Com Hem offering IPv6 via DHCPv6 to its customers
Sunday, December 17. 2017
A month ago my ISP sent information that they're upgrading my connection speed without increasing the monthly cost! Nice. Totally unexpected from them.
Couple weeks ago my internet connection had dropped during night and I just flicked the switch on the cable router and it all came back. What I didn't initially realize, that I had an IPv6-address! WHOA!
Given zero public information about this on their public website, customer portal or anywhere, I just saw that on my network interface while investigating an another issue. They are broadcasting router advertisements and allocating a /64 from 2A04:AE00::/26 (SE-COMHEM-20140210). It looks like this on radvdump:
interface enp1s0 {
AdvSendAdvert on;
# Note: (Min,Max)RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvReachableTime 600000;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 9000;
AdvHomeAgentFlag off;
AdvDefaultPreference high;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
}; # End of interface definition
Since the O-bit for "other" (AdvOtherConfigFlag on) is enabled, it means that a DHCPv6-request will get more usable information. A DHCPv6 lease will look like this:
lease6 { interface "enp1s0";
ia-na xx:xx:xx:xx {
starts 1512476381;
renew 302400;
rebind 483840;
iaaddr 2a04:ae07:yyyy:yy::yyyy {
starts 1512476381;
preferred-life 604800;
max-life 2592000;
}
option dhcp6.status-code success;
}
option dhcp6.client-id 0:1:2:3:4:5:6:7:8:9:a:b:c:d:e:f:10:11;
option dhcp6.server-id 0:1:0:1:53:f:97:74:0:50:56:a8:22:a4;
option dhcp6.name-servers 2a04:ae3a:ae3a::1,2a04:ae3a:ae3a::2;
}
It works and is fast and all, but ... (there's always the but part). Given SLAAC, they issue only a /64 prefix. Why is that a problem you ask. Well, to be able to issue an IPv6 address to all devices in my LAN, that's not enough.
I tried sending a Prefix Delegation -request via DHCPv6, but no. They didn't honor that request. Should that worked, I'd be happy. I'd have my own /48 prefix for my LAN-devices.
In the current form Com Hem's IPv6 is mostly useless as none of my actual devices have IPv6 addresses in them. I'm investigating this and if/when I find a solution for this, I'll post something about it. Meanwhile, if you know how to get a prefix out of them, please inform!
Michu on :
When I have ipv4 switched on, the PC always uses that protocol no matter what I do in regedit... when I turn it off, I can see an ipv6 address being assigned to me when I check ipconfig, and test-ipv6.com confirms that I am fully ipv6 capable. But then when I restart my PC I don't get an IP assign from the router and I have to switch ipv4 back on.
Also, I tried port forwarding for ipv6, which is an option on the Com Hem router, but it doesn't seem to work at all. The router also never shows my PC with an ipv6 address, even when I turn ipv4 off. It still shows the old ipv4 address in the router network menu.
Any suggestions? I really wonder how you got it to work. BTW any idea how I access the Com Hem router through my browser if ipv4 is off? (so far, had to use my phone to check the router...).
Thanks
Jari Turkia on :
Q: Does it matter that my PC is connected through WAN only?
A: Yes (I think).
Long A:
Since you're not describing your setup at all. Out of the box a ComHem cable-TV thingie is configured to route your traffic. If you read my blog posts, I configured my ComHem box to bridge the traffic. That way I could expose my MiniPC against the wild-wild-net and to assume the role of a router/firewall. That way I needed to configure the IPv6 autoconfiguration into my Linux instead of relying ComHem's box to do that for me.
Also, to test this comprehensively, I did test this in router-mode also. My cable-TV box did work with IPv6 perfectly. Some colleagues at work said, that their older model wasn't table to handle IPv6. So, their option was to get a newer model, or go bridging.
Q: When I have ipv4 switched on ... suggestions?
A: Whaaat?
Long A:
If your IPv6 works on your PC (again, you're not describing your setup at all, I'm assuming Windows 10), no registry tweaking is needed at all. Also, when working with Windows TCP/IP-stack, you'll almost never need to touch registry. netsh can handle 99,99% of all your networking needs.
Q: port forwarding for ipv6 ... suggestions?
A: Whaaat?
Long A:
That sounds like you have a serious misconception there! In IPv6 every single gadget you own will have a perfectly valid IPv6-address. There is NO NEED for port forwarding. That's an IPv4-concept, which you should forget.
However, both IPv4 and IPv6 need firewalling. Since in IPv6 all devices can be exposed against the wild-wild-net, it's about firewall rules to prevent or allow this. I don't think ComHem's box can do any of that for you. You'll be needing a real router/firewall for that.
Q: any idea how I access the Com Hem router through my browser if ipv4 is off?
A: You cannot.
Long A:
It doesn't acquire an IPv6-address for the box at all. At this point of IPv6-adoption I'd settle for having a native IPv6 to home. In the next stage many years from now, I'd expect all devices to work with IPv6-only. We're not there yet.
Michu on :
Just for clarity, my setup is Win7 and a Com Hem TV coaxial internet router (WiFi Hub C1 250 dl / 10 ul) sent to me in April when I got my home package with them.
I read one of your previous posts where you switched the bridge back to NAT mode for ipv6, so I assumed NAT mode is the way to go.
I switched off the ipv4 protocol because my PC didn't seem to use ipv6 when both protocols where turned on (with both protocols on, test-ipv6.com resulted in a test failure, with ipv4 turned off, it resulted in a successful test).
As soon as I turned off ipv4, while I still was able to browse the web, all my torrents stopped working. So I checked the Com Hem router menu and there is a section for ipv6 port forwarding (check yours, its there), which unlike the ipv4 section, was empty... so I thought I had to do something there to make it work but nothing I did resulted in a success and after restarting the PC, I end up with zero internet connectivity : /
btw the Com Hem router says it has an active firewall protection on ipv6 active, so that part should be fine, I guess.
Jari Turkia on :
- In my blog post about ComHem router, I specifically say the unit I had was a Sagemcom F@ST 3686 AC
- It is impossible for ComHem customer to try to determine what specific unit they ship to you. It is entirely possible, that they did ship a completely different unit to you. That is, unless you specify your make and model.
- Yes, you're right. I never specified to not use routing (you would say NATting) and to use bridging. However, in this article (https://blog.hqcodeshop.fi/archives/346-HOWTO-Configuring-a-router-on-a-Mini-PC-with-CentOS.html) I describe my MiniPC-router setup. There is a phrase "ISP's cable modem is configured as bridge, no double NATting done".
- When doing bridging, all of your problems can be controlled by you and none of your problems are a result of ComHem's shortcoming in configurating their router/hardware/whatever.
- If doing bridging following this are true:
1) You're responsible of doing your own routing/NATting (if needed)
2) You're responsible of your own firewalling
3) You're responsible of your own port-forwarding
4) To achieve 1)-3) a separate device, other than ComHem cable-TV -box is required.
- From your comment I gather, that you connected your Windows 7 (why not Windows 10?) directly to ComHem box exposing it to The Net and getting public IPv4 and IPv6 -addresses from ComHem.
When all of the above is combined, there is still no need to disable IPv4. And if you really, really need to do it: don't do a registry hack! Learn how to do correctly or be prepared to salvage yourself from an unnecessary hole you dug for yourself.