Hi everyone,
after trying for a good month I'm finally giving up and turn to the community. I have a really stange problem with my EdgeRouter lite running EdgeOS 1.9.0. But first let me describe the setup.
I'm using the German ISP Unitymedia. They supply a cablerouter with crippled features. So I'm using an EdgeRouter lite and a Unifi AP-AC lite. The thing is Unitymedia uses DS-lite so I need ipv6 to work correctly.
I set up prefix delegation on the ERL and it works fine. All devices in the network get the correct ipv6 addresses.
No we come to the problem. The ipv6 connection on all devices doesn't work right from the start or after every reboot of the modem or the ERL. But if I SSH into the ERL ipv6 works fine. So one might think it's a firewall issue, but after waiting for some days it suddenly starts working on all devices. Strange, isn't it?
I'll post some parts of the config that might me relevant.
eth0 - the connection to the Unitymedia router
eth1 - my LAN
eth1.20 - Guest VLAN
ubnt@ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.1.190/24 u/u WAN
2a02:8070:4ab:6600:9fb2:3ff6:84bd:647c/128
eth1 192.168.0.1/24 u/u LAN
2a02:8070:4ab:66f0::1/64
eth1.20 192.168.100.1/24 u/u Guest
2a02:8070:4ab:66f1::1/64
eth2 192.168.2.1/24 A/D Local 2
lo 127.0.0.1/8 u/u
::1/128
ubnt@ubnt# show interfaces ethernet eth0
address dhcp
description WAN
dhcpv6-pd {
no-dns
pd 0 {
interface eth1 {
host-address ::1
prefix-id :0
service slaac
}
interface eth1.20 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length 60
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
}
local {
ipv6-name WANv6_LOCAL
}
}
speed auto
ubnt@ubnt# show interfaces ethernet eth1
address 192.168.0.1/24
description LAN
duplex auto
firewall {
in {
ipv6-name client6-in
}
local {
ipv6-name client6-local
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
name-server fe80::ba27:ebff:fe35:4ae6 #thats the ip of a raspberry pi for adblocking dns
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
vif 20 {
address 192.168.100.1/24
description Guest
firewall {
in {
ipv6-name client6-in
name GUEST_IN
}
local {
ipv6-name client6-local
name GUEST_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
name-server fe80::ba27:ebff:fe35:4ae6
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
}
ubnt@ubnt# show firewall ipv6-name WANv6_IN
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
[edit]
ubnt@ubnt# show firewall ipv6-name WANv6_LOCAL
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
If you need anything else, please let me know. And thanks in advance four your help!
Greetings