My FreedomBox is behind a carrier-grade NAT, and thus I can only access it locally, via Tor, or with IPv6. Since many services do not work over Tor, I would be interested in setting up access via IPv6.
I am able to connect to my FreedomBox via the browser (FireFox/Tor, etc.) using https:[myIPv6]. I registered a domain using my Freedombox’s IPv6 and I can also connect with the domain via a browser.
However, various command line tools do not allow me to connect via IPv6.
Some examples and results for both my IPv6 address as well as the registered domain (myIPv6/mydomain).
ping6
$ ping6 myIPv6
or
$ ping6 mydomain
Result: 100% packet loss.
traceroute
$ traceroute6 myIPv6/mydomain
Result: *** for 30 hops.
mtr
$ mtr -6 myIPv6/mydomain
Result: ??? for first 1-9 hosts, host 10 shows myIPv6.ISP, with 99.8% packet loss.
ping6 and mtr seem to work with other domains (e.g., wikipedia.org), but traceroute6 always ends up with most hops showing ???.
My question: Why does myIPv6/mydomain only work in the browser?
I tried setting up openvpn to work with IPv6 (see [SOLVED] Openvpn and IPV6), but I have not been able to get it to work, which I imagine is related to the problems above. I would like to set up other services (e.g., Matrix) to work with my domain, and I hope solving this will help me get the most use out of my FreedomBox (and I imagine it will help others who are behind a carrier-grade NAT as well).
One more thought: when IPv6 addresses are given to machines in the network, they are typically exposed on the Internet including IoT devices with poorly-written firmware. So, at least on some routers, the default is to block incoming IPv6 traffic through a simple firewall rule. On my D-Link I remember having to disable this. Since you did not mention disabling a similar option in your detailed report, it is worth a check. This could certainly explain web-allowed-but-nothing-else-is behavior.
@sunil Thank you for the help, and my apologies for the slow response.
What I tried a few weeks ago: There was in fact “IPv6 Firewall Protection” enabled. I disabled it and attempted the above again, with no success.
I wanted to do some searching on my own before replying but did not get around to it until today. However, when I looked at my “Connection information” in the FreedomBox today, I now only have a link-local address (fe80::XXXX:XXXX:XXXX:XXXX), and the domain I registered no longer functions. The IPv6 address I had a few weeks no longer exists!
I do not understand how that could happen. Could the ISP have changed something? More importantly: Is there any other way to get a (non-link local) IPv6 address?
Although many apps work over Tor, it would be great to get full functionality with the FreedomBox.
AFAIK, there need to be two things available for your device to get non-link local IPv6 address. Your router should get a non-link local IPv6 address from ISP. Your ISP and router should support DHCP-PD (prefix delegation). With this, your ISP will give you a large subnet of IPv6 addresses (typically /64 subnet) for your router to assign to your devices.
Check that:
Your router has a non-local IPv6 address.
Your router has DHCP-PD support and it is turned on.
