Hi guys, I've been a long time lurker here at GZ but this is my first post, so hello! I have a Ubiquiti EdgeRouter Lite router using 2degrees fibre on the latest stable firmware (1.10.7). I've got a static allocation (both IPv4 and IPv6) from 2degrees and when on ADSL it was rock solid (though very slow). Since switching to the ERLite and fibre I keep hitting an issue where IPv6 stops working. By that I mean I can't ping6 out from the LAN or the router, and inbound traffic never reaches the hosts. To fix it I disable/enable IPv6, or delete and reload the IPv6 firewall, and doing so fixes it for a while (where a while could be a few hours, or a few days, but it always stops working again). Googling around I found a few instances of people having similar issues (can't post links yet sorry but found a few) but none of them seem relevant to me (some were fixed by upgrading the firmware, some found things in the logs that I haven't etc). Here's my config:ubnt@router# show interfaces ethernet eth0duplex autospeed autovif 10 { description "Internet (PPPoE)" pppoe 0 { default-route auto dhcpv6-pd { pd 0 { interface eth1 { host-address ::1 prefix-id :1 service slaac } interface eth2 { host-address ::1 prefix-id :2 service slaac } prefix-length /56 } prefix-only rapid-commit enable } firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } ipv6 { enable { } } mtu 1492 name-server auto password xxxx user-id xxxx@snap.net.nz }} And here is the relevant firewall (with IPv6 addresses slightly obfuscated), this is as it came out of the box with only the SSH rule added by me: ubnt@router# show firewall ipv6-nameipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "pipsqueek IPv6 ssh access" destination { address 2406:e001:dead:beef::3 port 22 } protocol tcp }}ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } }} I didn't think to try a tcpdump looking for icmp6 while it is "broken" to see if packets are actually making it out the router, but will do so when it next breaks. So - can anyone spot anything obvious I'm missing? What logs should I be looking at when it dies? Having it die every few hours/days is driving me crazy... P.S I originally couldn't even get IPv6 working but that turned out to be a Chorus/ONT issue, so I've been fighting IPv6 on and off now for about two months EDIT: And it just died again. Running a tcpdump on the router and pinging from a host on the LAN I can see packets going out pppeo0 but never getting a reply.
↧