× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Rbr50 ipv6 6rd is broken

Jaiter
Aspirant
Aspirant
‎2022-09-23 03:39 PM
‎2022-09-23 03:39 PM

Rbr50 ipv6 6rd is broken

I'm trying to configure ipv6 using the 6rd method, but the rbr50 appears to be just dropping all ipv6 traffic and not allowing anything through. Interestingly I can ping it over ipv6 from a VPS on the internet so the link is working.
I have also used the debug interface to do a packet capture and see all the packets on the wan interface but incoming packets never appear on the lan.
Ipv6 firewall security is set to "open"
Any ideas?
Message 1 of 9
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-09-23 04:36 PM
‎2022-09-23 04:36 PM

Re: Rbr50 ipv6 6rd is broken

Is rd6 the only IPv6 method supported by your ISP?

 

Could you please explain how ivp6 is being tested?  What I have done is open a command window on my PC and type this command:

 

ping -6 yale.edu

 

 

Message 2 of 9
0 Kudos
Reply
Jaiter
Aspirant
Aspirant
‎2022-09-23 04:42 PM
‎2022-09-23 04:42 PM

Re: Rbr50 ipv6 6rd is broken

Unfortunately yes it is the only method.
I have tested using
Ping google.com -6

And used wireshark on both pc and from the /debug.htm page on the rbr50.
I can see DNS queries going out and coming back on the wan, but the router responds with ICMP destination unreachable to the incoming packet.
Also on the wan interface I see the outgoing ping packet, the return echo comes back to the wan interface but just never gets back to the lan side and to the pc.
Message 3 of 9
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-09-23 05:36 PM
‎2022-09-23 05:36 PM

Re: Rbr50 ipv6 6rd is broken

Well, ipv6 was working fine for me, then it was not, and now it is again.

 

On the IPv6 setup page, I noticed that the ipv6 DNS servers were both "Link Local addresses" (starting with fe80).  Having no memory of why that was so, I thought, "I'll just use CloudFlare and Google instead, and changed the setting to this:

CrimpOn_0-1663978859976.png

Here's what happened:

Original Setting used this DNS server (Link Local address):
fe80:0:fb39:1f6b:f7c3:6db0:0:1

C:\Users\Dick>ping yale.edu -6

Pinging yale.edu [2a04:4e42::645] with 32 bytes of data:
Reply from 2a04:4e42::645: time=18ms
Reply from 2a04:4e42::645: time=10ms
Reply from 2a04:4e42::645: time=11ms
Reply from 2a04:4e42::645: time=16ms

Ping statistics for 2a04:4e42::645:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 18ms, Average = 13ms

C:\Users\Dick>ping google.com -6

Pinging google.com [2607:f8b0:4007:818::200e] with 32 bytes of data:
Reply from 2607:f8b0:4007:818::200e: time=20ms
Reply from 2607:f8b0:4007:818::200e: time=10ms
Reply from 2607:f8b0:4007:818::200e: time=20ms
Reply from 2607:f8b0:4007:818::200e: time=11ms

Ping statistics for 2607:f8b0:4007:818::200e:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 20ms, Average = 15ms

C:\Users\Dick>ping google.com -6

Here I changed the DNS servers to CloudFlare and Google:

Pinging google.com [2607:f8b0:4007:80a::200e] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2607:f8b0:4007:80a::200e:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Dick>ping -6 yale.edu

Pinging yale.edu [2a04:4e42::645] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2a04:4e42::645:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Frustrated now, I stewed around and then tried some more:

C:\Users\Dick>ping -6 harvard.edu

Pinging harvard.edu [2a04:4e42:600::645] with 32 bytes of data:
Reply from 2a04:4e42:600::645: time=10ms
Reply from 2a04:4e42:600::645: time=11ms
Reply from 2a04:4e42:600::645: time=16ms
Reply from 2a04:4e42:600::645: time=10ms

Ping statistics for 2a04:4e42:600::645:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 16ms, Average = 11ms

C:\Users\Dick>ping -6 yale.edu

Pinging yale.edu [2a04:4e42:200::645] with 32 bytes of data:
Reply from 2a04:4e42:200::645: time=20ms
Reply from 2a04:4e42:200::645: time=11ms
Reply from 2a04:4e42:200::645: time=19ms
Reply from 2a04:4e42:200::645: time=10ms

Ping statistics for 2a04:4e42:200::645:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 20ms, Average = 15ms

This means:

  1. That IPv6 is touchy?
  2. That on my system IPv6 seems to be working (with Spectrum DHCP)
Message 4 of 9
0 Kudos
Reply
Jaiter
Aspirant
Aspirant
‎2022-09-23 10:48 PM
‎2022-09-23 10:48 PM

Re: Rbr50 ipv6 6rd is broken

The frustrating thing for me is that I can see the ICMP 6 ping packets entering the router, the outbound ping to the internet, the return ping from Google servers and then it just disappears inside the orbi.
Is there a way to get SSH Access to the router, it's only embedded Linux after all and would massively help with debugging....
Message 5 of 9
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-09-23 11:03 PM
‎2022-09-23 11:03 PM

Re: Rbr50 ipv6 6rd is broken

@Jaiter wrote:
Is there a way to get SSH Access to the router, it's only embedded Linux after all and would massively help with debugging....

Originally, the Orbi router had an option to enable telnet (not ssh, but on a LAN there is not much practical difference).  The option was removed a while ago, but there is a Python script on github that will enable telnet for the RBR50 router.

https://github.com/bkerler/netgear_telnet 

Login credentials are "admin" and the Orbi admin password.

 

IPv6 is a total mystery for me.  I am comfortable with the way IPv4 works using Network Address Translation to map outgoing connections back to the LAN IP address.  It is not clear at all (to me) how IPv6 works.  My PC, for example, has quite a bit to say about IPv6:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : peakview.rr.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-25-64-0F-BA-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2603:8000:403:bd7c:9913:c3f2:15ee:7438(Preferred)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:84f:4c5c:38aa:a01d(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:81f6:97f6:ee01:acf0(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:882e:d6a9:b1cc:800d(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:c08a:85cb:5743:9103(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:c584:c241:19cf:c53b(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:cdc8:22da:2091:769f(Deprecated)
   Temporary IPv6 Address. . . . . . : 2603:8000:403:bd7c:d9c2:3fc5:45c4:bc95(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9913:c3f2:15ee:7438%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 13, 2022 1:43:05 PM
   Lease Expires . . . . . . . . . . : Saturday, September 24, 2022 1:43:05 PM
   Default Gateway . . . . . . . . . : fe80::a204:60ff:fe1c:239%22
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 85992804
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-FC-C7-63-20-25-64-0F-BA-CD
   DNS Servers . . . . . . . . . . . : fe80::a204:60ff:fe1c:239%22
                                       192.168.1.1
                                       fe80::a204:60ff:fe1c:239%22
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       peakview.rr.com

 

I seem to have "Temporary" IPv6 Addresses. Why?

When an ICMP (Ping) packet is sent off through the router, what is the source address?

 

And, of course, I am too ignorant to know if there is any fundamental difference between DHCP IPv6 and IPv6 RD.

Message 6 of 9
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-09-23 11:19 PM
‎2022-09-23 11:19 PM

Re: Rbr50 ipv6 6rd is broken

(Sorry to be so slow......)

 

Wireshark capture on the PC Ethernet interface of  ping -6 yale.edu:

CrimpOn_0-1664000085513.png

Pretty clear that this RBR50 sends the IPv6 ping responses back to my PC.

 

Message 7 of 9
0 Kudos
Reply
Jaiter
Aspirant
Aspirant
‎2022-09-24 07:44 AM
‎2022-09-24 07:44 AM

Re: Rbr50 ipv6 6rd is broken

it must be a configuration thing with mine then, but theres so few options to adjust i just cant see what it can be

Message 8 of 9
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2022-09-24 01:14 PM
‎2022-09-24 01:14 PM

Re: Rbr50 ipv6 6rd is broken

You might try loading Voxels FW on your 50 series and see if the IPv6 works better. 

From understandings, NGs core IPv6 framework is out of date and hasn't been updated across all Orbi systems. This maybe causing problems. 

Message 9 of 9
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 8 replies
  • ‎2022-09-23 03:39 PM
  • 1311 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series