "auto",
"password": "kpn",
"user-id": "xx-xx-xx-xx-xx-xx@internet"
}
}
}
}
},
"eth1": {
"description": "eth1 - LAN",
"duplex": "auto",
"speed": "auto",
"ipv6": {
"dup-addr-detect-transmits": "1",
"router-advert": {
"cur-hop-limit": "64",
"link-mtu": "0",
"managed-flag": "false",
"max-interval": "600",
"name-server": [
"2606:4700:4700::1111",
"2606:4700:4700::1001"
],
"other-config-flag": "false",
"prefix": {
"::/64": {
"autonomous-flag": "true",
"on-link-flag": "true",
"valid-lifetime": "2592000"
}
},
"radvd-options": [
"RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {};"
],
"reachable-time": "0",
"retrans-timer": "0",
"send-advert": "true"
}
}
}
}
},
"protocols": {
"igmp-proxy": {
"disable-quickleave": "''",
"interface": {
"eth0.4": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "upstream",
"threshold": "1"
},
"eth1": {
"role": "downstream",
"threshold": "1"
}
}
},
"static": {
"interface-route6": {
"::/0": {
"next-hop-interface": {
"pppoe2": "''"
}
}
},
"route": {
"213.75.112.0/21": {
"next-hop": {
"xx.xx.xx.xx": "''"
}
}
}
}
},
"service": {
"dhcp-server": {
"disabled": "false",
"global-parameters": "option vendor-class-identifier code 60 = string;",
"global-parameters": "option broadcast-address code 28 = ip-address;",
"hostfile-update": "disable",
"shared-network-name": {
"net_LAN_eth1_10.0.1.0-24": {
"authoritative": "enable",
"subnet": {
"10.0.1.0/24": {
"default-router": "10.0.1.1",
"dns-server": [
"10.0.1.1",
"1.1.1.1",
"1.0.0.1"
],
"lease": "86400",
"start": {
"10.0.1.100": {
"stop": "10.0.1.254"
}
}
}
}
}
},
"static-arp": "disable",
"use-dnsmasq": "enable"
},
"dns": {
"forwarding": {
"cache-size": "10000",
"name-server": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
],
"except-interface": [
"eth0",
"eth0.6",
"eth2"
],
"options": [
"listen-address=10.0.1.1"
]
}
},
"nat": {
"rule": {
"5000": {
"description": "IPTV",
"destination": {
"address": "213.75.112.0/21"
},
"log": "disable",
"outbound-interface": "eth0.4",
"protocol": "all",
"type": "masquerade"
},
"5010": {
"description": "KPN Internet",
"log": "disable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"address": "10.0.1.0/24"
},
"type": "masquerade"
},
"6001": {
"disable": "''",
"type": "masquerade"
},
"6002": {
"disable": "''",
"type": "masquerade"
},
"6003": {
"disable": "''",
"type": "masquerade"
}
}
}
},
"system": {
"name-server": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
]
}
}


Reageer