0

I have a Perforce server (Ubuntu 18.04) at home, and since Starlink finally showed up, I want to set it up so other people can synch with it over my sat uplink instead of my slow CenturyLink DSL.

Problem 1: Starlink is behind a CGNAT. I thought I could use dynamic DNS with the DSL connection to connect a public domain name to the server and have it do the heavy lifting outbound over Starlink, but nope. BUT, Starlink can apparently do static IPv6 (with some wrangling). So I'll try IPv6.

Problem 2: I have absolutely no clue how to request a public DHCPv6 assignment to that server, since it will be behind a router (Netgear R8000 with dd-wrt) that will HOPEFULLY be set up for failover from Starlink to the DSL connection. I have a big old cedar tree that blips the sat uplink about once a minute, failover is gonna be a thing.

I have the server accessible to the outside via looking up its current IPv4 and port forwarding in the router, and I got the router to hand the server a local DHCPv6 IPv6 address... I'm just at a loss how to config all this to have the server get a public IPv6 that is reachable from WAN.

Target config:

Inbound ISP: Starlink (CGNAT IPv4, fixed IPv6) / DSL (dynamic IPv4)

Both go to: Netgear R8000, dd-wrt, setup for failover from Starlink to DSL

Server (Ubuntu 18.04), static IPv6, port 1666 for Perforce. If it helps solve things, this server has dual ethernet cards.

Improve this question
4
  • Is the router set up to do DHCPv6-PD requests? It is supposed to get a public IPv6 prefix for the entire LAN.
    – grawity_u1686
    Commented Jul 15, 2022 at 21:50
  • That's a really good question that I have no idea how to answer because we're past the edges of what I know about IPv6. Let's say I do the googling to figure out where to poke the router to make it do that. Do I also have to do anything to make the server (with its own IPv6) visible to the outside world beyond the router, like with port forwarding from a router's single WAN-side IPv4 address to a LAN 192.x.x.x machine, or do the inbound packets from the WAN just get routed to me via that allotted prefix and my router sorts them to local machines by full address?
    – GarageBay9
    Commented Jul 15, 2022 at 21:59
  • There should be no port-forwarding needed, as the server will get its own public address (from the LAN /64 prefix that your router gets via DHCPv6 Prefix Delegation/PD) and your clients just directly connect to that, from both inside and outside. But in many cases you might still need to add a firewall "allow" rule on the router. (Firewalls exist in IPv6 just like they do in IPv4, even if without NAT.) That said, I have no idea about how prefix delegation is configured in DD-WRT, and I have no idea if there might be something unusual about how it works with Starlink.
    – grawity_u1686
    Commented Jul 16, 2022 at 7:54
  • Got it. At least I know which direction to start researching in - thank you! Now I have to figure out how to have my PiHole do DNS filtering for everything, but only IPv4 internal DHCP, and leave IPv6 DHCP to the PD process. I think that question is headed to the Pihole team's subreddit, though...
    – GarageBay9
    Commented Jul 16, 2022 at 16:52

1 Answer 1

Reset to default
1

I have the server accessible to the outside via looking up its current IPv4 and port forwarding in the router, and I got the router to hand the server a local DHCPv6 IPv6 address... I'm just at a loss how to config all this to have the server get a public IPv6 that is reachable from WAN.

In general, IPv6 on consumer ISPs works like this:

  1. Your router makes a DHCPv6 "Prefix Delegation" request to the ISP (also called IA_PD or DHCPv6-PD) and receives a public /64 prefix for use on your LAN.

    (Depending on ISP, usually it can request a shorter prefix with more subnets, e.g. a /56 per customer with 256×/64 subnets is the usual recommendation for residential ISPs.)

  2. Your router configures that prefix on the LAN interface (alongside 192.168.1.1, and alongside the private 'fdXX' prefix that some routers have by default) and starts issuing public addresses to LAN hosts, either via SLAAC (Router Advertisements) and/or regular DHCPv6.

  3. The server now has a public IPv6 address that you can put in DNS (and so does every other LAN device), so there is no port-forwarding needed. To actually accept inbound connections, however, you usually still need to allow the server's address in the router's firewall (forward filter) rules.

Exactly how step 1 works can vary depending on the ISP. I don't know anything about whether there's anything special needed for Starlink, or whether it should just work – consult other sources (r/ipv6, etc).

Note that having a massive address space doesn't prevent ISPs from trying to give you a "dynamic" address. In theory, as long as your router keeps sending the same DUID within the IA_PD request, it should keep getting the same prefix every time... but that's not always guaranteed. Some ISPs deliberately reserve that for their "business" plans.

And If you have multiple ISPs with IPv6 – well, "multi-homing" is still kind of an unsolved problem, even though it is slightly better in IPv6 than in IPv4 (NAT aside). Normally you would be supposed to get separate public prefixes from both ISPs, with the server having an address from each ISP, and then the router should use "source-based routing" to send outbound packets through the correct ISP (Linux can do this, so dd-wrt should as well). Sometimes you do have to resort to 1:1 NAT from both public /64 prefixes to the private 'fdXX' /64 prefix.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .