DMZ using IPv6 Addressing
I use StarLink as my ISP and they don't support anything reasonable for consumer customers associated with accessing local devices from the public side of things. They use IPv4 CGNAT addressing on the IPv4 side of things, but do unofficially support IPv6 routing. So, I've turned on IPv6 support on my router, and am tying to configure a DMZ (and eventually port forwading if I can) to test external access to LAN resources.
The issue I have is that using the IPv4 address DMZ set up doesn't seem to work. So I tried to enter in the IPv6 address of my local device. When I do that I get an error saying "The IP address and LAN IP address should be in the same subnet." which is probably because of I am entering the full IPv6 address for my device, or because I completely new to IPv6 and don't know how to specific addresses properly.
Has anyone successfully set up a DMZ using IPv6? If so, how did you get it to work?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Don't bother to try that since there's no way to do it at this moment.
There are several threads on that matter - here's one and the official response.
- Copy Link
- Report Inappropriate Content
I opened a ticket with TP-Link a couple of days ago with the following request...
Subject: IPv6 Addressing
I need to configure my router to use IPv6 addressing for DMZ and Port Forwarding. I have IPv6 set up and working the router (I can access various devices internal to my LAN using IPv6 addresses) but I use StarLink as my IPS and the do not support reasonable IPv4 addressing for local devices. They do support IPv6 addressing. So, I need to access a local server from the public side and IPv6 appears to be the way. However, when i past in my local servers IPv6 address (fe80::xxxx.xxxx.xxxx.xxxx) the router throws an error saying "The IP address and LAN IP address should be in the same subnet.
They sent me a lame response this morning...
You may refer this instruction to reset port forwarding (also called virtual server) on your router: https://www.tp-link.com/support/faq/1379/
Note: Before setting up, please make sure the TP-Link router WAN IP address is a Public IP. If it isn't a public IP, but a Private IP, that means
there is another NAT device connected to the WAN port of the TP-Link router, you need to open the service ports on that device as well.
First, I REALLY get sick of so called support people that either don't read the actual issue, or just send out canned cr@p responses to deflect and/or pad their "response to ticket" times. It's a really bad way to provide customer support, and the TP-Link corporate types should take note of this kind of poor support.
Second, IPv6 is the future, and has been increasing it's share of the routing world for years. It is a much more elegant and efficient way to route, and has been adopted and implemented in most major corporations, ISPs, universities, etc. TP-Link should FULLY support IPv6 and not ignore it's implementation on their consumer or small buisness routers.
I responded to the "support" person that their reply was less than helpful. I will post their reply when/if they do. I have numerious TP-Link products, but will more to another vendor if this isn't addressed fully. I say again, IPv6 is the path forward, and has been around for years. TP-Link, get your act together and start FULLY supporting it...
Not Happy...
- Copy Link
- Report Inappropriate Content
Well, I finally got bumped up to an honest support supervisor that actually read , researched, and responsed to my questions. Sadly, this is their reply...
After further confirming with our system engineering, we'll need to set up IPv6 Access Control to meet your needs. IPv6 Access Control is an advanced IPv6 function that the Archer AX21 doesn't support. Archer AX21 supports basic IPv6 functions. Currently, we have Archer AX55 V1 have which can support this advanced IPv6 Access Control feature.
I sent them a "thanks for being honest about your IPv6 support" along with the following...
IPv6 access control is NOT an advanced IPv6 function. Again, an IPv6 router that won’t pass IPv6 traffic isn’t an IPv6 router. That part of your reply is less than transparent from my perspective, and is a “wow, you’ve asked for some advanced stuff if you want our routers to actually work as a router in an IPv6 environment”. Again, customer loyalty is more valuable to a company than I think TP-Link appreciates.
Anyway, I'm moving to ASUS equipment at this point, for at least my perimeter routers. They do support IPv6 firewall access rules, and you can run aftermarket firmware (Merlin) to unlock a lot more capabilities if needed. I've run DD-WRT on some of my older routers, but it's UI is much more "technical" than I like to deal with.
- Copy Link
- Report Inappropriate Content
I should have listened to you... I got the proverbial "we hope to issue a firmware update as some point..." reply too...
terziyski wrote
Don't bother to try that since there's no way to do it at this moment.
There are several threads on that matter - here's one and the official response.
- Copy Link
- Report Inappropriate Content
Last post in this thread, probably. The support supervisor said in the reply that the AX55-Pro does support what I was asking for. I just reviewed the User Manual and there is no info in that document on the topic at all. So, again, TP-Link is less than transparent about their IPv6 support. If you're looking for IPv6 functionality on a router be VERY sceptical about reading marketing materials from TP-Link...
- Copy Link
- Report Inappropriate Content
There's a several feature requests for this functionality - here and here.
There's also a claim that AX10 supports this too - here.
I'm pretty sure that this would be addressed for AX series since there's no other way around - they just don't have any ETA yet.
I don't know if AX55 or AX55 Pro have this implemented, but sometimes new features implementation precedes router's user guide updating.
- Copy Link
- Report Inappropriate Content
TP-Link support did try and help resolve the issue, so that was at least positive.
Their solution was to send me a replacement refurb router, model Archer AX55(US) V1.0, which they said should support IPV6 and allow firewall rules.
I received the AX55 today, and it does in fact allow firewall rules for IPv6 devices, so that is really positive.
But, when I tried to configure the router for WAN side administration, the configuration page says something to the effect that "you can't remotely administer the router using IPv6 addresses, you must have an IPv4 address to access and configure the router from the WAN side".
So, I'm stuck again, because the whole point of IPv6 is to be able to directly access devices without NAT and other funky IPv4 tricks. I sent them another note asking the engineering team if there is a fix for this, and am waiting for their reply.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1127
Replies: 7
Voters 0
No one has voted for it yet.