Support for IPv6 Firewall and UPnP/PCP for most TP-Link firmwares
Support for IPv6 Firewall and UPnP/PCP for most TP-Link firmwares
Hello.
Please add support for IPv6 Firewall for most TP-Link routers otherwise users cannot allow incoming connections towards their devices in the LAN with IPv6 Addresses.
So far the users were used to do this for IPv4 on the "Virtual Servers" under NAT Forwarding in most firmwares, but in IPv6 it works differently and you must have a separate section to allow them to control the connections that pass through the router towards the LAN devices with IPv6 addresses and a simple IPv6 Firewall interface.
Also please upgrade your UPnP daemon in running in the firmware to a newer version that supports PCP (Port Control Protocol - RFC6887 (https://tools.ietf.org/html/rfc6887)) and IPv6 and allows applications to request an automatic placement of a IPv6 rules to allow connection towards their devices with IPv6 addresses.
This is crucial in order to get all TP-Link routers more IPv6 Ready with all kind of scenarios as IPv6 becomes even more present in most scenarios. As many ISPs are supplying CGNAT IPv4 addresses (therefore private addresses) the only way to have a incoming connectiong to a home or business device is via IPv6 and without these two functions it is not possible at all.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for your suggestion. We have noted that and will keep an eye on this request.
And we will remind our R&D team, they can evaluate the feasibility.
Best regards.
- Copy Link
- Report Inappropriate Content
Thanks @Kevin_Z
This is certanlly crucial in order to be able allow any incoming IPv6 connections and I think the main remaining thing related to IPv6 in order to get routers with full support.
Just to supply you and them with further information:
- With regards the IPv6 Firewall it is important to let the developers know that similar to the equivalent "Virtual Servers under NAT Forward" is it handy to have an option where the IPv6 Firewall will take into account the IPv6 Address given to a device by DHCPv6 tied to a MAC Address becasue many ISPs supply users with a dynamic IPv6 Prefix Delegation which change on every reboot or reconection and having this bind make it much simpler so users don't have to change the rule everytime.
- Regarding the UPnP/PCP point I am not sure what UPnP daemon TP-Link use router firmwares but this support to UPnP/PCP that supports also IPv6 is available on some daemons like miniupnpd (http://miniupnp.free.fr/) since 2012 and the only thing needed to make it work is to compile it with --igd2 option.
I have tested this scenario with a router running OpenWrt 18.06 and miniupnd version 2.1 and it works all fine. I used the miniupnp client to test these requestes. An example of the command to test was: (upnpc -6 -A "" "" 2001:db8:1234::5678 12345 tcp 300)
Therefore if they just upgrade the UPnP/PCP daemon running on most of routers to a newer version being it miniupnpd or other will be probably be possible to fix this issue.
- Copy Link
- Report Inappropriate Content
Thanks a lot for your clarification, we have noted that.
If need more help in the future, do not hesitate to contact us.
Good day.
- Copy Link
- Report Inappropriate Content
@Kevin_Z Do we know if this is being planned, or will ever be implemented?
- Copy Link
- Report Inappropriate Content
I am not sure as I have not seen this on any routers yet.
Not even sure if TP-Link team undertood what this means and how much this is necessary for this type of router in order that IPv6 works as expected. And it doesn't take much to get this implemented really. Hope they don't dismiss.
- Copy Link
- Report Inappropriate Content
@FFREDY Hi!! I have the same question. I had a virtual apache server running with ipv6 and so I changed the router from an openwrt sokution to ax6000 and I realised there is no ipv6 connectivity from outside... A Big problem!!!
- Copy Link
- Report Inappropriate Content
Unfortunately firmware builders don't take attention to these things and look mostly only at web browsing, so IPv6 support sitll demands a a fair amount of knowledge to be acquired in order to make these necessary adjustments so there IPv4 dependency - including for incoming connections - can be eliminated completely.
- Copy Link
- Report Inappropriate Content
Thank you for bringing this up again. We have confirmed this with the dev team, and we assure that there will be new firmware in the near future to add the support for IPv6 firewall on/off, you will then be able to access the local IPv6 server by disabling the IPv6 firewall on the router. There is currently no estimated time for the new firmware for the AX routers, please pay attention on your router web or on the official website for any new firmware updates in the future.
- Copy Link
- Report Inappropriate Content
Thanks for the reply Kevin, but it is important that this get added not only to the new AX routers, but also to the most recent AC once as IPv6 is widely used and these routers already in production will take quiet a while to get refreshed.
Thanks
- Copy Link
- Report Inappropriate Content
@FFREDY The first post of this problem is 2019-08-19. Are you sure that his question is been taking serious? Why don''t use the solution implemented by the team of https://openwrt.org/ . I am using it now (my old router) and my new one (ax6000) is expecting one of two solutions, or the TPLinlk team fix that bug or openwrt makes a version for ax6000. Will be this post opened until the end of this decade (2030)?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 9
Views: 7394
Replies: 15