IPv6 address for FreedomBox accessible only with a browser

My FreedomBox is behind a carrier-grade NAT, and thus I can only access it locally, via Tor, or with IPv6. Since many services do not work over Tor, I would be interested in setting up access via IPv6.

I am able to connect to my FreedomBox via the browser (FireFox/Tor, etc.) using https:[myIPv6]. I registered a domain using my Freedombox’s IPv6 and I can also connect with the domain via a browser.

However, various command line tools do not allow me to connect via IPv6.

Some examples and results for both my IPv6 address as well as the registered domain (myIPv6/mydomain).


$ ping6 myIPv6


$ ping6 mydomain

Result: 100% packet loss.


$ traceroute6 myIPv6/mydomain

Result: *** for 30 hops.


$ mtr -6 myIPv6/mydomain

Result: ??? for first 1-9 hosts, host 10 shows myIPv6.ISP, with 99.8% packet loss.

ping6 and mtr seem to work with other domains (e.g., wikipedia.org), but traceroute6 always ends up with most hops showing ???.

My question: Why does myIPv6/mydomain only work in the browser?

I tried setting up openvpn to work with IPv6 (see [SOLVED] Openvpn and IPV6), but I have not been able to get it to work, which I imagine is related to the problems above. I would like to set up other services (e.g., Matrix) to work with my domain, and I hope solving this will help me get the most use out of my FreedomBox (and I imagine it will help others who are behind a carrier-grade NAT as well).

[Edited for clarity and to fix a typo.]

1 Like

Sorry about the unresolved OpenVPN issue. Perhaps it is related to the problems you are facing.

Could you please check if the IPv6 address you have the FreedomBox is a link local address (such as starting with ‘fe80:’)?

Thank you for the quick response! The IPv6 address starts with ‘2a02:’, so it does not seem to be a link local address.

1 Like

One more thought: when IPv6 addresses are given to machines in the network, they are typically exposed on the Internet including IoT devices with poorly-written firmware. So, at least on some routers, the default is to block incoming IPv6 traffic through a simple firewall rule. On my D-Link I remember having to disable this. Since you did not mention disabling a similar option in your detailed report, it is worth a check. This could certainly explain web-allowed-but-nothing-else-is behavior.

@sunil Thank you for the help, and my apologies for the slow response.

What I tried a few weeks ago: There was in fact “IPv6 Firewall Protection” enabled. I disabled it and attempted the above again, with no success.

I wanted to do some searching on my own before replying but did not get around to it until today. However, when I looked at my “Connection information” in the FreedomBox today, I now only have a link-local address (fe80::XXXX:XXXX:XXXX:XXXX), and the domain I registered no longer functions. The IPv6 address I had a few weeks no longer exists!

I do not understand how that could happen. Could the ISP have changed something? More importantly: Is there any other way to get a (non-link local) IPv6 address?

Although many apps work over Tor, it would be great to get full functionality with the FreedomBox.

1 Like

AFAIK, there need to be two things available for your device to get non-link local IPv6 address. Your router should get a non-link local IPv6 address from ISP. Your ISP and router should support DHCP-PD (prefix delegation). With this, your ISP will give you a large subnet of IPv6 addresses (typically /64 subnet) for your router to assign to your devices.

Check that:

  • Your router has a non-local IPv6 address.
  • Your router has DHCP-PD support and it is turned on.
  • Your ISP has support for both.

@sunil Thank you for the help. I contacted my ISP (PYUR) to inquire about the change and they will get back to me.