D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-645 => Topic started by: jervin on November 19, 2012, 08:14:29 PM
-
So, I have a DLink DIR-645 Router at the 1.03 firmware level. I think I've configured the IPV6 and my devices seem to be getting ipv6 addresses, but when I try to do something like "ping6 ipv6.google.com", I get nothing coming back... ie:
jervin@Latitude:~$ ping6 ipv6.google.com
PING ipv6.google.com(yh-in-x67.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10080ms
it even seems to be able to get the ip(v6) address of the url to be pinged.
Configuration is like this:
IPv6 in IPv4 Tunnel
Remote IPv4 Address: 209.51.161.58
Remote IPv6 Address: 2001:470:4:c5e::1
Local IPv4 Address : 142.196.64.240
Local IPv6 Address :2001:470:4:c5e::2
Subnet Prefix Length: 64
Primary DNS Server: 2001:4860:4860::8844 (OpenDNS)
Secondary DNS Server: 2001:4860:4860::8888
Lan IPv6 Address: 2001:470:5:c5e::/64
Lan IPV6 Link-Local Address: fe80::ceb2:55ff:fefe:6fe0 /64
Enable Automatic IPv6 address assignment checked
Autoconfiguration: Stateful DHCPV6 (Could be SLAAC+RDNSS, or SLAAC+Stateless DHCP)
I had it working on my WRT54G with Tomato Software before it croaked and had to be replaced.
Oh Yes, the Status Screen for IPv6 says the following:
IPv6 Connection Information
IPv6 Connection Type : 6IN4
Network Status : Connected
Connection Up Time : 0 Day 0 Hour 55 Min 53 Sec
WAN IPv6 Address : 2001:470:4:c5e::2 /64
IPv6 Default Gateway : 2001:470:4:c5e::1
Primary IPv6 DNS Server : 2001:4860:4860::8844
Secondary IPv6 DNS Server : 2001:4860:4860::8888
LAN IPv6 Link-Local Address : fe80::ceb2:55ff:fefe:6fe0 /64
DHCP-PD : Disabled
IPv6 Network assigned by DHCP-PD : None
LAN IPv6 Address : 2001:470:5:c5e:: /64
LAN IPv6 Computers
IPv6 Address Name(if any)
2001:470:5:c5e::3/64
-
What region are you located?
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
-
Located in the United States, in Orlando, FL to be specific.
I have Cable service from Brighthouse
I am using their Cable Modem, Standalone.
The Cable Modem is... Webstar by Scientific-Atlanta Inc. DPC2100 Series
-
Hi Jervin,
there is nothing looking wrong to me. Please check if the IPv6 firewall inside DIR-645 (if it has one) is enabled. AFAIK D-LINK uses a default configuration for an enabled IPv6 firewall where everything gets blocked in both directions. So you have to setup at least one single rule that allows outgoing traffic of any kind. In your test Google's IPv6 address might have been resolved via your configured IPv4-DNS server.
PacketTracer
-
Just FYI, there is a FW update and include some IPv6 Enhancements. Not sure if this would be of any help here or not. If you got it working then I would leave it running as is unless your a brave sole. ::)
-
No and I'm afraid that what I need are simple instructions about how to set up a tunnel on the DIR-645. I'll keep checking and keep the firmware updated and eventually I'll get it running.
-
I had already updated to the 1.03 firmware.
-
Hi Jervin,
here is what I get when pinging your WAN side IPv6 address 2001:470:4:c5e::2:
C:\>ping 2001:470:4:c5e::2
Ping wird ausgeführt für 2001:470:4:c5e::2 von 2001:4dd0:XXXX:YYYY:c4e4:8413:4c33:3b66 mit 32 Bytes Dat
en:
Antwort von 2001:470:4:c5e::2: Zeit=177ms
Antwort von 2001:470:4:c5e::2: Zeit=180ms
Antwort von 2001:470:4:c5e::2: Zeit=178ms
Antwort von 2001:470:4:c5e::2: Zeit=180ms
Ping-Statistik für 2001:470:4:c5e::2:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 177ms, Maximum = 180ms, Mittelwert = 178ms
And here is what I get if I do a tracert for the LAN side address 2001:470:5:c5e::3 of a LAN host:
C:\>tracert 2001:470:5:c5e::3
Routenverfolgung zu 2001:470:5:c5e::3 über maximal 30 Abschnitte
1 <1 ms <1 ms <1 ms SIXBOX [2001:4dd0:XXXX::1]
2 30 ms 29 ms 29 ms gw-3120.cgn-01.de.sixxs.net [2001:4dd0:XXXX:XXXX::1]
3 30 ms 30 ms 29 ms 2001:4dd0:1234:3::42
4 30 ms 30 ms 30 ms core-eup2-ge1-22.netcologne.de [2001:4dd0:1234:3:dc40::a]
5 34 ms 33 ms 34 ms rtamsix-te4-2.netcologne.de [2001:4dd0:a2b:6d:30::b]
6 34 ms 47 ms 34 ms 20gigabitethernet1-3.core1.ams1.ipv6.he.net [2001:7f8:1::a500:6939:1
]
7 41 ms 44 ms 49 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
8 109 ms 118 ms 109 ms 10gigabitethernet7-4.core1.nyc4.he.net [2001:470:0:128::1]
9 119 ms 125 ms 123 ms 10gigabitethernet2-3.core1.ash1.he.net [2001:470:0:36::1]
10 127 ms 127 ms 127 ms 10gigabitethernet1-2.core1.atl1.he.net [2001:470:0:1b5::2]
11 143 ms 144 ms 143 ms 10gigabitethernet4-1.core1.mia1.he.net [2001:470:0:a6::1]
12 146 ms 145 ms 144 ms tserv1.mia1.he.net [2001:470:0:8c::2]
13 183 ms 176 ms 176 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
14 187 ms 177 ms 180 ms tserv1.mia1.he.net [2001:470:0:8c::2]
15 232 ms 217 ms 209 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
16 223 ms 209 ms 211 ms tserv1.mia1.he.net [2001:470:0:8c::2]
17 251 ms 244 ms 250 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
18 264 ms 245 ms 243 ms tserv1.mia1.he.net [2001:470:0:8c::2]
19 293 ms 271 ms 283 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
20 287 ms 275 ms 287 ms tserv1.mia1.he.net [2001:470:0:8c::2]
21 318 ms 319 ms 307 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
22 316 ms 305 ms 307 ms tserv1.mia1.he.net [2001:470:0:8c::2]
23 352 ms 339 ms 337 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
24 389 ms 337 ms 354 ms tserv1.mia1.he.net [2001:470:0:8c::2]
25 379 ms 384 ms 376 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
26 385 ms 373 ms 385 ms tserv1.mia1.he.net [2001:470:0:8c::2]
27 426 ms 418 ms 427 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
28 415 ms 401 ms 411 ms tserv1.mia1.he.net [2001:470:0:8c::2]
29 445 ms 449 ms 478 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
30 472 ms 436 ms 460 ms tserv1.mia1.he.net [2001:470:0:8c::2]
Ablaufverfolgung beendet.
Interesting what happens at step 12 and the following ones: A packet for your LAN is correctly sent to the WAN interface of your router (2001:470:4:c5e::2), but instead of forwarding it one step further towards your LAN your router sends it back to the last he-net router (tserv1.mia1.he.net [2001:470:0:8c::2]. And then the packet is looping forwards and backwards indefinitely until tracert gives up or in other cases the hop count in the packet reaches the value 0.
Looking again at your configuration, the following looks wrong:
Lan IPv6 Address: 2001:470:5:c5e::/64
This is the prefix you want to use for your LAN (and it correctly gets routed to your router by he.net), but what you must specify here is the address of the LAN interface of your router and not the prefix only. So you should configure e.g. 2001:470:5:c5e::1/64. Please try this.
PacketTracer
-
Maybe someone can help you out using teamviwer...
-
That may have worked, I have trouble fully testing it from inside my network, but I can now ping ipv6.google.com. If you could do your tracert again and see if it looks any better.
-
Hi Jervin,
here you are:
Pinging your LAN (2001:470:5:c5e::3) is successful:
C:\>ping 2001:470:5:c5e::3
Ping wird ausgeführt für 2001:470:5:c5e::3 von 2001:4dd0:XXXX:YYYY:90ac:562c:d2f7:d0eb mit 32 Bytes Daten:
Antwort von 2001:470:5:c5e::3: Zeit=220ms
Antwort von 2001:470:5:c5e::3: Zeit=251ms
Antwort von 2001:470:5:c5e::3: Zeit=214ms
Antwort von 2001:470:5:c5e::3: Zeit=287ms
Ping-Statistik für 2001:470:5:c5e::3:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 214ms, Maximum = 287ms, Mittelwert = 243ms
Of course, TRACERT to your LAN is successful, too:
C:\>tracert 2001:470:5:c5e::3
Routenverfolgung zu 2001:470:5:c5e::3 über maximal 30 Abschnitte
1 <1 ms <1 ms <1 ms SIXBOX [2001:4dd0:XXXX::1]
2 30 ms 30 ms 30 ms gw-3120.cgn-01.de.sixxs.net [2001:4dd0:XXXX:YYYY::1]
3 30 ms 30 ms 41 ms 2001:4dd0:1234:3::42
4 31 ms 30 ms 29 ms core-eup2-ge1-22.netcologne.de [2001:4dd0:1234:3:dc40::a]
5 34 ms 33 ms 33 ms rtamsix-te4-2.netcologne.de [2001:4dd0:a2b:6d:30::b]
6 34 ms 34 ms 35 ms 20gigabitethernet1-3.core1.ams1.ipv6.he.net [2001:7f8:1::a500:6939:1]
7 49 ms 49 ms 50 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
8 114 ms 114 ms 123 ms 10gigabitethernet7-4.core1.nyc4.he.net [2001:470:0:128::1]
9 120 ms 120 ms 121 ms 10gigabitethernet2-3.core1.ash1.he.net [2001:470:0:36::1]
10 134 ms 127 ms 128 ms 10gigabitethernet1-2.core1.atl1.he.net [2001:470:0:1b5::2]
11 157 ms 150 ms 150 ms 10gigabitethernet4-1.core1.mia1.he.net [2001:470:0:a6::1]
12 148 ms 146 ms 147 ms tserv1.mia1.he.net [2001:470:0:8c::2]
13 177 ms 184 ms 177 ms jervin-1-pt.tunnel.tserv12.mia1.ipv6.he.net [2001:470:4:c5e::2]
14 292 ms 300 ms 307 ms 2001:470:5:c5e::3
Ablaufverfolgung beendet.
Seems to work like a charm.
Have fun
PacketTracer
-
Thanks for helping me out on this...
-
Thanks PacketTracer, your are the IPv6 god. ;D
-
It was working fine at the DLink DIR645 Router Level, could ping to ping6 to ipv6.google.com.
In summary for a DLINK DIR645 at V1.03 firmware:
In the Admin Menu
Click on "IPv6"
Click on "Manual IPV6 INTERNET CONNECTION SETUP" at the bottom of the page
Under IPv6 Connection set "My IPv6 Connection is " to "IPv6 in IPv4 Tunnel"
Under "IPv6 in IPv4 TUNNEL SETTINGS"
Remote IPv4 Address : to Tunnelbrokers "Server IPv4 Address"
Remote IPv6 Address : to tunnelbrokers " ="Server IPv6 Address" (without the /64)
Local IPv4 Address : should automatically be set to tunnelbrokers "Client IPv4 Address"
Local IPv6 Address : to tunnelbrokers "Client IPv6 Address" (without the /64)
Subnet Prefix Length : to 64
Under "IPv6 DNS SETTINGS"
I used "Obtain IPv6 DNS Servers automatically", but obviously you can set these if you want to.
Under "LAN IPv6 ADDRESS SETTINGS"
Do not use "Enable DHCP-PD", it didn't work for me
LAN IPv6 Address : set to tunnelbrokers "Routed /64" address (without the /64)
Under "ADDRESS AUTOCONFIGURATION SETTINGS"
Check off "Enable Automatic IPv6 address assignment"
Set "Autoconfiguration Type :" whatever you want, I used SLAAC + Stateless DHCP, but Stateless by itself worked and I didn't try SLAAC+RDNSS
Set "Router Advertisement Lifetime:" to 60 minutes because it seems to be some sort of default anyway.
Note: I don't know what to do with the tunnelbroker "Available DNS Resolvers" addresses. Should I use these in addition or instead of my DNS addresses?
-
Hi Jervin,
Under "IPv6 DNS SETTINGS"
I used "Obtain IPv6 DNS Servers automatically", but obviously you can set these if you want to.
I am in doubt if "Obtain IPv6 DNS Servers automatically" works with a HE tunnel, so I would recommend to select the other option "Use the following IPv6 DNS servers" and then specify the primary and secondary HE DNS server addresses.
Under "LAN IPv6 ADDRESS SETTINGS"
Do not use "Enable DHCP-PD", it didn't work for me
I wouldn't have expected either that DHCP-PD is available for a HE tunnel.
Under "ADDRESS AUTOCONFIGURATION SETTINGS"
Check off "Enable Automatic IPv6 address assignment"
Set "Autoconfiguration Type :" whatever you want, I used SLAAC + Stateless DHCP, but Stateless by itself worked and I didn't try SLAAC+RDNSS
Set "Router Advertisement Lifetime:" to 60 minutes because it seems to be some sort of default anyway.
You should use "SLAAC + Stateless DHCPv6" (as you did) because stateless DHCPv6 is the default method to convey the IPv6 primary and secondary DNS server addresses you entered above to the LAN client PCs. In contrast SLAAC+RDNSS is not recommendable, because RDNSS isn't supported by most client PCs (e.g. Windows). You could also use "Stateful DHCPv6", this would work either and give you more control about the assigned IPv6 addresses but would also mean more configuration steps (and hence possible sources for mistakes) to do.
Set "Router Advertisement Lifetime:" to 60 minutes because it seems to be some sort of default anyway.
A client in your LAN which receives a Router Advertisement (RA) sent by your DIR-645 on a regular basis (about every 10 minutes is a common default value) sees the router lifetime (contained in the RA) and if it is >0 it takes the source address of the Router Advertisement, which is always the router's link local address, as the initial or updated value of its default gateway and sets the valid timer for the default gateway to the lifetime value. Without receiving other RA the default gateway would become invalid if lifetime is over. Hence it is important that the router sends RA periodically and that the advertised lifetime is greater than the sending intervall. 60 minutes is okay. When a client starts it sends a Router Solicitation in order to force the router to send a RA at once in response.
Note: I don't know what to do with the tunnelbroker "Available DNS Resolvers" addresses. Should I use these in addition or instead of my DNS addresses?
If you configure it the way I described above you should see them as additional IPv6 DNS server addresses (besides the IPv4 ones) within your LAN client's IP/IPv6 configuration. In principle you can use either IPv4 DNS servers, IPv6 DNS servers or both to resolve names to both IPv4 and/or IPv6 addresses. I would use a combination of both to cover both cases of IPv4-only and IPv6-only DNS servers.
PacketTracer
-
Are the required DNS Servers the same thing as the "Available DNS Resolvers" mentioned on the tunnelbroker tunnel details page?
-
Yes, obviously! A "DNS resolver" is a "caching only" DNS server, i. e. it doesn't operate and hence isn't authoritative for any DNS zones. Instead it only asks other DNS servers to resolve names. It is a good choice to use the DNS resolvers offered by your Providers: They can answer your DNS queries very quickly because there is a high probabiltiy that queries can be answered from the resolver's cache.
-
Thanks, it's amazing how much I don't know about the network world (ipv6, dns, gateways etc). Now that I seem to have the DIR-645 up and running with ipv6, now I'm trying to get a pfsense server up and running with ipv6, running under the DIR-645 and it seems to be even trickier (as far as terminology that confuses me).
Thanks all for the help getting the DIR-645 up with the IPv6 in IPv4 tunnel.
-
Why pfsense? Why don't you simply use the IPv6 firewall built into DIR-645 (see page 88 of DIR-645 manual: http://www.manualowl.com/m/D-Link/DIR-645/Manual/224685 (http://www.manualowl.com/m/D-Link/DIR-645/Manual/224685))?
Select "Turn IPv6 Filtering ON and ALLOW rules listed" and then specify and activate (tick the checkbox) a single rule which allows any outgoing traffic (Source: LAN, Dest: WAN, Protocol: ANY, Schedule: Always, Name: whatever you like, both IP Address Ranges: top field: :: bottom field: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) (I'm not sure how D-Link wants to have the zero value for the top field, if :: doesn't work try ::0 or 0:0:0:0:0:0:0:0)
Edit: This configuration will drop any incoming unsolicited traffic (responses to your outgoing requests are allowed of course because the firewall is stateful). Check this by trying the following portscanner: http://ipv6.chappell-family.com/ipv6tcptest/ (http://ipv6.chappell-family.com/ipv6tcptest/).
-
Apples and Oranges, I am going to be using the pfsense system to replace a SonicWall unit at my church. the DIR-645 is at my house.
-
Sorry for misunderstanding. Good luck with pfsense!