fl4co
Forum Members-
Posts
41 -
Joined
-
Last visited
Equipment
-
Keenetic
Skipper
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
fl4co's Achievements
-
I have found this log: However, I believe that delegating ULA prefixes can be useful in a local environment with multiple routers. Also, I believe the ULA address space is fc00::/7, so fd00::/8 is not the entirety of the address space. Even if you wanted to block any non globally routable prefix, I can delegate prefixes outside of 2000::/3 as I showed on the first post. By the way, I hope you decide not to block the ULA address space.
-
Version tested: latest stable (4.0.5) If I delegate a ULA address from a DHCPv6 server to the Keenetic, the server will confirm that the Keenetic requested the ULA prefix and that it is bound: However, the prefix is not found on the Keenetic and cannot be used: Instead, if I try to add a non-ULA prefix, even a non-routable one, the Keenetic correctly acquires it and subnets from it can be advertised on the local segments:
-
tunnel broker IPv6 in IPv4 tunelling ICMP error
fl4co replied to fieldmarshall's question in Community Support & Knowledge Exchange
You have to allow ICMP on the firewall. By default it's dropped. -
It looks like your Keenetic gets a single IP address and not a prefix, so the devices on your LAN have no IPv6 addresses.
-
Can you post the IPv6 routing table, both for the router and your PC?
-
The /128 routes you see on the Web GUI are addresses assigned to the router's network interfaces, while the address you see on the ipv6 test website is your computer's. So it's normal they are different. But I have two fe80::/10 routes too, one is "proto: kernel" and the other is "proto:boot". I don't know if it's intended that both get added and displayed.
-
4.0 Alpha 1 - ipv6 route not defined
fl4co replied to Ahmed Ensar's question in Dev channel issues & test reports
I have similar problems, at first I couldn't get a prefix via DHCPv6-PD from my provider (via PPPoE), then I got the prefix but the routes are strange, and no default gateway, so no IPv6 connectivity: Also the logs are full of this errors: Edit: regarding the last problem, it looks like the new cli command is now "show ipv6 route" and not "routes", so maybe that's the cause. -
Today I was looking around and found that the standard radvd daemon is used for sending router advertisements in the LAN. It is launched with the configuration file located at /var/run/radvd.conf (which is a symlink to /tmp/run). This means that the configuration file is generated at runtime and can't be edited by the user 🥲 This is the content of the file (one entry for each subnet, IP addresses redacted): /tmp/run # cat radvd.conf interface br0 { AdvSendAdvert on; AdvOtherConfigFlag on; AdvManagedFlag off; prefix 2a00:xxxx:xxxx::/64 { AdvOnLink on; DeprecatePrefix on; AdvAutonomous on; DecrementLifetimes on; AdvPreferredLifetime 716; AdvValidLifetime 716; }; RDNSS fe80::xxxx:xxxx:xxxx:xxxx { }; }; The DNS server is advertised with the RDNSS option, so hopefully a CLI command can be added to have the user set the preferred DNS server 👍
-
Allow IPv6 subnet in firewall
fl4co replied to fl4co's question in Community Support & Knowledge Exchange
Isn't ICMPv6 necessary for IPv6 to work correctly? Oh wow, prefix delegation would be excellent! However I can't seem to be able to use it in 3.9 Beta 1, when will it be publicly available? -
My ISP delegates a /56 IPv6 prefix, which is assigned to my Keenetic gateway and everything works fine. I'd like to statically add a /64 subnet to another router connected to my LAN (or to some VMs behind a supervisor). I can easily achieve this configuration with a static route on the Keenetic. However, I noticed that if the IPv6 firewall is enabled no communication is possible from the Internet. If the firewall is disabled, everything works, but I don't want to completely disable the firewall. Is there any way to allow traffic to a specific subnet? Also, I'm running version 3.9 Beta 1 and I noticed that with the IPv6 firewall enabled hosts on the LAN do not reply to ICMPv6 echo requests (and possibly to ICMPv6 altogether), while the router still answers to pings to the IPv6 address on the Bridge0 interface. Is this an intended change? I'm pretty sure that ICMPv6 used to not be filtered by the firewall.
-
I'm trying to setup an IPv6 address as my DoT resolver, as I read it should be now supported by version 3.9. I can't do it in the web GUI (the IPv6 address is not accepted), and in the CLI I can add it with "dns-proxy tls upstream <IP address>" but then it doesn't seem to work (web sites will just timeout). I'm using a Skipper.
-
Delete setting via HTTP API
fl4co replied to fl4co's question in Community Support & Knowledge Exchange
Thank you! This was not immediately clear to me after reading the Command Reference Guide. -
Hi, I'm in the process of learning how to use the API and I succeeded in retrieving information from the router and to change settings. However, I can't find a way to delete a setting and reverting it to default. For example, I'm able to set a connection policy for a client, passing a "mac" and "policy" parameter with a POST method, but I don't know how to delete this setting. I tried with a DELETE method but I always receive an error. In short, I'd like to know the HTTP request for "no ip hotspot host <mac> policy".
-
[IPv6] Do not wait for RA option or automatically add default route
fl4co posted a question in Feature Requests
My ISP assigns a IPv6 prefix via PPPoE. However, they do not send a Router Advertisement packet. I don't know if it's a technical limitation of IPv6 via PPPoE or choice by the ISP. The result is that the Keenetic router gains the delegated prefix, but no IPv6 default gateway is set, and with no default gateway IPv6 addresses are not distributed on the LAN via SLAAC or DHCPv6. Back in May 2021 I discussed this issue with Keenetic Support, and at last they suggested to run the command interface PPPoE0 ipv6 force-default After appliying this command the PPPoE interface is set as IPv6 default gateway and all devices start getting IPv6 addresses. So, currently a CLI command is required in order to have a functional IPv6 setup. I'd like request that Keenetic implemets one of the two following solutions: Add a "Do not wait for RA" option, like pfSense does. This way the Keenetic router will not wait endlessly for a RA packet that will never arrive, and setup the default gateway autonomously. Automatically set the default gateway as the PPPoE interface, or use the link-local address of the ISP router as gateway. This is what OpenWrt does, as I tested it on network contract. I don't know if every ISP does not send RA packets via PPPoE, but I know of at least two ISPs in my country with this "problem". As of today checking the "Use IPv6" box in the PPPoE section of the Keenetic router does not result in a functional IPv6 setup, because an additional CLI command is required.