Symphonious

Living in a state of accord.

IPv6 on EdgeRouter X (ERX) and SkyMesh (EdgeOS 1.9.7)

The internet is full of forum posts with various questions, tips and suggestions for IPv6 on EdgeRouters as people struggle to get it working. The challenge is that the fix you actually need depends on which version of EdgeOS you’re running (ubnt are continuing to flesh out the IPv6 configuration support) and the setup of your ISP.

So here’s the magic steps I needed for an ERX running EdgeOS 1.9.7+hotfix.3 with SkyMesh NBN over HFC (cable).

  1. Use the Basic Setup wizard to get the basic config in place
    • Port eth0
    • Internet connection type PPPoE (and enter your PPPoE login)
    • Enable the default firewall
    • Enable DHCPv6 Prefix Delegation
      • Prefix length /56
      • Enable the default IPv6 firewall
      • IPv6 LANs switch0
    • Only use one LAN
    • Setup the IPv4 LAN address and users as required.
  2. Additional config required either via the command line ‘configure’ or Config Tree tab in the UI.
    • set interfaces ethernet eth0 pppoe 0 ipv6 enable 
    • set interfaces ethernet eth0 pppoe 0 ipv6 address autoconf
    • set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit disable
    • set interfaces switch switch0 ipv6 address autoconf

The extra config essentially boils down to three main things:

  1. PPPoE interface needs to have IPv6 enabled if IPv6 is going to work.
  2. The PPPoE and switch0 interfaces need to auto configure their IPv6 address.
  3. SkyMesh do not support rapid-commit for prefix delegation. Almost every ERX IPv6 config I’ve seen has this enabled but with SkyMesh the devices on the LAN and the switch0 interface will fail to get global IPv6 IPs unless it’s disabled.

As an optional extra if you want to avoid ICMP filtering you should duplicate rule ’30’ from firewall ipv6-name WANv6_LOCAL to   (action accept, protocol ipv6-icmp being the key values). This is allowing extra traffic through your firewall to all devices on your network so you should only do that if you’ve done the research and are comfortable with it. You should have working IPv6 connectivity without doing this – don’t just do it as a desperate option to get things working.