Internode offers Dual Stack IPv4/IPv6 connectivity to their broadband customers and has done so since 2011; sadly, said connectivity doesn’t work very well out of the box with the UniFi Security Gateway router.

The problem? UniFi’s router firmware (version 4.4.22.5086045) and cloud controller (version 5.8.30) configure DHCPv6 Prefix Delegation on both the WAN interface and the PPPoE interface; the outcome of which is that the router obtains an IPv6 address – but nothing else in the network does.

This bug manifests itself with any ISP who authenticates customers via PPPoE and provides dual stack connectivity on the PPPoE interface (and assigns a customer-end IPv6 address range via Prefix Delegation) – not just Internode.

Configure IPv6

In case you haven’t already done so, configure IPv6 in the Controller. Internode’s general instruction for IPv6 is that you get given a dynamic /64 for the PPP interface and a static /56 for your LAN, distributed via Prefix Delegation. So far, so easy.

In the Controller, select the site, then Settings -> Networks -> WAN. In the IPv6 section:

  • Connection Type: Using DHCPv6
  • Prefix Delegation Size: 56

Save, then select the local network you want to enable for IPv6. In the Configure IPv6 Network section:

  • IPv6 Interface Type: Prefix Delegation
  • IPv6 Prefix Delegation Interface: WAN (this is the giveaway for where the problem lies..)
  • IPv6 Prefix ID: 56 (unsure whether this is necessary)
  • IPv6 RA: Enable IPv6 Router Advertisement checked (leave settings at the default)
  • DHCPv6/RDNSS DNS Control: Auto

Save and then wait for everything to provision. In theory, this would be enough for everything to just work, but it’s not. If you SSH into the USG and run show interfaces, you’ll see that the ethx interface that corresponds to the local network you configured above doesn’t have an IPv6 address:

Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description
---------    ----------                        ---  -----------
eth0         -                                 u/u  WAN
eth1         192.168.1.1/24                    u/u  LAN
eth2         -                                 A/D
lo           127.0.0.1/8                       u/u
             ::1/128
pppoe0       my.public.ipv4.address            u/u
             2001:my:public:ipv6:address:d32f/64

Fix Stuff

Knowing that the problem relates to Prefix Delegation being configured on the WAN interface rather than the PPPoE interface, you need to create a script which disables DHCPv6 Prefix Delegation on the WAN interface and restarts DHCPv6-PD on the PPPoE interface.

SSH into the USG and create /config/scripts/post-config.d/dhcp.sh:

#!/bin/vbash
# Script is started on reboot and via a cronjob created during provisioning

readonly logFile="/var/log/postprovision.log"

source /opt/vyatta/etc/functions/script-template

configure > ${logFile}

# Delete cronjob that called this script
delete system task-scheduler task postprovision >> ${logFile}

# Remove DHCPv6-PD from eth0 (WAN)
delete interfaces ethernet eth0 dhcpv6-pd >> ${logFile}
commit
exit

# Obtain IPv6 addresses for Prefix Delegation
release dhcpv6-pd interface pppoe0 >> ${logFile}
delete dhcpv6-pd duid >> ${logFile}
renew dhcpv6-pd interface pppoe0 >> ${logFile}

Make the script executable: sudo chmod +x /config/scripts/post-config.d/dhcp.sh

SSH into the Controller and either create or update the file [unifi_base]/data/sites/site_ID/config.gateway.json – on Debian, and assuming the site ID is “default”, the config.gateway.json file is located at /usr/lib/unifi/data/sites/default/:

{
  "system": {
    "task-scheduler": {
      "task": {
        "postprovision": {
          "executable": {
            "path": "/config/scripts/post-config.d/dhcp.sh"
          },
          "interval": "2m"
        }
      }
    }
  }
}

Always check that the file contents are valid JSON using JSONLint – this will prevent problems with provisioning the USG.

Finally, force a provision of the USG – log into the Controller, select the site, then Devices -> USG -> Config -> Manage Device -> Provision.

Once provisioned, IPv6 should be working on your network!

Note: If your ISP requires a VLAN tag on the WAN interface, there are slightly different steps required – see the first source below.

Sources:
https://spflug.de/?p=175
https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration

Leave a Reply

Your email address will not be published. Required fields are marked *

46 − 40 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.