@gp-se have a read thru the following thread:
https://forum.pfsense.org/index.php?topic=119944.0
You could also navigate to the PfSsense IPV6 section of the forum and use the search term "Rogers", minus the quote marks of course to see what else comes up in that section of the forum that is related to Rogers.
https://forum.pfsense.org/index.php?board=52.0
I seem to recall that @JKnott posted a comment recently that provided an additional instruction for IPV6 operation.
The DNS forwarder should have nothing to do with your problem. DNS is used to determine the IP address for a host name. It has nothing to do with whether IPv6 is available or not.
BTW, in the pfSense forum, they recommend DNS resolver be used instead of forwarder. You need one or the other to provide IP addresses for devices on your local network.
@gp-se wrote:
Thanks I got it working by going to:
System -> General Setup: disabled the DNS Forwarder, and now it's working!
@gp-se That's interesting, as that option only disables DNS resolution for the firewall box itself. Here's mine (and I get 19/20 on ipv6-test.com);
Now, on yours, instead of the firewall asking itself (127.0.0.1) to resolve a DNS name (using DNS Resolver / unbound), it's going directly out to DNS servers on the Internet (not a bad thing in the beginning, but will limit your use of hostnames & Aliases for firewall rules on your local network). Do you have Services / DNS Resolver enabled? (it should be by default on install of 2.3.3, unless you've disabled it) Also check that Services / DNS Forwarder is disabled (it should be by default on install of 2.3.3). There could be an issue with your DNS Resolver config (which we can solve in a separate thread from the IPv6 thread if you want to create a new thread).
I see Rogers is on the list.
North American IPv6 Summit to Honor Global Service Providers for IPv6 Adoption
Sorry to say this but, to disable IPV6 use on your XBox, you would need a router, which enables you to either run IPV6 or disable it for your entire network.
@Rocketsmoke wrote:Disable IPv6 Connectivity to an Xbox (CODA -4582)
Unfortunately P2P gaming across different platforms/companies/servers etc hasn't caught on yet with IPv6 and often results in not being able to connect with other users. I had an older Hitron router but I was told to upgrade to the Coda 4582 as it will allow me to disable IPv6 towards specfic devices. I have yet to have any luck and was hoping someone could point me in the right direction.
Having IPv6 available doesn't interfere with IPv4. It's simply an updated protocol and if it's not available at the other end, then only IPv4 will be used. I've been running both IPv4 and IPv6 for 7 years, without problem. I suspect your problem is elsewhere
@Rocketsmoke wrote:
Other people with similar gaming issues across NA seem to have narrowed it down to IPv6, users who have been able to successfully cut off that link to their Xbox reported problems going away. And for myself it only popped up once I upgraded my modem/router to one that support IPv6.
The Xbox shouldn't be using IPv6, if it's not available at the other end. In fact, I believe Microsoft provided Teredo in the Xbox for when IPv6 is not available.
Xbox One will be ‘best experienced’ with IPv6: How do you get IPv6 at home, though?
Xbox One: P2P IPv6, Teredo, and IPsec
@Rocketsmoke wrote:is the CODA 4582 also not a full blown router?
While it is a router, blocking IPv6 is a bad idea. As IPv4 has been inadequate for many years, the world is moving to IPv6, though Canada seems to be lagging behind. In dual stack systems, both IPv4 and IPv6 are available. When you try to access anything on the Internet, a DNS query is used to determine the IP address(es) of the destination. It will be either IPv4, IPv6 or both addresses. If your computer is capable of IPv6, then it will use the IPv6 address. If not, then IPv4. An IPv6 capable device will not attempt to use IPv6, if an IPv6 address is not available. I'm not saying there isn't a problem, but it's not due to IPv6 being available. If there is a problem, it's merely a symptom of a problem elsewhere.
@Rocketsmoke, at this point in time, most of the Rogers modems are IPV6 enabled. Anything that doesn't run IPV6 does not support high speed plans.
The modems that Rogers and other ISPs use are modems with basic router capabilities. They don't match the capabilities that you routinely find in third party routers.
As I indicated above, there is no user function to disable IPV6 on the modem. Unfortunately, Microsoft has also "not" included any method of doing the same in the XBox, nor has Microsoft included any method of determining which transmission path the XBox might use on any given day, IPV4, IPV6 or Teredo. That leaves the user in a position of having to buy a third party router which has the ability to disable IPV6.
The benefit of running a good router is that it isolates the user, for the most part, from changes that occur during firmware updates to the modem, both good and bad. There can still be issues that come up with firmware updates to the router, but I suspect that those are far fewer than you would see with any modem. You would or should also end up with improved wifi performance if you decide to go this route. The drawback is the additional cost of buying a router 😞
Edit: just to add to the comments above regarding the XBox and IPV6, Microsoft staff have indicated that there is no crossover between the IPV6 and IPV4 users, so, given that statement, it would seem to me that if you're running IPV6 and all of your friends that you game with are using IPV4, you will most likely be out of luck. I haven't seen any statement by Microsoft to indicate that an XBox will negotiate its way from IPV6 down to IPV4 when someone goes looking for a game to enter. I'd be interested in statements from anyone who can prove that they are using IPV6 only, and gaming with others who are using IPV4 only as that would contradict what Microsoft has indicated.
@Double_K wrote:@Rocketsmoke as someone who runs multiple XB1's, I can tell you the following;
1) The XB1 can use IPv6, but needs IPv4 as well (at this time). When given an IPv6 address, and IPv6 DNS, it will query the IPv6 DNS for AAAA address resolution. Unfortunately, several of Microsoft's XBOX live services (today) cannot resolve to an IPv6 AAAA address, and therefore need an IPv4 A address resolution of the name. (I've tried pure IPv6 - it doesn't connect to XBL at all).
2) When setup with both IPv4 & IPv6, the XB1 will prefer an IPv6 connection. This affects connection with players who are only using IPv4 (and supporting @Datalink's post, they don't talk to each other at this time)
3) The XB1's use of IPv6 is only as good as the firewall in front of it. And this is the key. In one of the files posted by @JKnott, they touch on two dependencies: 1) The user needs to be able to configure the firewall for transparent operation, and 2) the firewall needs to allow unsolicited inbound IPsec & IKEv2.
Based on user's feedback on the forums, there does not appear to be a way to control the IPv6 firewall in the Rogers' gateways.
Thus, those who want to control IPv6 need to use their own firewall (and router / DHCPv6 server / etc.)
Actually, there's no such thing as an IPv6 DNS server. All DNS servers will return whatever addresses are available. So, even if your Internet connection is IPv4 only, you will get both IPv4 and IPv6 addresses returned. It even works for sites that are IPv6 only, such as ipv6.google.com. However, only the IPv4 addresses are used on an IPv4 only network. Ihave verified this by connecting a computer through an IPv4 only router and then to my network. Even though the computer has only IPv4 availalble, I can query the address for ipv6.google.com. So, that's not the cause of the issue.
Here are the addresses for Google:
$ host google.com
google.com has address 216.58.192.206
google.com has IPv6 address 2607:f8b0:4009:816::200e
Both IPv6 & IPv4 addresses are shown. I get the same results on a computer with IPv6 & IPv4 and another with only IPv4.
Now, I just did a lookup for the xbox server:
$ host xboxlive.com
xboxlive.com has address 40.84.199.233
xboxlive.com has address 52.178.167.10
I see only IPv4 addresses, even though this was done on a computer with full IPv6 connectivity. This means any device, whether IPv6 capable or not, will use only the IPv4 address as there are no IPv6 addresses.
Also, IPSec and IKEv2. IPSec works over IPv4 and IPv6. IKE is just a method of key exchange (in this case for IPSec) an is thus just so much data to the Internet. connection. It makes no difference whether on IPv4 or IPv6. Also, since IPSec originates on the local network (outgoing), firewalls will automatically pass it. You only have to configure the firewall to allow it to accept incoming connections. There is no such thing as configuring a firewall to pass IKE, though it may use it to set up a VPN..
Now, I'm not saying there isn't a problem somewhere, just that it's not caused by having IPv6 available, though it may cause the problem to be visible. By blocking IPv6, you're masking the problem, not fixing it.
To understand the problem, you'd have to look at the traffic with something like Wireshark.
@JKnott Please note that my comments are only in relation to the XBOX One, not a PC. My first point was only that not all Xbox Live services are on IPv6 yet. Also note that the XB1 does lookups differently than a PC - it doesn't just ask for the resolution of an address. It specifically asks for the A record separately from the AAAA record.
@JKnott wrote:Also, IPSec and IKEv2. IPSec works over IPv4 and IPv6. IKE is just a method of key exchange (in this case for IPSec) an is thus just so much data to the Internet. connection. It makes no difference whether on IPv4 or IPv6. Also, since IPSec originates on the local network (outgoing), firewalls will automatically pass it. You only have to configure the firewall to allow it to accept incoming connections. There is no such thing as configuring a firewall to pass IKE, though it may use it to set up a VPN..
For the XBOX One, Microsoft gives specified guidance on configuring a firewall to pass IKE:
- "Ensure that you are not filtering inbound IKE traffic – which is UDP on port 500 and port 4500."
The issue appears to be the lack of visibility/configuration of the IPv6 traffic in the firewall in the Rogers Hitron gateway. If someone can confirm that the gateway's firewall is correctly configured to allow the unsolicited inbound IPv6 traffic, then the firewall may not be the source of the issue that @Rocketsmoke is experiencing.
For clarity, here are my WAN inbound firewall rules to enable IPv6 operability on the XB1s (per RFC6092);
Given that we have now enabled native IPv6 access on all our recent DOCSIS gateways and mobile phones, this technology is now obsolete. Starting on May 18 2017, these services will be decommissioned.
I encourage anybody that is still using this Rogers 6rd or Rogers 6to4 service to migrate to native IPv6 service as soon as possible and wish to thank all the early adopters that helped to make IPv6 a reality.
Dave
Are all new Rogers customers supposed to be on IPv6 now? I've seen a couple that don't seem to, including a business that just got their Rogers connection within the past couple of weeks. Both of these have the Hitron modems. On the other hand, I have seen another business customer that did get IPv6.
-
150421 views
-
62 Likes
-
-
