edgerouter ipv6 config for telus purefibre

edgerouter_ipv6_telus.sh

# current as of edgeos v1.10.5
# cobbled together from:
# https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d
# https://heald.ca/configuring-telus-optik-ipv6-ubiquiti-edgerouter/

configure

edit firewall ipv6-name WANv6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

edit firewall ipv6-name WANv6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top

set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL

set interfaces ethernet eth0 dhcpv6-pd prefix-only
set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 56
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 prefix-id :0
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 service slaac
set interfaces ethernet eth0 ipv6 router-advert managed-flag true
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1
commit

# check if you get an ipv6 address on eth1, if all is good then run `save`

fix_ipv6.sh

 # To fix ipv6 on telus, add a script called fix_ipv6.sh under /config/scripts with
 # the following content:

# assuming eth0 is your wan interface
/bin/rdisc6 --single eth0 > /dev/null

# then add it as a scheduled task with a couple of commands like:

# configure 
# set system task-scheduler task fixipv6 executable path /config/scripts/fix_ipv6.sh
# set system task-scheduler task fixipv6 interval 30m
# commit
# save

Hi, by "second file" do you mean the shell script to call /bin/rdisc6 every half hour?

I was under the impression that we don't need to send router solicitations because Telus will send an RA after you request via DHCP

Late reply, but yes the rdisc script. For some reason the router was never getting the ipv6 address until I started doing that.

Hah. I ended up getting it working somehow. Thanks for the eventual reply.

@gordlea is this still working for you? not sure how to sort it out but it seems to not work for me. it does pull IPv6 on the Telus supplied router

It's been working fine for me without issue. It would help if you could be more specific when you say "it seems not to work". Error messages, logs, your config, etc.

Problem solved I think. Seems like I needed to release/renew:

release dhcpv6-pd interface eth0
delete dhcpv6-pd duid
renew dhcpv6-pd interface eth0