Setting up IPv6 on a router behind another router

I have a TP-Link Archer C2 AC750 (V1) router. It works well for IPv4 but I am not able to setup IPv6.

Network topology

The discussed router shares internet connection to devices in my flat (Macs and iPhones of various age). The WAN port of the router is connected to the house router which shares a common DSL connection (the ISP is O2 Czech Republic) across the building using Ethernet.

Direct connection

I can connect one of my Macs directly to the wired house network. It gets all needed information for both IPv4 and IPv6 connection. The webpage http://whatismyipaddress.com opened in Safari shows my public IPv6 address (beginning with 2a00:, so no 6to4 tunnel).

Full listing follows. I am hiding my MAC and IPv6 addresses for privacy reason.

$ ifconfig en0

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

    ether xx:xx:xx:xx:xx:xx 

    inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 scopeid 0x4 

    inet 10.0.0.63 netmask 0xffffff00 broadcast 10.0.0.255

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf 

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf temporary 

    nd6 options=1<PERFORMNUD>

    media: autoselect (100baseTX <half-duplex>)

    status: active



$ cat /etc/resolv.conf | grep -v '^#'

domain .

nameserver 10.0.0.138

nameserver fe80::1

Current router settings

The IPv6 configuration of my router follows. I am hiding the IP address for privacy reason. The first half of the address (64-bit prefix) is still the same.

IPv6 Status

- WAN

Connection Type: Dynamic IPv6

Connection Status: Connected

IPv6 Address: 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx /64

IPv6 Default Gateway: fe80::0000:0000:0000:0001

Primary IPv6 DNS: ::

Secondary IPv6 DNS: ::

- IPv6 LAN

IPv6 Address Type: RADVD

Prefix Length: 64

IPv6 Address: N/A

IPv6 WAN

IPv6 WAN settings

When I change the Addressing Type to the only other option, DHCPv6, the router never gets an IPv6 address.

IPv6 LAN

IPv6 LAN settings (RADVD)

IPv6 LAN settings (DHCPv6)

Regardless of whether I choose RADVD or DHCPv6 with Delegated prefix, my computer never gets an IPv6 address. My computer gets some IPv6 address with DHCPv6 and Static prefix but it still cannot connect the IPv6 internet. It cannot even ping either router.

Can anyone help me with this settings? Or, since some people report that the IPv6 support of TP-Link routers is incomplete (e.g. https://lkhill.com/its-2015-supports-ipv6-should-mean-full-support/), should I rather switch to OpenWrt?

EDIT

Unfortunately, later I realized that OpenWrt is not yet ready for my router, see OpenWrt Wiki and OpenWrt Discussion for details.

Since @Michael Hampton suspected the upstream (house) router to be misbehaving, I am showing its current IPv6 LAN Auto Configuration settings.

IPv6 LAN Auto Configuration of the house router

I tried to disable M-bit custom mode but no change…

EDIT 2

The IPv6 information in the house router is following. Again, the IP address is hidden for privacy reason.

IPv6 enable/disabled:   Enabled

IPv6 Primary DNS Server:    2a00:1028:1:910::1

IPv6 Secondary DNS Server:  2a00:1028:1:911::1

Active IPv6 Prefix:  

Active IPv6 Prefix Length:   

LAN interface Link-Local address:   fe80::0:0:0:1

Manual configured prefix:    

WAN interface Link-Local address:   fe80::xxxx:xxxx:xxxx:xxxx

WAN interface User Setting Global address:  2A00:1028:xxxx:xxxx:0:0:0:1/64

IPv6 DefaultGateway:    fe80::xxxx:xxxx:xxxx:xxxx

LAN IPv6 Address:    

Default IPv6 interface Gateway:

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

2

Does the upstream router support Prefix Delegation? Because if it doesn’t, this never going to work.

– Daniel B
Oct 16 '16 at 15:45

@DanielB I am not sure but the IPv6 connectivity worked with the router of my former flatmate (on the place of my current TP-Link router).

– Melebius
Oct 16 '16 at 15:51

2

Hm. Are you sure the previous router was actually a router and not, say, a switch? Perhaps you need to explicitly allow PD for specific devices in the upstream router. What make and model is the upstream router?

– Daniel B
Oct 16 '16 at 16:14

@DanielB Well, it turns out that it was probably configured as a switch. I have just found my end devices in the list of DHCP leases of the upstream router (as expired). The upstream router seems to be Comtrend VR-3026e (I do not have physical access to it at the moment).

– Melebius
Oct 16 '16 at 16:28

I'll always go with putting OpenWrt on a home router, but in this case, your immediate problem is that the upstream Comtrend whatever router is misbehaving. That's what you need to look at.

– Michael Hampton
Oct 16 '16 at 16:50

|
show 5 more comments

I have a TP-Link Archer C2 AC750 (V1) router. It works well for IPv4 but I am not able to setup IPv6.

Network topology

Direct connection

Full listing follows. I am hiding my MAC and IPv6 addresses for privacy reason.

$ ifconfig en0

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

    ether xx:xx:xx:xx:xx:xx 

    inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 scopeid 0x4 

    inet 10.0.0.63 netmask 0xffffff00 broadcast 10.0.0.255

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf 

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf temporary 

    nd6 options=1<PERFORMNUD>

    media: autoselect (100baseTX <half-duplex>)

    status: active



$ cat /etc/resolv.conf | grep -v '^#'

domain .

nameserver 10.0.0.138

nameserver fe80::1

Current router settings

The IPv6 configuration of my router follows. I am hiding the IP address for privacy reason. The first half of the address (64-bit prefix) is still the same.

IPv6 Status

- WAN

Connection Type: Dynamic IPv6

Connection Status: Connected

IPv6 Address: 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx /64

IPv6 Default Gateway: fe80::0000:0000:0000:0001

Primary IPv6 DNS: ::

Secondary IPv6 DNS: ::

- IPv6 LAN

IPv6 Address Type: RADVD

Prefix Length: 64

IPv6 Address: N/A

IPv6 WAN

IPv6 WAN settings

When I change the Addressing Type to the only other option, DHCPv6, the router never gets an IPv6 address.

IPv6 LAN

IPv6 LAN settings (RADVD)

IPv6 LAN settings (DHCPv6)

EDIT

Unfortunately, later I realized that OpenWrt is not yet ready for my router, see OpenWrt Wiki and OpenWrt Discussion for details.

Since @Michael Hampton suspected the upstream (house) router to be misbehaving, I am showing its current IPv6 LAN Auto Configuration settings.

IPv6 LAN Auto Configuration of the house router

I tried to disable M-bit custom mode but no change…

EDIT 2

The IPv6 information in the house router is following. Again, the IP address is hidden for privacy reason.

IPv6 enable/disabled:   Enabled

IPv6 Primary DNS Server:    2a00:1028:1:910::1

IPv6 Secondary DNS Server:  2a00:1028:1:911::1

Active IPv6 Prefix:  

Active IPv6 Prefix Length:   

LAN interface Link-Local address:   fe80::0:0:0:1

Manual configured prefix:    

WAN interface Link-Local address:   fe80::xxxx:xxxx:xxxx:xxxx

WAN interface User Setting Global address:  2A00:1028:xxxx:xxxx:0:0:0:1/64

IPv6 DefaultGateway:    fe80::xxxx:xxxx:xxxx:xxxx

LAN IPv6 Address:    

Default IPv6 interface Gateway:

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

2

Does the upstream router support Prefix Delegation? Because if it doesn’t, this never going to work.

– Daniel B
Oct 16 '16 at 15:45

@DanielB I am not sure but the IPv6 connectivity worked with the router of my former flatmate (on the place of my current TP-Link router).

– Melebius
Oct 16 '16 at 15:51

2

Hm. Are you sure the previous router was actually a router and not, say, a switch? Perhaps you need to explicitly allow PD for specific devices in the upstream router. What make and model is the upstream router?

– Daniel B
Oct 16 '16 at 16:14

@DanielB Well, it turns out that it was probably configured as a switch. I have just found my end devices in the list of DHCP leases of the upstream router (as expired). The upstream router seems to be Comtrend VR-3026e (I do not have physical access to it at the moment).

– Melebius
Oct 16 '16 at 16:28

I'll always go with putting OpenWrt on a home router, but in this case, your immediate problem is that the upstream Comtrend whatever router is misbehaving. That's what you need to look at.

– Michael Hampton
Oct 16 '16 at 16:50

|
show 5 more comments

I have a TP-Link Archer C2 AC750 (V1) router. It works well for IPv4 but I am not able to setup IPv6.

Network topology

Direct connection

Full listing follows. I am hiding my MAC and IPv6 addresses for privacy reason.

$ ifconfig en0

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

    ether xx:xx:xx:xx:xx:xx 

    inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 scopeid 0x4 

    inet 10.0.0.63 netmask 0xffffff00 broadcast 10.0.0.255

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf 

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf temporary 

    nd6 options=1<PERFORMNUD>

    media: autoselect (100baseTX <half-duplex>)

    status: active



$ cat /etc/resolv.conf | grep -v '^#'

domain .

nameserver 10.0.0.138

nameserver fe80::1

Current router settings

The IPv6 configuration of my router follows. I am hiding the IP address for privacy reason. The first half of the address (64-bit prefix) is still the same.

IPv6 Status

- WAN

Connection Type: Dynamic IPv6

Connection Status: Connected

IPv6 Address: 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx /64

IPv6 Default Gateway: fe80::0000:0000:0000:0001

Primary IPv6 DNS: ::

Secondary IPv6 DNS: ::

- IPv6 LAN

IPv6 Address Type: RADVD

Prefix Length: 64

IPv6 Address: N/A

IPv6 WAN

IPv6 WAN settings

When I change the Addressing Type to the only other option, DHCPv6, the router never gets an IPv6 address.

IPv6 LAN

IPv6 LAN settings (RADVD)

IPv6 LAN settings (DHCPv6)

EDIT

Unfortunately, later I realized that OpenWrt is not yet ready for my router, see OpenWrt Wiki and OpenWrt Discussion for details.

Since @Michael Hampton suspected the upstream (house) router to be misbehaving, I am showing its current IPv6 LAN Auto Configuration settings.

IPv6 LAN Auto Configuration of the house router

I tried to disable M-bit custom mode but no change…

EDIT 2

The IPv6 information in the house router is following. Again, the IP address is hidden for privacy reason.

IPv6 enable/disabled:   Enabled

IPv6 Primary DNS Server:    2a00:1028:1:910::1

IPv6 Secondary DNS Server:  2a00:1028:1:911::1

Active IPv6 Prefix:  

Active IPv6 Prefix Length:   

LAN interface Link-Local address:   fe80::0:0:0:1

Manual configured prefix:    

WAN interface Link-Local address:   fe80::xxxx:xxxx:xxxx:xxxx

WAN interface User Setting Global address:  2A00:1028:xxxx:xxxx:0:0:0:1/64

IPv6 DefaultGateway:    fe80::xxxx:xxxx:xxxx:xxxx

LAN IPv6 Address:    

Default IPv6 interface Gateway:

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

I have a TP-Link Archer C2 AC750 (V1) router. It works well for IPv4 but I am not able to setup IPv6.

Network topology

Direct connection

Full listing follows. I am hiding my MAC and IPv6 addresses for privacy reason.

$ ifconfig en0

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

    options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

    ether xx:xx:xx:xx:xx:xx 

    inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 scopeid 0x4 

    inet 10.0.0.63 netmask 0xffffff00 broadcast 10.0.0.255

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf 

    inet6 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf temporary 

    nd6 options=1<PERFORMNUD>

    media: autoselect (100baseTX <half-duplex>)

    status: active



$ cat /etc/resolv.conf | grep -v '^#'

domain .

nameserver 10.0.0.138

nameserver fe80::1

Current router settings

The IPv6 configuration of my router follows. I am hiding the IP address for privacy reason. The first half of the address (64-bit prefix) is still the same.

IPv6 Status

- WAN

Connection Type: Dynamic IPv6

Connection Status: Connected

IPv6 Address: 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx /64

IPv6 Default Gateway: fe80::0000:0000:0000:0001

Primary IPv6 DNS: ::

Secondary IPv6 DNS: ::

- IPv6 LAN

IPv6 Address Type: RADVD

Prefix Length: 64

IPv6 Address: N/A

IPv6 WAN

IPv6 WAN settings

When I change the Addressing Type to the only other option, DHCPv6, the router never gets an IPv6 address.

IPv6 LAN

IPv6 LAN settings (RADVD)

IPv6 LAN settings (DHCPv6)

EDIT

Unfortunately, later I realized that OpenWrt is not yet ready for my router, see OpenWrt Wiki and OpenWrt Discussion for details.

Since @Michael Hampton suspected the upstream (house) router to be misbehaving, I am showing its current IPv6 LAN Auto Configuration settings.

IPv6 LAN Auto Configuration of the house router

I tried to disable M-bit custom mode but no change…

EDIT 2

The IPv6 information in the house router is following. Again, the IP address is hidden for privacy reason.

IPv6 enable/disabled:   Enabled

IPv6 Primary DNS Server:    2a00:1028:1:910::1

IPv6 Secondary DNS Server:  2a00:1028:1:911::1

Active IPv6 Prefix:  

Active IPv6 Prefix Length:   

LAN interface Link-Local address:   fe80::0:0:0:1

Manual configured prefix:    

WAN interface Link-Local address:   fe80::xxxx:xxxx:xxxx:xxxx

WAN interface User Setting Global address:  2A00:1028:xxxx:xxxx:0:0:0:1/64

IPv6 DefaultGateway:    fe80::xxxx:xxxx:xxxx:xxxx

LAN IPv6 Address:    

Default IPv6 interface Gateway:

networking router ipv6

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

edited Nov 24 '17 at 10:59

asked Oct 16 '16 at 15:38

Melebius

6551925

asked Oct 16 '16 at 15:38

Melebius

6551925

asked Oct 16 '16 at 15:38

Melebius

6551925

2

Does the upstream router support Prefix Delegation? Because if it doesn’t, this never going to work.

– Daniel B
Oct 16 '16 at 15:45

@DanielB I am not sure but the IPv6 connectivity worked with the router of my former flatmate (on the place of my current TP-Link router).

– Melebius
Oct 16 '16 at 15:51

2

Hm. Are you sure the previous router was actually a router and not, say, a switch? Perhaps you need to explicitly allow PD for specific devices in the upstream router. What make and model is the upstream router?

– Daniel B
Oct 16 '16 at 16:14

@DanielB Well, it turns out that it was probably configured as a switch. I have just found my end devices in the list of DHCP leases of the upstream router (as expired). The upstream router seems to be Comtrend VR-3026e (I do not have physical access to it at the moment).

– Melebius
Oct 16 '16 at 16:28

I'll always go with putting OpenWrt on a home router, but in this case, your immediate problem is that the upstream Comtrend whatever router is misbehaving. That's what you need to look at.

– Michael Hampton
Oct 16 '16 at 16:50

|
show 5 more comments

2

Does the upstream router support Prefix Delegation? Because if it doesn’t, this never going to work.

– Daniel B
Oct 16 '16 at 15:45

@DanielB I am not sure but the IPv6 connectivity worked with the router of my former flatmate (on the place of my current TP-Link router).

– Melebius
Oct 16 '16 at 15:51

2

Hm. Are you sure the previous router was actually a router and not, say, a switch? Perhaps you need to explicitly allow PD for specific devices in the upstream router. What make and model is the upstream router?

– Daniel B
Oct 16 '16 at 16:14

@DanielB Well, it turns out that it was probably configured as a switch. I have just found my end devices in the list of DHCP leases of the upstream router (as expired). The upstream router seems to be Comtrend VR-3026e (I do not have physical access to it at the moment).

– Melebius
Oct 16 '16 at 16:28

I'll always go with putting OpenWrt on a home router, but in this case, your immediate problem is that the upstream Comtrend whatever router is misbehaving. That's what you need to look at.

– Michael Hampton
Oct 16 '16 at 16:50

Does the upstream router support Prefix Delegation? Because if it doesn’t, this never going to work.

– Daniel B
Oct 16 '16 at 15:45

@DanielB I am not sure but the IPv6 connectivity worked with the router of my former flatmate (on the place of my current TP-Link router).

– Melebius
Oct 16 '16 at 15:51

Hm. Are you sure the previous router was actually a router and not, say, a switch? Perhaps you need to explicitly allow PD for specific devices in the upstream router. What make and model is the upstream router?

– Daniel B
Oct 16 '16 at 16:14

@DanielB Well, it turns out that it was probably configured as a switch. I have just found my end devices in the list of DHCP leases of the upstream router (as expired). The upstream router seems to be Comtrend VR-3026e (I do not have physical access to it at the moment).

– Melebius
Oct 16 '16 at 16:28

I'll always go with putting OpenWrt on a home router, but in this case, your immediate problem is that the upstream Comtrend whatever router is misbehaving. That's what you need to look at.

– Michael Hampton
Oct 16 '16 at 16:50

|
show 5 more comments

1 Answer
1

active

oldest

votes

It turns out that the house router gets the range of IP addresses with the prefix /64 which seems to be not divisible into multiple subnets.

An IPv6 address is eight groupings of numbers:

Network address - the first three groupings of numbers (first 48 bits) in the subnet mask

Subnet address - the fourth grouping of numbers (the 49th through 64th bits) in the subnet mask

Device address - the last four groupings of numbers (the last 64 bits) in the subnet mask

Source: IBM Knowledge Center – Subnet masks (IPv4) and prefixes (IPv6)

The ISP seems to be not following the Recommendations on IPv6 Address Allocations to Sites.

In particular, it recommends the assignment of
/48 in the general case, /64 when it is known that one and only one
subnet is needed and /128 when it is absolutely known that one and
only one device is connecting.

Alternative

I got IPv6 working by setting up the router as a switch. However, this means that all the devices and traffic on the subordinate (flat) network are exposed to the upstream (house) network.

Instructions

Manually set the LAN IPv4 address of the subordinate router. You will need it to access the configuration of that router, at least the parts that will be applicable after the transition, for example Wi-fi.
- If you can influence the upstream router configuration, reserve a static IPv4 address in the configuration of the upstream router.
- Otherwise set an address from a different range, for example if the upstream router supplies 10.0.x.x addresses, use 192.168.x.x. You’ll have to configure your computer to use the same range whenever you need to access the router configuration.

Turn off the DHCP server (both IPv4 and IPv6) of the subordinate router.

Disconnect the upstream cable from the WAN port and connect it to a LAN port.

Based on: http://it.cestuji.info/modem-jako-switch.php (in Czech)

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

|
show 1 more comment

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1135516%2fsetting-up-ipv6-on-a-router-behind-another-router%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

It turns out that the house router gets the range of IP addresses with the prefix /64 which seems to be not divisible into multiple subnets.

An IPv6 address is eight groupings of numbers:

Network address - the first three groupings of numbers (first 48 bits) in the subnet mask

Subnet address - the fourth grouping of numbers (the 49th through 64th bits) in the subnet mask

Device address - the last four groupings of numbers (the last 64 bits) in the subnet mask

Source: IBM Knowledge Center – Subnet masks (IPv4) and prefixes (IPv6)

The ISP seems to be not following the Recommendations on IPv6 Address Allocations to Sites.

In particular, it recommends the assignment of
/48 in the general case, /64 when it is known that one and only one
subnet is needed and /128 when it is absolutely known that one and
only one device is connecting.

Alternative

I got IPv6 working by setting up the router as a switch. However, this means that all the devices and traffic on the subordinate (flat) network are exposed to the upstream (house) network.

Instructions

Manually set the LAN IPv4 address of the subordinate router. You will need it to access the configuration of that router, at least the parts that will be applicable after the transition, for example Wi-fi.
- If you can influence the upstream router configuration, reserve a static IPv4 address in the configuration of the upstream router.
- Otherwise set an address from a different range, for example if the upstream router supplies 10.0.x.x addresses, use 192.168.x.x. You’ll have to configure your computer to use the same range whenever you need to access the router configuration.

Turn off the DHCP server (both IPv4 and IPv6) of the subordinate router.

Disconnect the upstream cable from the WAN port and connect it to a LAN port.

Based on: http://it.cestuji.info/modem-jako-switch.php (in Czech)

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

|
show 1 more comment

It turns out that the house router gets the range of IP addresses with the prefix /64 which seems to be not divisible into multiple subnets.

An IPv6 address is eight groupings of numbers:

Network address - the first three groupings of numbers (first 48 bits) in the subnet mask

Subnet address - the fourth grouping of numbers (the 49th through 64th bits) in the subnet mask

Device address - the last four groupings of numbers (the last 64 bits) in the subnet mask

Source: IBM Knowledge Center – Subnet masks (IPv4) and prefixes (IPv6)

The ISP seems to be not following the Recommendations on IPv6 Address Allocations to Sites.

In particular, it recommends the assignment of
/48 in the general case, /64 when it is known that one and only one
subnet is needed and /128 when it is absolutely known that one and
only one device is connecting.

Alternative

I got IPv6 working by setting up the router as a switch. However, this means that all the devices and traffic on the subordinate (flat) network are exposed to the upstream (house) network.

Instructions

Manually set the LAN IPv4 address of the subordinate router. You will need it to access the configuration of that router, at least the parts that will be applicable after the transition, for example Wi-fi.
- If you can influence the upstream router configuration, reserve a static IPv4 address in the configuration of the upstream router.
- Otherwise set an address from a different range, for example if the upstream router supplies 10.0.x.x addresses, use 192.168.x.x. You’ll have to configure your computer to use the same range whenever you need to access the router configuration.

Turn off the DHCP server (both IPv4 and IPv6) of the subordinate router.

Disconnect the upstream cable from the WAN port and connect it to a LAN port.

Based on: http://it.cestuji.info/modem-jako-switch.php (in Czech)

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

|
show 1 more comment

It turns out that the house router gets the range of IP addresses with the prefix /64 which seems to be not divisible into multiple subnets.

An IPv6 address is eight groupings of numbers:

Network address - the first three groupings of numbers (first 48 bits) in the subnet mask

Subnet address - the fourth grouping of numbers (the 49th through 64th bits) in the subnet mask

Device address - the last four groupings of numbers (the last 64 bits) in the subnet mask

Source: IBM Knowledge Center – Subnet masks (IPv4) and prefixes (IPv6)

The ISP seems to be not following the Recommendations on IPv6 Address Allocations to Sites.

In particular, it recommends the assignment of
/48 in the general case, /64 when it is known that one and only one
subnet is needed and /128 when it is absolutely known that one and
only one device is connecting.

Alternative

I got IPv6 working by setting up the router as a switch. However, this means that all the devices and traffic on the subordinate (flat) network are exposed to the upstream (house) network.

Instructions

Manually set the LAN IPv4 address of the subordinate router. You will need it to access the configuration of that router, at least the parts that will be applicable after the transition, for example Wi-fi.
- If you can influence the upstream router configuration, reserve a static IPv4 address in the configuration of the upstream router.
- Otherwise set an address from a different range, for example if the upstream router supplies 10.0.x.x addresses, use 192.168.x.x. You’ll have to configure your computer to use the same range whenever you need to access the router configuration.

Turn off the DHCP server (both IPv4 and IPv6) of the subordinate router.

Disconnect the upstream cable from the WAN port and connect it to a LAN port.

Based on: http://it.cestuji.info/modem-jako-switch.php (in Czech)

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

It turns out that the house router gets the range of IP addresses with the prefix /64 which seems to be not divisible into multiple subnets.

An IPv6 address is eight groupings of numbers:

Network address - the first three groupings of numbers (first 48 bits) in the subnet mask

Subnet address - the fourth grouping of numbers (the 49th through 64th bits) in the subnet mask

Device address - the last four groupings of numbers (the last 64 bits) in the subnet mask

Source: IBM Knowledge Center – Subnet masks (IPv4) and prefixes (IPv6)

The ISP seems to be not following the Recommendations on IPv6 Address Allocations to Sites.

In particular, it recommends the assignment of
/48 in the general case, /64 when it is known that one and only one
subnet is needed and /128 when it is absolutely known that one and
only one device is connecting.

Alternative

I got IPv6 working by setting up the router as a switch. However, this means that all the devices and traffic on the subordinate (flat) network are exposed to the upstream (house) network.

Instructions

Manually set the LAN IPv4 address of the subordinate router. You will need it to access the configuration of that router, at least the parts that will be applicable after the transition, for example Wi-fi.
- If you can influence the upstream router configuration, reserve a static IPv4 address in the configuration of the upstream router.
- Otherwise set an address from a different range, for example if the upstream router supplies 10.0.x.x addresses, use 192.168.x.x. You’ll have to configure your computer to use the same range whenever you need to access the router configuration.

Turn off the DHCP server (both IPv4 and IPv6) of the subordinate router.

Disconnect the upstream cable from the WAN port and connect it to a LAN port.

Based on: http://it.cestuji.info/modem-jako-switch.php (in Czech)

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

edited Feb 2 at 15:52

answered Oct 16 '16 at 19:32

Melebius

6551925

answered Oct 16 '16 at 19:32

Melebius

6551925

answered Oct 16 '16 at 19:32

Melebius

6551925

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

|
show 1 more comment

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

Well I wouldn’t really call that a solution. I’d rather forgo IPv6 than expose my internal network to others.

– Daniel B
Oct 17 '16 at 6:26

@DanielB Yes, this is kind of a way, not the preferred one. I am still asking for a better solution.

– Melebius
Oct 17 '16 at 6:38

@DanielB: How exactly do you want to avoid "exposing your internal network to others" in IPv6? Global IPv6 addresses are reachable from everywhere, and IPv6 NAT is icky. Ok, you can stop link-local broadcasts etc. by not briding, but that's about all you can do, I think.

– dirkt
Nov 24 '17 at 11:17

@dirkt How to it? Well by using a firewall of course. You can use connection tracking even without NAT. Unrelated traffic is simply dropped.

– Daniel B
Nov 24 '17 at 12:47

@DanielB: If you want a firewall, then add a firewall. That's unrelated to the question of "routing or bridging".

– dirkt
Nov 24 '17 at 14:04

|
show 1 more comment

draft saved

draft discarded

Thanks for contributing an answer to Super User!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

Setting up IPv6 on a router behind another router

Network topology

Direct connection

Current router settings

EDIT

EDIT 2

Network topology

Direct connection

Current router settings

EDIT

EDIT 2

Network topology

Direct connection

Current router settings

EDIT

EDIT 2

Network topology

Direct connection

Current router settings

EDIT

EDIT 2

1 Answer 1

Further reading

Alternative

Instructions

Your Answer

Sign up or log in

Post as a guest

Post as a guest

1 Answer 1

1 Answer 1

Further reading

Alternative

Instructions

Further reading

Alternative

Instructions

Further reading

Alternative

Instructions

Further reading

Alternative

Instructions

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

Mouse cursor on multiple screens with different PPI

Agildo Ribeiro

Sometime when accessing a menu: “Ubuntu 16.04 has experienced an internal error”

1 Answer
1

1 Answer
1

1 Answer
1