Just figured out how to do vlans with ipv6 after figuring out how to get androids to play nice wi...

[G+_Benjamin Webb]

Just figured out how to do vlans with ipv6 after figuring out how to get androids to play nice with ipv6 and OpenWRT.

 

Turns out all Androids configure themselves with SLAAC. This requires RA set up on the router to give the device the info it needs to configure an address itself. It also requires a 64 bit section of address expressed as /64. For reference this section is 4.3 billion times larger then the entire 32 bit ipv4 address space.

 

If you need more than one network then you need more /64 sections. I set up my wan for a /60 as next size up allowed by comcast this is enough for 16 /64 sections.

 

For comcast if you previously set up with a /64 and switch the request to a /60 you either need to find someone at comcast to fix this (I couldn't) or change your Mac address on the modem then reboot modem and router.

 

I currently have my lan and 3 wireless networks bridged on one /64 and a guest wireless network with isolation flag set to prevent clients from seeing each other on another /64. I now have 14 more /64 networks available. Resulting in me having 68.8 billion times more addresses then current ipv4 internet. This is a truly strange protocol but this is apparently how it is done.

 

Other non Android clients can be configured with either stateful or stateless DHCPv6 (stateful is the one similar to dhcp on ipv4). Access is controlled through a stateful firewall set up on the router. Anybody wants in on this ipv6 craziness I am happy to help out. I learned quite a bit setting this up.?

[G+_Benjamin Webb]

Bill Michaels Took me 2 months of reading forums and white papers to get this far. I also troubleshoot ipv4 com issues with SCADA systems for a living.

 

The good part is if you are running OpenWRT I can give you the exact config to make it work.

 

Saw people running ipv6 stuff with Edgerouter, RouterOS, PFSense, and Cisco in the forums.

 

Wonder if the Synology firewall is up to the task. Supporting the protocol is the easy part compared to setting up the firewall. Was happy OpenWRT has good defaults out of the box for IPv6.

[G+_Benjamin Webb]

Bill Michaels Yeah I built my own router using a piece of hardware called an APU2. Has a dual core AMD APU processor 4 gigs of ram with 3 built in Intel NICS. Has slots for two mpcie radios, a mSATA slot for a SSD, regular sata slot, and two external USB slots. I drilled 4 antenna holes (2 were already there) and picked up some radios and anetennas off Amazon. Came in at about $300.

 

Was tired of ordering new Hardware whenever a new wireless standard came to be or it could no longer keep up with internet. Figure I am good until we are faster than symmetrical gigabit Ethernet and will keep swapping out wireless radios along the way.

 

Your going to want quite a bit a horsepower for the firewall so I figure you want probably a 1 ghz Arm if looking to flash an off the shelf router. I have never seen mine break 4% CPU and use about 2% of the ram for five devices.

 

You could also buy in pieces have an Edgerouter/pfsense/RouterOS router and a separate access point. Mine was the only one I could find that could do it all in a tiny package and draw like 12 watts (it's actually smaller than a Synology router).

 

Almost nobody is setting up IPv6 because of the horsepower needed for a proper stateful firewall as well as the knowledge to configure this stuff. If your budget is limited I would wait until this equipment is more common and ready to go out of the box.

[G+_Jason Perry]

Do you have a website or YouTube channel? I don't see myself making the switch any time soon, but would love to spend time learning more about IPv6.

[G+_Benjamin Webb]

Jason Perry Nope but if you want to build it just put up a post and I will walk you through it. Never thought about a website or a YouTube channel.

 

Was a contract writer when Home Theater PCs were big but kind of figured the audience for stuff like that kind of faded. Get very little side work anymore even building computers anymore.

 

IPV6 is mostly for people running really expensive and powerful routers right now (unless you go DIY) and is extremely complicated. I am kind of happy there is an audience for it here.