Happy 10th anniversary of World IPv6 launch Day!

Guess what, AVM did release a new labor version of the Fritz OS with several IPv6 DNS fixes, they write:

## Internet:
- **Fixed** Certain websites could not be opened with IPv6, especially on fiber optic connections

That happened to me when the DNS wasn’t giving IPv6 IP’s to me.

As for 6-yo-4, I do not use that as EDPnet is dualstack.
They are still having problems with IPv6 and many things go wrong.

Bas.

That’s the good part of it; the more people start using it, the more teething problems are being fixed. Just like with IPv4 back in the good old days :wink:

Exactly.

Anyway, I’m teaching a friend of mine to use IPv6 as well.
He has major problems to grasp is all.

But he’s starting now, he is not a computer nerd like we are, but he learns fast.

My problem is that many if not all sites give wrong or too complex information, they put every body on the wrong track.

My friend is now telling me, this is simple, but I do not understand it yet, so I told him to take baby steps.

I also managed to make my Private Voip-Asteriks to handle IPv6, was a piece of cake.
And I love how you can manage hosts.allow to narrow IP’s to allow for e.g. SSH be closed for the world except your own network.

I still do not understand why people leave SSH open to the world and then complain they are hacked.
I always close it for everybody but leave it open to my servers and own-IP’s, no way you get in, not even if you know the password if your are not a member of my allowed-IP ranges.

With IPv6 you can open it to sections and disallow the rest, something IPv4 can’t do.

The more I learn, the more I’m open do ditch IPv4 in total…me is a happy IPv6 camper :slight_smile:

I do have a question: what does IPv6-interface-id do? You can set it, and then what?
It has to do with local non-routable suffix, but I can’t find any explanation on it’s purpose or what it’s for.

I don’t touch it, as last time it broke my IPv6…it does work again, no problems…but Johnny No5 needs input! :wink:

Bas.

[TL;DR - it’s best not to touch it in your Fritz!Box settings]

An IPv6 interface ID is simply the part of the IPv6 address that comes after the subnet prefix. Let’s call it the suffix.

So, if the assigned prefix is 2001:db8:1111:2222::/64 and the suffix is aaaa:bbbb:cccc:dddd, that would lead to the complete IPv6 address 2001:db8:1111:2222:aaaa:bbbb:cccc:dddd/64.

IPv6 interface IDs basically come in three flavours:

  • Configured manually (including DHCPv6)
  • Modified EUI-64 (in other words: based on the MAC address)
  • (Semi) randomly picked automatically

Manual configuration allows you do do cool stuff like:

2001:db8:1111:2222:0:0:0:123/64 (or 2001:db8:1111:2222::123/64)

Modified EUI-64 based suffixes are used for automatically generating a unique IPv6 address based on your MAC address (this is called SLAAC). This is often the default. It’s not exactly your MAC address that shows up in the generated IPv6 address, there’s some processing done, but the MAC address can easily be derived from it.

Because your MAC address can be derived from the SLAAC generated IPv6 address, you could in theory be tracked when you move around networks. For mobile devices this might be undesired. That’s why they invented ‘privacy extensions’ (RFC4941), which picks random values (that also change at certain intervals). Because of this, you can no longer be tracked based on your MAC address. But it goes without saying that RFC4941 addresses are not suitable for offering services, such as a public NTP server.

Regular changing addresses also impose other challenges. For example in the case of an IP whitelist. It’s impossible to whitelist a client when it’s IPv6 address constantly changes to something random. So, there is also a semi random way (RFC7217) that makes sure your IPv6 address can’t be tracked over various networks, while it remains constant in every individual network. So for example at home you always get the same IPv6 address (assuming your prefix hasn’t been changed by your ISP) and at work you also get the same address. Both the prefix and suffix are different and the MAC address is not used for it. Hence, it is impossible to track you and know that you where traveling between home and work.

Fritz!Box CPE’s have an IPv6-interface-id field, that by default is filled with the EUI-64 derived value. But it can be changed. I’d recommend not touching it, especially when you have port sharing enabled, to avoid mismatches and confusion.

Thanks Marco.

I thould it would be the suffix. And I will use that some day when I ask EDP to alter my PTR again, else they go nuts on me. :grin:

At the moment I have made the servers static on the FB assigned adresses, was the easiest way to get it working.

It’s starting to make sence now.

As for the shortning of the IP’s, I did know that.

Thanks a lot, you helped me more then all the pages I read from others, as you end up on another planet with no way home :grin:

Bas.

1 Like

Ah, that’s nice; an ISP that allow you to do that. Most don’t.

In the end it doesn’t have to be a nice address at all and 2a02:578:440e:0:aaa1:59ff:fe3d:5b53 works just as good as 2a02:578:440e::123, which is really nothing more than just a nice to have gimmick.

Yeah I know.
I used to be with XS4ALL (Belgium) and a friend of mine in Holland, they allowed it too.
Sadly KPN bought them and the PTR always ends with KPN.NL, so your mailserver at home has to say HELLO it’s KPN.NL else you are blocked by many mailservers.
We rang KPN, and they gave us the finger, no PTR’s will be set.

For Chrony this is bad, as Chrony does a PTR lookup and if it’s not set it will show a broken IPv6 address, too little characters in the string I suppose.
But if you are with KPN, it will show KPN instead of you, how sick is that?

Have a look, mine (this is IPv4 but still) perfectly set by EDPnet:

nslookup ntp1.heppen.be
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	ntp1.heppen.be
Address: 77.109.90.72
Name:	ntp1.heppen.be
Address: 2a02:578:440e:0:aaa1:59ff:fe3d:5b53

and:

nslookup 2a02:578:440e:0:aaa1:59ff:fe3d:5b53
3.5.b.5.d.3.e.f.f.f.9.5.1.a.a.a.0.0.0.0.e.0.4.4.8.7.5.0.2.0.a.2.ip6.arpa	name = ntp1.heppen.be.

If you connect to my NPT1 server, it will show it nicely in the Chrony pages. The power of PTR :crazy_face:

BTW, if you hate KPN or Ziggo, EDPnet is also active in Holland and does set PTR’s and they are also very cheap AND ACTIVLY SUPPORT IPV6 :grin:

Bas.

I know, because I was with XS4ALL too. They delegated the entire prefix to my DNS servers, so I could change it just as I pleased. Very convenient. :smiling_face_with_three_hearts:

1 Like

I never heard of such Marco, how do they deligate it to another DNS and you can set your PTR.
Because if I ask my ISP they will be very happy to do it.

I have DNS servers too at Neostrada but they do not offer PTR.
I do not plan on running my own DNS as I find Bind9 rather complicated.

Hosting is my thing, but nameserving is something else, I rather leave that to the experts :grin:

I also looked at Combell nameservers and they don’t offer PTR records either.

How does that work?

I’m a bit late to chime in. I wasn’t watching this topic. But since I have some hands on experience with FRITZ!Box, good and bad, as well, I was wondering what model you use, @Bas.

My experience in a nutshell with FRITZ!Box and IPv6: it’s a steep learning curve. Once you know where the settings are in the interface and what they mean, it falls into place. By the way, I’m using the FRITZ!Box as router only with the stock firmware. DNS, firewall, router advertisement is handled by an exposed host behind the FRITZ!Box.

I have used the 7581 and 7583 models. Unfortunately, there is no lab firmware for these models.

I’m currently using the 7590 (first edition), but I started way back in the days with an 7270, later 7360v1 and v2, 7362SL, 7390 and last before the 7590 the 7490.

The firmware I’m using now is the last labor of 17-6-2022 and that one fixed many IPv6 problems.
But it works now as should, finally :grin:

Ipv4 was never a problem, apart from some minor bugs where you had to redo all port-forwardings, but those days are behind us for several years now.

I can read and write with those boxes, but never got IPv6 working properly, and with the help of Marco and the last labor it came together and works ever since.

Bas.

Well, I’m glad IPv6 finally worked out for you as well :tada:. I noticed your frustration :right_anger_bubble: in various topics.

For me it was a simple matter of adding routes to the IPv6 subnets I use internally. What took time and some digging around was the way the FRITZ!Box acquired its own IPv6 address/subnet (from the /48 assigned by my provider) and various settings relating to that. There appear to be subtle differences between the 7581 and 7583.

But, again, I’m not using any of the convenience features (DHCP, DNS, RA) of the FRITZ!Box.

The problem of the Fritz was the Port-forwarding of IPv6 where it didn’t forward after a reboot even when the IP was the same.
It just stopped.

My servers in datacenters where already using IPv6 without problems.

I got /48 from my ISP as well.

I did try IPv6 years back and many times in between, it never worked.
Either the ISP didn’t have IPv6 or IPv6-over-IPv4 didn’t work or modems hold me back.

All sorted now…about time :ok_hand: :ok_hand: :ok_hand:

1 Like