IPv6 Native with Telstra, Australia

randomaustralian

so i followed your guide and the only thing that was different to my existing settings was the system tunable lines of steps 19 and 20.

i do get IPv6 internally rout-able addresses like last time but i still cant seem to pass any traffic which has been my standing problem for a while now.

Edit:

i'd like to add i am receiving IPv6 traffic because i never have had snort report an alert with an IPv6 address. i don't know how to or what a WHIM is on whirlpool.

Larrikin

@randomaustralian said in IPv6 Native with Telstra, Australia:

so i followed your guide and the only thing that was different to my existing settings was the system tunable lines of steps 19 and 20.

i do get IPv6 internally rout-able addresses like last time but i still cant seem to pass any traffic which has been my standing problem for a while now.

Double check steps 1 to 6.

Show screen shots of System, Routing, Gateways and your firewall ruleset on the LAN.

Larrikin

@randomaustralian said in IPv6 Native with Telstra, Australia:

Edit:

i'd like to add i am receiving IPv6 traffic because i never have had snort report an alert with an IPv6 address. i don't know how to or what a WHIM is on whirlpool.

That's fine. Just direct msg me here instead. I frequent both forums. I'm sure we'll get you working. I'm willing to bet its an old setting you've forgotten about when you've played with this that you've assumed aligns with the how to guide, but probably doesn't. We'll find it, and fix it :)

randomaustralian

@larrikin Actually i'm confident your settings are working fine. I can ping IPv6 addresses from my desktop.

In fact. I tried to ping Cloudflares IPv6 DNS server 2606:4700:4700::1111 and realized i had not re-added Cloudflares IPv6 DNS addresses back into my pfSense configuration.

Addresses re-added. Rebooted. http://ipv6-test.com/ reports i have a working IPv6 stack.

0_1551573288324_336c257b-5881-4611-8f43-413e093d0c6d-image.png

Larrikin

@randomaustralian said in IPv6 Native with Telstra, Australia:

@larrikin Actually i'm confident your settings are working fine. I can ping IPv6 addresses from my desktop.

In fact. I tried to ping Cloudflares IPv6 DNS server 2606:4700:4700::1111 and realized i had not re-added Cloudflares IPv6 DNS addresses back into my pfSense configuration.

Addresses re-added. Rebooted. http://ipv6-test.com/ reports i have a working IPv6 stack.

Yep - you are good. It's working. You may not have rebooted before after making the tunable changes which is key for this to work. There you go. Enjoy IPv6!

Derelict

@randomaustralian said in IPv6 Native with Telstra, Australia:

I was considering paying for a Netgate support subscription to get the results i was after.

With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

randomaustralian

@derelict Well now i can potentially be that private consultant.

Larrikin

@derelict said in IPv6 Native with Telstra, Australia:

@randomaustralian said in IPv6 Native with Telstra, Australia:

I was considering paying for a Netgate support subscription to get the results i was after.

With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

Or not paying anyone and relying on the community working as a team to get this sorted :)

randomaustralian

@larrikin

what i have experienced with Telstra is they are very anal about consumers using Telstra's supplied gear.

They refuse to support your internet connection if you don't use their gear. I have to keep their supplied gateway handy in case i have an outage and then confirm the outage exists on their router too before calling them or they wont support me. :\

Larrikin

@derelict said in IPv6 Native with Telstra, Australia:

@randomaustralian said in IPv6 Native with Telstra, Australia:

I was considering paying for a Netgate support subscription to get the results i was after.

With an uncooperative ISP who needs special sauce there is probably not a lot we could have done. Paying a local consultant who is familiar with Telstra would have probably been a better bet.

I think that's a little unfair. Telstra wasn't uncooperative, and the theory I posted above turned out to be accurate. The system tuneables changes address the ICMPv6 flow neighbor solicit. And part of my theory was built on information supplied by Telstra and the other part built on packet captures. Telstra didn't need to give me that information, but the guy did. It's just that I didn't pay enough attention to it at the time and I (amongst others) got hung up on one UDP packet rather than looking at the bigger picture.

Derelict

@larrikin For you perhaps. Sounds like you have a special friend that is not what everyone's experience is.

Derelict

Telstra chose to be different and refuse to document that difference.

Larrikin

@derelict said in IPv6 Native with Telstra, Australia:

@larrikin For you perhaps. Sounds like you have a special friend that is not what everyone's experience is.

Well, again, to defend Telstra... I simply posted a problem once I was having in a public forum. A back of house Telstra person personally reached out to me in a private chat message providing his work email address and fixed the issue. He gave me his mobile number and we also spoke on the phone.

He also asked not to be named publicly at the time for that, he was just happy to resolve it. That's how he became my contact. Because of his initiative.

Reading his posts, I'm not the only one he has helped.

Derelict

If you search this forum for net.inet6.icmp6.nd6_onlink_ns_rfc4861 you will find this thread.

No other ISP in the world is known to require that default be changed.

Bigmaccius

@derelict the problem with Telstra in my experience has always been that there's two sides to their company - there's some great people there who are extremely knowledgeable on the business side as @Larrikin proves through his contact (and I've got similar contacts at Telstra too).

But the Consumer side of Telstra and especially the Level 1 Support are more than often terrible and to @randomaustralian's point as soon as you tell them you're not using the supplied Gateway as that point they are completely off-script and completely useless.

Larrikin

@derelict said in IPv6 Native with Telstra, Australia:

Telstra chose to be different and refuse to document that difference.

Different to what? My issue with IPv6 is that it's incredibly complex compared to IPv4, and there are many ways to implement it and still be compliant to the standard.

I agree it would be nice for Telstra to document how they run IPv6, but they have made a commercial decision that if you sign up with them, you use their router. Everything that has been done has been unofficial. If we don't like it, then we find another ISP. I'm not arguing that Telstra is right in their approach, it's just the decision they have taken.

They are by far the largest ISP in Australia - they own the market. And that means most people are standard "mums and dads" who just want an end to end service supported - so Telstra can support the router as well given that they control it.

Anyhow, I guess in summary, in part I agree with you in that I'd like them to publish this information, but the moment they do, they are creating a rod for their own back for then getting sucked into supporting third party routers which goes against the grain of the company's position.

I also keep coming back to IPv6 is a very complex beast. Even if they did publish more info on it, each vendor has different ways to configure it, so what then?

Derelict

That is true for all ISPs. It is particularly problematic when an ISP chooses to deploy something that requires special treatment and is silent about what that special treatment is.

Derelict

Giving people the information necessary to configure their own routers is not stabbing themselves in the back.

They can still say "use our router or we're going to hang up on you."

Larrikin

@derelict said in IPv6 Native with Telstra, Australia:

If you search this forum for net.inet6.icmp6.nd6_onlink_ns_rfc4861 you will find this thread.

No other ISP in the world is known to require that default be changed.

Goes to show you how good @Bigmaccius is in finding that particular tunable and getting it working :). I'd rather focus on the positive. This thread started asking the community for help. And it delivered (along with a contact at Telstra). Now we have a publicly available Wiki that shows exactly how to get it working.

To me, that is the true story here.

For future, as IPv6 gets further deployed (and its accelerating now) this situation is going to happen time and time again with other ISP's around the world. If I were netgate (for the thousandth time), I'd be documenting all of these wikis, put them all in one place so as the community works out how each ISP works, they can go to a netgate page and look up their ISP.

If their ISP is missing, that's a commercial opportunity for netgate to monetise helping people sort these things out.

Derelict

And zero burden placed on the ISPs who, in the vast majority of cases, is the one actually getting paid $$