Ik heb al enige tijd mijn Xperiabox vervangen voor een Unifi Security Gateway met daarachter een Unifi switch. Nu werkt internettoegang in principe prima, maar heb ik IPv6 nooit helemaal aan de praat gekregen.
Ik heb voornamelijk deze post gevolgd, en het lijkt half te werken. Ten eerste krijgen zowel mijn router als LAN devices een IPv6-adres toegewezen, en kan ik met bijvoorbeeld ping6 google.com prima pingen. De IPv6 test van Google zegt dat alles prima werkt, maar (bijvoorbeeld) test-ipv6.com geeft errors aan, met onder andere de melding "Our tests show that you will have a broken or misconfigured IPv6 setup, and this will cause problems as web sites enable IPv6."
Dit lijkt te kloppen, want een aantal websites, zoals tweakers.net laden niet (blijft eeuwig hangen in de browser op "Performing a TLS handshake").
Door deze mixed signals weet ik niet meer zo goed wat ik het beste kan doen, of hoe ik dit kan debuggen. Heeft iemand suggesties?
Hier mijn config.gateway.json:
code:
{
"firewall": {
"ip-src-route": "disable",
"ipv6-name": {
"WANv6_IN": {
"default-action": "drop",
"description": "WAN inbound traffic forwarded to LAN",
"enable-default-log": "''",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
}
}
},
"WANv6_LOCAL": {
"default-action": "drop",
"description": "WAN inbound traffic to the router",
"enable-default-log": "''",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related sessions",
"state": {
"established": "enable",
"related": "enable"
}
},
"20": {
"action": "drop",
"description": "Drop invalid state",
"state": {
"invalid": "enable"
}
},
"30": {
"action": "accept",
"description": "Allow IPv6 icmp",
"protocol": "ipv6-icmp"
},
"40": {
"action": "accept",
"description": "allow dhcpv6",
"destination": {
"port": "546"
},
"protocol": "udp",
"source": {
"port": "547"
}
}
}
}
},
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"log-martians": "enable",
"source-validation": "disable"
},
"interfaces": {
"ethernet": {
"eth0": {
"description": "eth0 - FTTH",
"duplex": "auto",
"speed": "auto",
"vif": {
"4": {
"address": [
"dhcp"
],
"description": "eth0.4 - IPTV",
"dhcp-options": {
"client-option": [
"send vendor-class-identifier "IPTV_RG";",
"request subnet-mask, routers, rfc3442-classless-static-routes;"
],
"default-route": "no-update",
"default-route-distance": "210",
"name-server": "update"
},
"ip": {
"source-validation": "loose"
}
},
"6": {
"description": "eth0.6 - Internet",
"pppoe": {
"2": {
"dhcpv6-pd": {
"no-dns": "''",
"pd": {
"0": {
"interface": {
"eth1": "''"
},
"prefix-length": "/48"
}
},
"rapid-commit": "disable"
},
"firewall": {
"in": {
"ipv6-name": "WANv6_IN",
"name": "WAN_IN"
},
"local": {
"ipv6-name": "WANv6_LOCAL",
"name": "WAN_LOCAL"
}
},
"idle-timeout": "180",
"ipv6": {
"address": {
"autoconf": "''"
},
"dup-addr-detect-transmits": "1",
"enable": "''"
},
"mtu": "1500",
"name-server": "auto",
"password": "kpn",
"user-id": "xx-xx-xx-xx-xx-xx@internet"
}
}
}
}
},
"eth1": {
"description": "eth1 - LAN",
"duplex": "auto",
"speed": "auto",
"ipv6": {
"dup-addr-detect-transmits": "1",
"router-advert": {
"cur-hop-limit": "64",
"link-mtu": "0",
"managed-flag": "false",
"max-interval": "600",
"name-server": [
"2001:4860:4860::8888",
"2001:4860:4860::8844"
],
"other-config-flag": "false",
"prefix": {
"::/64": {
"autonomous-flag": "true",
"on-link-flag": "true",
"valid-lifetime": "2592000"
}
},
"radvd-options": [
"RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {};"
],
"reachable-time": "0",
"retrans-timer": "0",
"send-advert": "true"
}
}
}
}
},
"protocols": {
"igmp-proxy": {
"disable-quickleave": "''",
"interface": {
"eth0.4": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "upstream",
"threshold": "1"
},
"eth1": {
"role": "downstream",
"threshold": "1"
}
}
},
"static": {
"interface-route6": {
"::/0": {
"next-hop-interface": {
"pppoe2": "''"
}
}
},
"route": {
"213.75.112.0/21": {
"next-hop": {
"10.88.184.1": "''"
}
}
}
}
},
"service": {
"dns": {
"forwarding": {
"name-server": [
"1.1.1.1",
"1.0.0.1"
],
"except-interface": [
"eth0",
"eth0.6",
"eth2"
],
"options": [
"listen-address=10.0.1.1"
]
}
},
"nat": {
"rule": {
"5000": {
"description": "IPTV",
"destination": {
"address": "213.75.112.0/21"
},
"log": "disable",
"outbound-interface": "eth0.4",
"protocol": "all",
"type": "masquerade"
},
"5010": {
"description": "KPN Internet",
"log": "enable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"address": "10.0.1.0/24"
},
"type": "masquerade"
},
"6001": {
"disable": "''",
"type": "masquerade"
},
"6002": {
"disable": "''",
"type": "masquerade"
},
"6003": {
"disable": "''",
"type": "masquerade"
}
}
}
},
"system": {
"name-server": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
]
}
}
P.S. TV werkt momenteel ook niet, met foutcode F561. Als iemand hier nog suggesties voor heeft hoor ik het ook graag.