Last active
September 21, 2023 06:48
-
-
Save gordlea/a8a275aeb0ded62f4807834c2074f670 to your computer and use it in GitHub Desktop.
edgerouter ipv6 config for telus purefibre
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # current as of edgeos v1.10.5 | |
| # cobbled together from: | |
| # https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d | |
| # https://heald.ca/configuring-telus-optik-ipv6-ubiquiti-edgerouter/ | |
| configure | |
| edit firewall ipv6-name WANv6_IN | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "allow established" | |
| set rule 10 protocol all | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "drop invalid packets" | |
| set rule 20 protocol all | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "allow ICMPv6" | |
| set rule 30 protocol icmpv6 | |
| top | |
| edit firewall ipv6-name WANv6_LOCAL | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "allow established" | |
| set rule 10 protocol all | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "drop invalid packets" | |
| set rule 20 protocol all | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "allow ICMPv6" | |
| set rule 30 protocol icmpv6 | |
| set rule 40 action accept | |
| set rule 40 description "allow DHCPv6 client/server" | |
| set rule 40 destination port 546 | |
| set rule 40 source port 547 | |
| set rule 40 protocol udp | |
| top | |
| set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN | |
| set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL | |
| set interfaces ethernet eth0 dhcpv6-pd prefix-only | |
| set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable | |
| set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 56 | |
| set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 prefix-id :0 | |
| set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 service slaac | |
| set interfaces ethernet eth0 ipv6 router-advert managed-flag true | |
| set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1 | |
| commit | |
| # check if you get an ipv6 address on eth1, if all is good then run `save` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To fix ipv6 on telus, add a script called fix_ipv6.sh under /config/scripts with | |
| # the following content: | |
| # assuming eth0 is your wan interface | |
| /bin/rdisc6 --single eth0 > /dev/null | |
| # then add it as a scheduled task with a couple of commands like: | |
| # configure | |
| # set system task-scheduler task fixipv6 executable path /config/scripts/fix_ipv6.sh | |
| # set system task-scheduler task fixipv6 interval 30m | |
| # commit | |
| # save |
Can you try it on switch0 instead of eth1?
No problem 👍
This doesn't seem to be working anymore, I'm trying to figure out why.
Did you ever figure it out? I've tried this gist as well as @kashike's paste but no luck either way
@nathanvy Yes I did get it going, it's been a while, but i added a second file to the gist above with some instructions.
Hi, by "second file" do you mean the shell script to call /bin/rdisc6 every half hour?
I was under the impression that we don't need to send router solicitations because Telus will send an RA after you request via DHCP
Late reply, but yes the rdisc script. For some reason the router was never getting the ipv6 address until I started doing that.
Hah. I ended up getting it working somehow. Thanks for the eventual reply.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So in my config, I'm using eth1 as the wan interface. Also, I don't actually get an ipv6 address on my wan interface, but I do on my lan interface (eth0). Can you retry it configure like that? Or retry and change the scripts interfaces to match your own?