Diese Website verwendet Cookies, um Dein Surferlebnis zu verbessern. Durch die weitere Nutzung der Website stimmst Du der Verwendung von Cookies zu.   Erfahre mehr.

ipv6 is unreachable

Hi, I can't speak German so I'll write this in English if that's ok.

I need to remotely allow people from work to join an app I'm hosting on my PC but they can't connect. Every test I've done with my ipv6 says that it's unreachable.

I have a 100 MB Unitymedia contract with a DS-Lite router.

I can browse as normal, all my devices at home can access the Internet via Wifi and/or cable.

If I run https://tools.keycdn.com/ipv6-ping, for example, it says that my ip is unreachable.

Things I've tried:
- Disable the router firewall
- Enable a port in Windows in both directions
- Configured the inbound/outbound traffic policy in the router for the same specific port.
- https://ipv6-test.com/ everything seems to be ok.
- the port is opened based on this website: http://www.ipv6scanner.com/cgi-bin/main.py 

Something curious that I realised this morning is that I can only access the app via a kartmobil Nexus 5X mobile I have, but I can't with a Vodafone (Spanish contract) Xiaomi Max 3. Both mobiles had wifi disabled. Tests I've done say that the kartmobil provider supports ipv6, where the Vodafone Spain provider doesn't.

Everyone that has tried to access the app is from abroad Germany. I can't say if this has anything to do with the issue. But because the only device that could join was from Germany maybe it has something to do with the issue.

After a while debugging this issue I can't solve it on my own, so I hope you can help me with this. Thank you.
Speichern Abbrechen
Konnte dir geholfen werden?
  • Ja
Dieser Beitrag wurde geschlossen.
Es ist nicht möglich, Kommentare zu schreiben. Du kannst aber jederzeit eine Frage stellen.
Frage stellen
16 Kommentare
  • Donnerstag, 02.04.2020 um 23:52 Uhr
Hey and welcome,

If u use the Vodafone station u cant connect to the from external. U must have a Fritzbox 6490,6590, 6591 or 6660. Otherwise u need dual Stack from unitymedia.
  • Freitag, 03.04.2020 um 00:07 Uhr
Not sure but sound's to me that he isn't using a Vodafone-Station at all. But I'm not sure whether DS-Lite is the name of the router.

Anyhow. @Manituan. Can you have a look in your router what type (IPv4, IPv6 or both) of WAN internet address is assigned in to your connection?

First step would be to make sure that you can reach your router from the internet (WAN).

If that's the case make sure that on the PC network card IPv4 and IPv6 is enabled.

P.S.: Is the application you are talking about depending on IPv6? Otherwise why not just use an IPv4 address as a workaround.

P.S.: I can confirm that with IPv4 the VFS can be accessed from the internet because I do have a NAS in my LAN which I can easily access from the internet after configuring the port-forwarding.
  • Freitag, 03.04.2020 um 00:09 Uhr
Hey and welcome,

If u use the Vodafone station u cant connect to the from external. U must have a Fritzbox 6490,6590, 6591 or 6660. Otherwise u need dual Stack from unitymedia.

There is no more Unitymedia - as far as I know Unitymedia is now Vodafone😜😜😜😜😜
  • Freitag, 03.04.2020 um 00:54 Uhr
Thanks for the quick response.

I had no idea that Unitymedia is now Vodafone. My router has 4 years now and I got it from Unitymedia. This is a review of the router in case it helps:

When I search for my IP I get both ipv4 and ipv6.

My router settings doesn't allow me to do port forwarding, that's the first thing I tried.

The app can be connected to via ipv4 or ipv6, but because port-forwarding wasn't an option for me I tried the ipv6 approach: [ipv6]:port

That's when I started to be really confused because I couldn't connect from outside my local network.

I've read in some places about dual stack, from Unitymedia. But that's to do port-forwarding on a ipv4 protocol, right? What I'm trying to fix is that my ipv6 is unreachable, or at least understand why this is happening.

My PC network card has both protocols enabled on windows.

Something else I tried was to reset the router to factory settings.
  • Freitag, 03.04.2020 um 01:16 Uhr
Dual Stack is when you are using IPv4 and IPv6 in parallel.

Dual Stack light is when you do have an IPv6 connection and IPv4 traffic is tunneled.

When your router gets assigned an IPv4 and IPv6 address you very likely already do have dual-stack. You can test this via this website below. Look for the field type - moving the mouse over the "?" provides some tooltips.

I'm not very used to IPv6 but I doubt that with IPv6 you can access LAN clients without some kind of port-forwarding because your LAN clients are not known  in the web, aren't they?

And therefore the router needs to know to what client the request should be routed/forwarded. But I might be wrong because I just assume that IPv6 works similar to IPv4 although having a much larger address space - but can't image that the adress space will be sufficient if every device is visible in the web and needs to have a unique address?!

  • Freitag, 03.04.2020 um 02:00 Uhr
Deactivate privacy extensions on Windows. Than make a release on the ConnectBox for this Pc.
  • Freitag, 03.04.2020 um 09:56 Uhr
I am using the UnityMedia Conect Box as well and have external access enabled over IPv6 with no issues. 

still need to configure IP and Port filtering rules: Advanced
Settings->Security->IP and Port Filtering. Create new rules to:

1) Enable Protocol ICMPv6 with source:all and destination:all
2) Enable Port/Protocol for your app with source:all and destination:your internal server ipv6 address.

- this is different from NAT port forwarding you are used to -- your
are actually opening up your internal IPv6 address/port to the outside
world as opposed to opening a port on your router which is then
redirected to your internal, private, IPv4 address.

You can then verify your port is open here: http://www.ipv6scanner.com/cgi-bin/main.py

- anyone trying to connect to your site will need to be using IPv6 as
well. If you are using one of the Cloudflare proxied ports (https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/)
you can sign up for their free level service, switch your DNS to them,
and they will proxy IPv4 clients to your IPv6 server as well.
  • Freitag, 03.04.2020 um 10:22 Uhr
I deactivated privacy extensions on Windows and I released/connected the PC from the ConnectBox.

The thing is that I also have a laptop connected to the Wifi and it has the same issue. I tried this to check if the problem was within the connection or PC.

If I run https://ipv6-test.com/ I see everything green but ICMP and HostName, which are Yellow (Filtered and None).

And if I run https://tools.keycdn.com/ipv6-ping with my ipv6 I get 100% loss on all requests. I've tried other websites to doublecheck.
  • Freitag, 03.04.2020 um 10:35 Uhr
Thank you @WayneV, 

I tried that already and I even used the same website you shared to check if my port was opened, and it was. 

The bit that I was guessing due to the test I did on my mobile and you confirmed is that only ipv6 compatible connections can join me with my current set up. Would that explain why I get 100% loss on all ping tests I do online?

I'll try a proxy to ipv4. See if it works.

  • Freitag, 03.04.2020 um 11:20 Uhr
You can't ping internet sites from your internal net? That should work, providing you don't have any ICMP/ICMPv6 filters internaly:

$ ping -6 2a00:1450:4001:824::200e
PING 2a00:1450:4001:824::200e(2a00:1450:4001:824::200e) 56 data bytes
64 bytes from 2a00:1450:4001:824::200e: icmp_seq=1 ttl=55 time=13.3 ms

Or are you talking external->internal? https://ipv6-test.com/pingtest/
IPv4 will fail there but IPv6 should work.

Keep in mind that your IPv6 address may change regularly and you may have multiple addresses on the same interface. If you want a static address you can enable SLAAC/eui64 addressing - you should then have one IP address which is 64 bits your network + 64 bits your MAC. You can use your SLAAC address for incoming (as it doesn't change) and your non SLAAC will be used for outgoing connections (supposed to help hide your identity)

The Cloudflare proxy works great for http/https.