*** Official Ubiquiti Discussion Thread ***

RSR

RSR

Soldato
Joined
17 Aug 2006
Posts
9,611
Works for me...



All that populates on mine but it has no external connectivity. I plug the ISP supplied Router back in (Linksys) and it all works fine.

Does it pass on https://test-ipv6.com/

I am just testing it on OPNsense to confirm.

Edit: OPNsense has the same behaviour, hmmmm :confused:
 
Last edited:

RSR

RSR

Soldato
Joined
17 Aug 2006
Posts
9,611
Latency and NAT (Routing) are probably two of the biggest plus points to IPv6 vs IPv4.

This is a good comparison table: https://aws.amazon.com/compare/the-...pace of,around 340 undecillion, 300 decillion.

In terms of why at home, if you are using an ISP as above CG-NAT will give you direct internet access, latency is often better due to the associated routing overhead of IPv4 and why not (Yes, I know it's not a technical reason)?

IPv6 takeup started to increase as Google has the tracking at just shy of 45% and APNIC is a little less.

 

RSR

RSR

Soldato
Joined
17 Aug 2006
Posts
9,611
IPv6 Test Sites:

https://ipv6-test.com/ - That one can be hit & miss.

After spending a lot more time than I really should have done looking at this yesterday OPNsense and UniFi seem to behave the same way. I seem to get a WAN IPv6 address (/56 PD - 256 Subnets), which I can see then allocates an IPv6 address to clients and all of them are ping-able, it's anything external which isn't routing. I have the same issue as OPNsense as I spun up a VM to test it and it seems a fairly common issue from having a quick Google. I must have either missed something on an FW or it's something to do with its next hop. I've raised it with UniFi support so I'll see with what they come back with.

However, if I put my ISPs supplied router back on (Linksys SPNMX55CTF - MX4200 basically with ISP firmware on it)

On a plus note, my new altnet is working really well, I need to see what Zen are going to offer as that contract is up for renewal but I would like to upgrade the ONT to a 2.5Gb one.



A quick latency test against the BBC is rather impressive:

Code:
Pinging bbc.co.uk [151.101.64.81] with 32 bytes of data:
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61


Ping statistics for 151.101.64.81:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

Also, a quick update on the 2.5Gb UDM-SE / UDW issue (WAN Port), it looks like it is flow control related if you find it dropping when maxing out the connection you can disable flow control. In the case of the UDW its "ethtool -A eth18 rx off tx off" on the 2.5Gb interface. As ironically the best way to replicate this issue is to download COD :cry:
I have been advised by UniFi this issue has been identified and they are going to putting a fix in an upcoming firmware update.
 
Last edited:
Soldato
Joined
20 Feb 2011
Posts
3,762
Vodafone is similar in that it only gives ipv6 addresses to its own routers. Not 100% sure why but it seems to be down to how Vodafone have implemented ipv6 which, to my inexpert eyes, is a complete bodge
 
Soldato
Joined
18 Oct 2002
Posts
21,736
Location
Nordschleife
Since I'm using Starlink and its via Cloud Key Ultra to my UDM-P, I guess I should enable IPv6 :cry: It's setup that way as the Starlink is in the campervan and the UDM-P has EE on WAN2 for when I'm away in the camper.

Seems to be working without any major issues.
 
Caporegime
Joined
18 Oct 2002
Posts
28,147
Location
London
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?
 
Soldato
Joined
5 Nov 2011
Posts
5,403
Location
Derbyshire
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?
The whole point of an IOT network is to isolate the clients from each other and only allow access to "the web".
If you want app access, that requires the clients to talk so just move the TV onto your main LAN and if you really want to be super cautious stick some additional FW rules in to stop the TV going out to the web in particular ways.
 
Soldato
Joined
20 Feb 2011
Posts
3,762
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?
Not what you’re after but an adblocker will help your security specifically with the TV. Samsung TVs are incredibly chatty and send a huge amount of information to Samsung about your viewing habits
 
Soldato
Joined
9 Apr 2007
Posts
13,676
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?
I did similar. For instance my Plex server is on my main network and all the smart TVs are on the IOT one, I just created a firewall role to allow the required ports needed for Plex.
 
Soldato
Joined
8 Jan 2003
Posts
3,736
Location
Scotland
I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error
 
Soldato
Joined
5 Nov 2011
Posts
5,403
Location
Derbyshire
I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error
I thought that with BT you were assigned an IPv6 via the IPv4 allocation? I may be thinking of Zen specifically.
 

RSR

RSR

Soldato
Joined
17 Aug 2006
Posts
9,611
I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error

That sounds like a similar issue to my UDW, as a /56 PD will allow for 256 subnets.

You'll probably get a global IPv6 and a link local IPv6 address (fe80:xx..... ) when reviewing the IP configuration, so it's effectively set correctly. However, from what I can see it looks like it's missing its next hop, which is the same behaviour as I have seen in OPNsense. It may also drop the IPv6 address if you leave it for a while.

You may also find with Unifi you may need to set this up on a VLAN as it doesn't work correctly on the default VLAN.

I have an open case with Ubiquiti that has just been escalated.
 
Last edited:
Soldato
Joined
8 Jan 2003
Posts
3,736
Location
Scotland
That sounds like a similar issue to my UDW, as a /56 PD will allow for 256 subnets.

You'll probably get a global IPv6 and a link local IPv6 address (fe80:xx..... ) when reviewing the IP configuration, so it's effectively set correctly. However, from what I can see it looks like it's missing its next hop, which is the same behaviour as I have seen in OPNsense. It may also drop the IPv6 address if you leave it for a while.

You may also find with Unifi you may need to set this up on a VLAN as it doesn't work correctly on the default VLAN.

I have an open case with Ubiquiti that has just been escalated.
Yeah, sounds exactly like the same issue. Let me know how you get on with your ticket?
 
Back
Top Bottom