cancel
Showing results for 
Search instead for 
Did you mean: 

Rogers IPv6 Status

foodgodessto
I've Been Here Awhile

Hello,

 

I'm wondering what the current IPv6 status is within Rogers.  A search on the forums only shows 10 topics over the past year that even mention IPv6, and there doesn't appear to be any official communications from Rogers since IPv6 day last year.

 

I know that Rogers (supposedly) supports IPv6 tunneling (although the only person to ask about it did not get any responses).

602 REPLIES 602

Re: Rogers IPv6 Status

Datalink
Resident Expert
Resident Expert

@gp-se have a read thru the following thread:

 

https://forum.pfsense.org/index.php?topic=119944.0

 

You could also navigate to the PfSsense IPV6 section of the forum and use the search term "Rogers", minus the quote marks of course to see what else comes up in that section of the forum that is related to Rogers. 

 

https://forum.pfsense.org/index.php?board=52.0

 

I seem to recall that @JKnott posted a comment recently that provided an additional instruction for IPV6 operation.



Re: Rogers IPv6 Status

Double_K
I'm a Reliable Contributor

@gp-se

 

Steps:

  1. System / Advanced / Networking: Allow IPv6 Enabled/Checked
  2. Interfaces/WAN: Setup WAN interface for DHCP6 per the instructions from Dave/JKnott
    1. My configuration differs a little as I don't use IPv4 connectivity as the parent interface - I added a System / Routing / Gateway specifically for IPv6 to my setup
  3. Interfaces/LAN: Setup LAN/VLAN interface for Track Interface: WAN
  4. Diagnostics/Reboot: Reboot box (there's this issue with radvd/dhcp6, and instead of doing multiple things, just reboot)
  5. Services/DHCPv6 Server & RA
    1. Setup Router Advertisements  for your LAN/VLAN
      1. Choose a Router Mode for your devices (if you need a recommendation, let us know)
      2. For DNS, use same settings as DHCPv6 server
    2. Setup DHCPv6 Server for your LAN/VLAN
      1. Enable the Server, and give it a range
      2. Leave the DNS fields blank to use the system's DNS (unbound  / DNS Resolver)
  6. Firewall / Rules / WAN
    1. Setup a rule to allow unsolicited inbound IPv6 ICMP from Any to Any
  7. Firewall / Rules / LAN/VLAN
    1. Setup rules to allow IPv6 traffic from your devices
  8. Diagnostics/Reboot: Reboot box (clears all states & restarts all services)
  9. Your firewall should now have a 2607:f798 address on the WAN interface, and a 2607:fea8 on the LAN/VLAN interface, and your PC should now have a 2607:fea8 address(es) based on the Router Mode you chose.
  10. Make changes to your PC to allow unsolicited inbound IPv6 ICMP (are you using Windows 10?)

ipv6-test.com should give you at least 19/20.

test-ipv6.com should give you 10/10.

Re: Rogers IPv6 Status

@Double_K

 

Thanks I got it working by going to:

 

 System -> General Setup: disabled the DNS Forwarder, and now it's working!

 

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

The DNS forwarder should have nothing to do with your problem.  DNS is used to determine the IP address for a host name.  It has nothing to do with whether IPv6 is available or not.

 

BTW, in the pfSense forum, they recommend DNS resolver be used instead of forwarder.  You need one or the other to provide IP addresses for devices on your local network.

 

Re: Rogers IPv6 Status

Double_K
I'm a Reliable Contributor

@gp-se wrote:

@Double_K

 

Thanks I got it working by going to:

 

 System -> General Setup: disabled the DNS Forwarder, and now it's working!

 


@gp-se That's interesting, as that option only disables DNS resolution for the firewall box itself.  Here's mine (and I get 19/20 on ipv6-test.com);

2017-03-16.png

 

Now, on yours, instead of the firewall asking itself (127.0.0.1) to resolve a DNS name (using DNS Resolver / unbound), it's going directly out to DNS servers on the Internet (not a bad thing in the beginning, but will limit your use of hostnames & Aliases for firewall rules on your local network).  Do you have Services / DNS Resolver enabled? (it should be by default on install of 2.3.3, unless you've disabled it)  Also check that Services / DNS Forwarder is disabled (it should be by default on install of 2.3.3).  There could be an issue with your DNS Resolver config (which we can solve in a separate thread from the IPv6 thread if you want to create a new thread).

Re: Rogers IPv6 Status

the DNS settings werent the issue, I tried it again a few times after and it stopped working agin. I'm wondering in my Wireslss Access Point has something to do with it.

here are the options in my TP Link:

IPv6 LAN

  
 
 
  or 

Re: Rogers IPv6 Status

Double_K
I'm a Reliable Contributor

Is that TPLink a WAP or a Router with WiFi?

I'm not familiar with TPLink, but in WAP mode, it should not be doing anything with IPv6.  What you don't want is 2 devices on your network doing Router Advertisements (TPLink & pfSense).

 

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

Re: Rogers IPv6 Status

Rocketsmoke
I've Been Here Awhile

Disable IPv6 Connectivity to an Xbox (CODA -4582)

 

Unfortunately P2P gaming across different platforms/companies/servers etc hasn't caught on yet with IPv6 and often results in not being able to connect with other users.  I had an older Hitron router but I was  told to upgrade to the Coda 4582 as it will allow me to disable IPv6 towards specfic devices.  I have yet to have any luck and was hoping someone could point me in the right direction.  

Re: Rogers IPv6 Status

Sorry to say this but, to disable IPV6 use on your XBox, you would need a router, which enables you to either run IPV6 or disable it for your entire network.



Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

@Rocketsmoke wrote:

Disable IPv6 Connectivity to an Xbox (CODA -4582)

 

Unfortunately P2P gaming across different platforms/companies/servers etc hasn't caught on yet with IPv6 and often results in not being able to connect with other users.  I had an older Hitron router but I was  told to upgrade to the Coda 4582 as it will allow me to disable IPv6 towards specfic devices.  I have yet to have any luck and was hoping someone could point me in the right direction.  


 

Having IPv6 available doesn't interfere with IPv4.  It's simply an updated protocol and if it's not available at the other end, then only IPv4 will be used.  I've been running both IPv4 and IPv6 for 7 years, without problem.  I suspect your problem is elsewhere

Re: Rogers IPv6 Status

Rocketsmoke
I've Been Here Awhile

is the CODA 4582 also not a full blown router?

Re: Rogers IPv6 Status

Rocketsmoke
I've Been Here Awhile
Other people with similar gaming issues across NA seem to have narrowed it down to IPv6, users who have been able to successfully cut off that link to their Xbox reported problems going away. And for myself it only popped up once I upgraded my modem/router to one that support IPv6.

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

@Rocketsmoke wrote:
Other people with similar gaming issues across NA seem to have narrowed it down to IPv6, users who have been able to successfully cut off that link to their Xbox reported problems going away. And for myself it only popped up once I upgraded my modem/router to one that support IPv6.

 

The Xbox shouldn't be using IPv6, if it's not available at the other end.  In fact, I believe Microsoft provided Teredo in the Xbox for when IPv6 is not available.

 

IPv6 on Xbox One

 

Xbox One will be ‘best experienced’ with IPv6: How do you get IPv6 at home, though?

 

Xbox One: P2P IPv6, Teredo, and IPsec

 

Teredo tunneling

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

@Rocketsmoke wrote:

is the CODA 4582 also not a full blown router?


 

While it is a router, blocking IPv6 is a bad idea.  As IPv4 has been inadequate for many years, the world is moving to IPv6, though Canada seems to be lagging behind.  In dual stack systems, both IPv4 and IPv6 are available.  When you try to access anything on the Internet, a DNS query is used to determine the IP address(es) of the destination.  It will be either IPv4, IPv6 or both addresses.  If your computer is capable of IPv6, then it will use the IPv6 address.  If not, then IPv4.  An IPv6 capable device will not attempt to use IPv6, if an IPv6 address is not available.  I'm not saying there isn't a problem, but it's not due to IPv6 being available.  If there is a problem, it's merely a symptom of a problem elsewhere.

 

Re: Rogers IPv6 Status

@Rocketsmoke, at this point in time, most of the Rogers modems are IPV6 enabled.  Anything that doesn't run IPV6 does not support high speed plans.

 

The modems that Rogers and other ISPs use are modems with basic router capabilities. They don't match the capabilities that you routinely find in third party routers.  

 

 As I indicated above, there is no user function to disable IPV6 on the modem.  Unfortunately, Microsoft has also "not" included any method of doing the same in the XBox, nor has Microsoft included any method of determining which transmission path the XBox might use on any given day, IPV4, IPV6 or Teredo.  That leaves the user in a position of having to buy a third party router which has the ability to disable IPV6.  

 

The benefit of running a good router is that it isolates the user, for the most part, from changes that occur during firmware updates to the modem, both good and bad.  There can still be issues that come up with firmware updates to the router, but I suspect that those are far fewer than you would see with any modem.  You would or should also end up with improved wifi performance if you decide to go this route. The drawback is the additional cost of buying a router 😞

 

Edit:  just to add to the comments above regarding the XBox and IPV6, Microsoft staff have indicated that there is no crossover between the IPV6 and IPV4 users, so, given that statement, it would seem to me that if you're running IPV6 and all of your friends that you game with are using IPV4, you will most likely be out of luck.  I haven't seen any statement by Microsoft to indicate that an XBox will negotiate its way from IPV6 down to IPV4 when someone goes looking for a game to enter.  I'd be interested in statements from anyone who can prove that they are using IPV6 only, and gaming with others who are using IPV4 only as that would contradict what Microsoft has indicated. 



Re: Rogers IPv6 Status

Double_K
I'm a Reliable Contributor

@Rocketsmoke as someone who runs multiple XB1's, I can tell you the following;

 

1) The XB1 can use IPv6, but needs IPv4 as well (at this time).  When given an IPv6 address, and IPv6 DNS, it will query the IPv6 DNS for AAAA address resolution.  Unfortunately, several of Microsoft's XBOX live services (today) cannot resolve to an IPv6 AAAA address, and therefore need an IPv4 A address resolution of the name.  (I've tried pure IPv6 - it doesn't connect to XBL at all).

 

2) When setup with both IPv4 & IPv6, the XB1 will prefer an IPv6 connection.  This affects connection with players who are only using IPv4 (and supporting @Datalink's post, they don't talk to each other at this time)

 

3) The XB1's use of IPv6 is only as good as the firewall in front of it.  And this is the key.  In one of the files posted by @JKnott, they touch on two dependencies: 1) The user needs to be able to configure the firewall for transparent operation, and 2) the firewall needs to allow unsolicited inbound IPsec & IKEv2.

 

Based on user's feedback on the forums, there does not appear to be a way to control the IPv6 firewall in the Rogers' gateways.

Thus, those who want to control IPv6 need to use their own firewall (and router / DHCPv6 server / etc.)

 

 

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

@Double_K wrote:

@Rocketsmoke as someone who runs multiple XB1's, I can tell you the following;

 

1) The XB1 can use IPv6, but needs IPv4 as well (at this time).  When given an IPv6 address, and IPv6 DNS, it will query the IPv6 DNS for AAAA address resolution.  Unfortunately, several of Microsoft's XBOX live services (today) cannot resolve to an IPv6 AAAA address, and therefore need an IPv4 A address resolution of the name.  (I've tried pure IPv6 - it doesn't connect to XBL at all).

 

2) When setup with both IPv4 & IPv6, the XB1 will prefer an IPv6 connection.  This affects connection with players who are only using IPv4 (and supporting @Datalink's post, they don't talk to each other at this time)

 

3) The XB1's use of IPv6 is only as good as the firewall in front of it.  And this is the key.  In one of the files posted by @JKnott, they touch on two dependencies: 1) The user needs to be able to configure the firewall for transparent operation, and 2) the firewall needs to allow unsolicited inbound IPsec & IKEv2.

 

Based on user's feedback on the forums, there does not appear to be a way to control the IPv6 firewall in the Rogers' gateways.

Thus, those who want to control IPv6 need to use their own firewall (and router / DHCPv6 server / etc.)

 

 



Actually, there's no such thing as an IPv6 DNS server.  All DNS servers will return whatever addresses are available.  So, even if your Internet connection is IPv4 only, you will get both IPv4 and IPv6 addresses returned.  It even works for sites that are IPv6 only, such as ipv6.google.com.  However, only the IPv4 addresses are used on an IPv4 only network.  Ihave verified this by connecting a computer through an IPv4 only router and then to my network.  Even though the computer has only IPv4 availalble, I can query the address for ipv6.google.com.  So, that's not the cause of the issue.

 

Here are the addresses for Google:

 

$ host google.com
google.com has address 216.58.192.206

google.com has IPv6 address 2607:f8b0:4009:816::200e

 

Both IPv6 & IPv4 addresses are shown.  I get the same results on a computer with IPv6 & IPv4 and another with only IPv4.

 

Now, I just did a lookup for the xbox server:

 

$ host xboxlive.com
xboxlive.com has address 40.84.199.233
xboxlive.com has address 52.178.167.10

 

I see only IPv4 addresses, even though this was done on a computer with full IPv6 connectivity.  This means any device, whether IPv6 capable or not, will use only the IPv4 address as there are no IPv6 addresses.

 

Also, IPSec and IKEv2.  IPSec works over IPv4 and IPv6.  IKE is just a method of key exchange (in this case for IPSec) an is thus just so much data to the Internet. connection.  It makes no difference whether on IPv4 or IPv6.  Also, since IPSec originates on the local network (outgoing), firewalls will automatically pass it.  You only have to configure the firewall to allow it to accept incoming connections.  There is no such thing as configuring a firewall to pass IKE, though it may use it to set up a VPN..

 

Now, I'm not saying there isn't a problem somewhere, just that it's not caused by having IPv6 available, though it may cause the problem to be visible.  By blocking IPv6, you're masking the problem, not fixing it.

 

To understand the problem, you'd have to look at the traffic with something like Wireshark.

 

Re: Rogers IPv6 Status

Double_K
I'm a Reliable Contributor

@JKnott Please note that my comments are only in relation to the XBOX One, not a PC.  My first point was only that not all Xbox Live services are on IPv6 yet.  Also note that the XB1 does lookups differently than a PC - it doesn't just ask for the resolution of an address.  It specifically asks for the A record separately from the AAAA record.

 


@JKnott wrote:

Also, IPSec and IKEv2.  IPSec works over IPv4 and IPv6.  IKE is just a method of key exchange (in this case for IPSec) an is thus just so much data to the Internet. connection.  It makes no difference whether on IPv4 or IPv6.  Also, since IPSec originates on the local network (outgoing), firewalls will automatically pass it.  You only have to configure the firewall to allow it to accept incoming connections.  There is no such thing as configuring a firewall to pass IKE, though it may use it to set up a VPN..

  


For the XBOX One, Microsoft gives specified guidance on configuring a firewall to pass IKE:

  • "Ensure that you are not filtering inbound IKE traffic – which is UDP on port 500 and port 4500."

 

The issue appears to be the lack of visibility/configuration of the IPv6 traffic in the firewall in the Rogers Hitron gateway.  If someone can confirm that the gateway's firewall is correctly configured to allow the unsolicited inbound IPv6 traffic, then the firewall may not be the source of the issue that @Rocketsmoke is experiencing.

 

For clarity, here are my WAN inbound firewall rules to enable IPv6 operability on the XB1s (per RFC6092);

2017-04-08.png

Re: Rogers IPv6 Status

World IPv6 launchRogers has been for a very long time a strong supporter of the deployment of IPv6. We have worked with the international community and encouraged early adopters to try IPv6 by deploying a 6rd and a 6to4 relay back in 2011.

 

Given that we have now enabled native IPv6 access on all our recent DOCSIS gateways and mobile phones, this technology is now obsolete. Starting on May 18 2017, these services will be decommissioned.

 

I encourage anybody that is still using this Rogers 6rd or Rogers 6to4 service to migrate to native IPv6 service as soon as possible and wish to thank all the early adopters that helped to make IPv6 a reality.

 

Dave

Re: Rogers IPv6 Status

JKnott
I Plan to Stick Around

Are all new Rogers customers supposed to be on IPv6 now?  I've seen a couple that don't seem to, including a business that just got their Rogers connection within the past couple of weeks.  Both of these have the Hitron modems.  On the other hand, I have seen another business customer that did get IPv6.