Configuring Edge Router X for IPv6 on Maxis
Edit (2019-10-22): After changes to Maxis’s network and a year later of ERX firware patches the config below seems to be broken. Haven’t gotten around to get it working again.
Edit (2020-06-12): The config below is still working (Thanks to Andrew for the heads up).
Leaving this config here in case someone else finds this useful. Configuration was done on the Ubiquiti EdgeRouter X, ERX (EdgeOSv1.10.5) for Maxis Fiber (HSBB Unifi infrastructure).
The typical Maxis Fiber internet connection is a PPPoE authenticated connection over VLAN 621. Hence in the config below IPv6 will be enabled under the PPPoE tree of the configuration directory.
In my config my actual LAN interfaces eth2 and eth3 is behind switch0 interface. Hence I will be enabling ipv6 on the switch
Config as follows (in two parts):
firewall {
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
}interfaces {
ethernet eth0 {
duplex auto
speed auto
vif 621 {
description "Internet (PPPoE)"
pppoe 0 {
default-route auto
dhcpv6-pd {
pd 0 {
interface switch0 {
host-address ::1
prefix-id :0
service slaac
}
prefix-length 64
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
address {
autoconf
}
enable {
}
}
mtu 1492
name-server auto
password ****************
user-id *******@public.maxis.com.my
}
}
}
switch switch0 {
address 10.0.0.1/24
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
router-advert {
managed-flag true
name-server fe80::f369:71d6:f865:9974
name-server fe80::b1c3:b1cd:a709:ddc5
prefix ::/64 {
autonomous-flag true
on-link-flag true
}
}
}
}
}Notes:
- Maxis IPv6 uses a
::/64prefix (as far as I can tell) fe80::f369:71d6:f865:9974andfe80::b1c3:b1cd:a709:ddc5are my local IPv6 DNS caching servers;
Alternatively please feel free to use a public IPv6 DNS servers like Google, OpenDNS or Cloudflare.