Yes the firewall thing is a glaring hole especially since you’re giving out public IP space to everything.
I wonder how many internet enabled refrigerators and ovens have log4j libraries. From: Jesse DuPont <[email protected]> Sent: Tuesday, December 14, 2021 11:49 AM To: AnimalFarm Microwave Users Group <[email protected]>; [email protected] Subject: Re: [AFMUG] IPv6 in home routers I have done (somewhat) comprehensive testing of consumer routers and IPv6. You're right, Cambium/ReadyNet's implementation is either not functional or buggy (like, sometimes fails to announce itself as a gateway to the LAN). Mikrotik is great, but does take a few steps. Calix's support for IPv6 is solid and reliable. Netgear and Asus also have good IPv6 support, but it must be enabled. If doing DHCP, just enabling it with Auto Config is sufficient most of the time. If PPPoE, need to specify it's PPPoE and then to use the same session as IPv4. Linksys also generally has working IPv6 support, although the older stuff (3+ years) is a little spotty. When I say working IPv6 support, I mean that they request a prefix via DHCP-PD, install that prefix on the LAN side and start announcing it to the LAN for SLAAC addressing. Most of them except Mikrotik seem to also require a global address via SLAAC on their WAN ports. So in my implementation, I have a SLAAC prefix on the subscriber router network from my equipment, and DHCP-PD running and the routers assign themselves a global address from the SLAAC prefix on their WAN ports and the DHCP-PD prefix on their LAN side. I guess they use the WAN address for things like DNS queries (for themselves and when they're doing DNS proxy). Mikrotik will use any global address for things like DNS queries, even an address on it's LAN side. I'll also say that seems the IPv6 firewall is not enabled on about half of what I tested. Maybe it's better now, but even Mikrotik today doesn't have a standard set of consumer-router IPv6 firewall rules, at least not in RouterOS v6 or earlier. Maybe they do in v7. Jesse DuPont Owner / Network Architect email: [email protected] <mailto:[email protected]> Celerity Networks LLC / Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband <file://Users/jessedupont/Google%20Drive%20File%20Stream/My%20Drive/Celerity%20Networks/celeritynetworks-GIF.gif> On 12/13/21 2:51 PM, [email protected] <mailto:[email protected]> wrote: I was doing some testing on our dual stack FTTX network. I grabbed a CnPilot R201P off the shelf. IPv6 was disabled by default. You had to enable it in 3 different places and even after following the guides on Cambium’s site the prefix delegation seems to not really work. I grabbed an AirCube…..no IPv6 support at all. It’s supported in the underlying OS, but not in the GUI. Ubiquiti support says it’s coming, but they’ve been saying that for 2 years +. I grabbed a Mikrotik…..works perfectly fine, but setup is beyond what any consumer is going to do. If I’m quibbling, it doesn’t support stateful dhcp assignments from a delegated prefix. That’s not too big of a deal. Out of 3 routers I have close at hand, 1 is a faulty implementation, 1 is not implemented at all, and one is too hard for normal people. So when people run out to the store and get a Netgear, Asus, or whatever router off the shelf is it hit-or-miss with those too? I guess I naively assumed that 25 years after IPv6 was created that we’d have working implementations by now.
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
