* Official Ubiquiti Discussion Thread *

RSR · 25 May 2024 at 14:04

kosymodo said:
Works for me...

imgur.com

Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users.

imgur.com

imgur.com

Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users.

imgur.com

imgur.com

Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users.

imgur.com

All that populates on mine but it has no external connectivity. I plug the ISP supplied Router back in (Linksys) and it all works fine.

Does it pass on https://test-ipv6.com/

I am just testing it on OPNsense to confirm.

Edit: OPNsense has the same behaviour, hmmmm :confused:

robj20 · 25 May 2024 at 14:19

RSR said:
Has anyone tried IPv6 on the UniFi router yet? Looks like that area needs a bit of work

What's the point of using ipv6 I get the global reason for more addresses but what's the point on your local network?

RSR · 25 May 2024 at 14:20

robj20 said:
What's the point of using ipv6 I get the global reason for more addresses but what's the point on your local network?

It's just something I am testing for now.

Steveocee · 26 May 2024 at 08:58

robj20 said:
What's the point of using ipv6 I get the global reason for more addresses but what's the point on your local network?

You don’t need NAT

robj20 · 26 May 2024 at 10:07

Steveocee said:
You don’t need NAT

I know. Why is that a big benefit for home use?

ChrisD. · 26 May 2024 at 11:16

robj20 said:
I know. Why is that a big benefit for home use?

It means no CGNAT too, a lot of normal ISPs are going this way for v4. If they also do v6 then it’s much less of a concern.

RSR · 26 May 2024 at 14:46

Latency and NAT (Routing) are probably two of the biggest plus points to IPv6 vs IPv4.

This is a good comparison table: https://aws.amazon.com/compare/the-...pace of,around 340 undecillion, 300 decillion.

In terms of why at home, if you are using an ISP as above CG-NAT will give you direct internet access, latency is often better due to the associated routing overhead of IPv4 and why not (Yes, I know it's not a technical reason)?

IPv6 takeup started to increase as Google has the tracking at just shy of 45% and APNIC is a little less.

IPv6 – Google

IPv6 Capability Metrics

RSR · 26 May 2024 at 15:01

IPv6 Test Sites:

Test your IPv6.

This will test your browser and connection for IPv6 readiness, as well as show you your current IPv4 and IPv6 address.

test-ipv6.com

Ready for the future of the Internet?

https://ipv6-test.com/ - That one can be hit & miss.

After spending a lot more time than I really should have done looking at this yesterday OPNsense and UniFi seem to behave the same way. I seem to get a WAN IPv6 address (/56 PD - 256 Subnets), which I can see then allocates an IPv6 address to clients and all of them are ping-able, it's anything external which isn't routing. I have the same issue as OPNsense as I spun up a VM to test it and it seems a fairly common issue from having a quick Google. I must have either missed something on an FW or it's something to do with its next hop. I've raised it with UniFi support so I'll see with what they come back with.

However, if I put my ISPs supplied router back on (Linksys SPNMX55CTF - MX4200 basically with ISP firmware on it)

On a plus note, my new altnet is working really well, I need to see what Zen are going to offer as that contract is up for renewal but I would like to upgrade the ONT to a 2.5Gb one.

A quick latency test against the BBC is rather impressive:

Code:

Pinging bbc.co.uk [151.101.64.81] with 32 bytes of data:
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61
Reply from 151.101.64.81: bytes=32 time=2ms TTL=61


Ping statistics for 151.101.64.81:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

Also, a quick update on the 2.5Gb UDM-SE / UDW issue (WAN Port), it looks like it is flow control related if you find it dropping when maxing out the connection you can disable flow control. In the case of the UDW its "ethtool -A eth18 rx off tx off" on the 2.5Gb interface. As ironically the best way to replicate this issue is to download COD :cry:

I have been advised by UniFi this issue has been identified and they are going to putting a fix in an upcoming firmware update.

Bluecube · 26 May 2024 at 15:25

Vodafone is similar in that it only gives ipv6 addresses to its own routers. Not 100% sure why but it seems to be down to how Vodafone have implemented ipv6 which, to my inexpert eyes, is a complete bodge

Dangerous · 28 May 2024 at 08:58

Since I'm using Starlink and its via Cloud Key Ultra to my UDM-P, I guess I should enable IPv6 :cry:

It's setup that way as the Starlink is in the campervan and the UDM-P has EE on WAN2 for when I'm away in the camper.

Seems to be working without any major issues.

doodah · 28 May 2024 at 09:04

So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?

Steveocee · 28 May 2024 at 10:38

doodah said:
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?

The whole point of an IOT network is to isolate the clients from each other and only allow access to "the web".
If you want app access, that requires the clients to talk so just move the TV onto your main LAN and if you really want to be super cautious stick some additional FW rules in to stop the TV going out to the web in particular ways.

Bluecube · 28 May 2024 at 10:54

doodah said:
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?

Not what you’re after but an adblocker will help your security specifically with the TV. Samsung TVs are incredibly chatty and send a huge amount of information to Samsung about your viewing habits

robj20 · 28 May 2024 at 11:13

doodah said:
So I've been fiddling with segregating some of the networks/VLANs on my network. I have my main network/VLAN, one for the cameras, a guest network and I'd made one for IoTs including our TV (Samsung Frame). However if I put the TV on another WiFi network, I can't use some of the features via the phone app. Would a work around be to create some firewall rules? But which way around? Lock it down on my main network or plonk it back on the IoT VLAN and make necessary rules to allow the app features to work again?

I did similar. For instance my Plex server is on my main network and all the smart TVs are on the IOT one, I just created a firewall role to allow the required ports needed for Plex.

Dangerous · 28 May 2024 at 15:54

A note if you do enable IPv6 and use the UDM for Ad blocking

https://community.ui.com/questions/ad-blocking-ipv4-vs-ipv6/4664e3d9-7f3c-4019-8036-236650580dfe

sparkymark75 · 28 May 2024 at 16:45

I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error

Steveocee · 28 May 2024 at 16:53

sparkymark75 said:
I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error

I thought that with BT you were assigned an IPv6 via the IPv4 allocation? I may be thinking of Zen specifically.

RSR · 28 May 2024 at 17:59

sparkymark75 said:
I'm actually trying to get IPv6 working on my Cloud Gateway Ultra.

I'm on BT FTTP and have the Internet set to DHCPv6 with a prefix of 56. I'm using the Cloudflare IPv6 DNS servers. For the local network, I have it set to Prefix Delegation and then everything else on Auto. I'm getting an IPv6 address on my PC but none of the IPv6 tests show I'm using IPv6 and a ping -6 test just returns a transmit failed: General Failure error

That sounds like a similar issue to my UDW, as a /56 PD will allow for 256 subnets.

You'll probably get a global IPv6 and a link local IPv6 address (fe80:xx..... ) when reviewing the IP configuration, so it's effectively set correctly. However, from what I can see it looks like it's missing its next hop, which is the same behaviour as I have seen in OPNsense. It may also drop the IPv6 address if you leave it for a while.

You may also find with Unifi you may need to set this up on a VLAN as it doesn't work correctly on the default VLAN.

I have an open case with Ubiquiti that has just been escalated.

sparkymark75 · 28 May 2024 at 18:04

RSR said:
That sounds like a similar issue to my UDW, as a /56 PD will allow for 256 subnets.

You'll probably get a global IPv6 and a link local IPv6 address (fe80:xx..... ) when reviewing the IP configuration, so it's effectively set correctly. However, from what I can see it looks like it's missing its next hop, which is the same behaviour as I have seen in OPNsense. It may also drop the IPv6 address if you leave it for a while.

You may also find with Unifi you may need to set this up on a VLAN as it doesn't work correctly on the default VLAN.

I have an open case with Ubiquiti that has just been escalated.

Yeah, sounds exactly like the same issue. Let me know how you get on with your ticket?

sparkymark75 · 28 May 2024 at 19:10

Something obviously isn’t working correctly as I notice my iPhone isn’t getting an ipv6 address even though it’s on the network configured for it.

*** Official Ubiquiti Discussion Thread ***

* Official Ubiquiti Discussion Thread *