This menu has settings for configuring basic IPv6 routing functionality. Settings here affect only routed packets. Generally, IPv6 packets always travel through a FreshTomato router's switch on the LAN, regardless of these settings.

IPv6 Service Type: lets you select the Service Type.

IPv6 has several service types, or “modes” it can use. Some service types partly depend on IPv4 services. Others run independently of IPv4. Ask your Internet provider or search the web to find which type your provider uses.

Depending on the service type you select, various fields may appear, prompting you for appropriate settings.

Options include:

• Disabled *
• DHCP with PD
• Static IPv6
• 6in4 Anycast Relay
• 6in4 Static Tunnel
• 6rd Relay
• 6rd from DHCPv4
• Other (Manual Configuration)

Currently, IPv6 is not supported in MultiWAN configurations. Only the first WAN interface can use IPv6.

[Disabled]: IPv6 is disabled by default. IPv6 traffic will still flow if in access point mode.

[DHCPv6 with Prefix Delegation]

The most commonly-used Service Type, this provides native IPv6 connectivity to your network. If your ISP gives you a prefix with length smaller than 64, this mode lets you assign different IPv6 address ranges to bridges 0 (br0) through bridge 3 (br3). Other common prefixes are 56 or 60. The option to assign IPv6 address ranges for bridge 1 (br1) through 3 (br3) is available only for bridges that already exist. Check your settings in the Network menu to learn more.

Example Configuration: German Telekom

German Telekom supports a dual-stack setup of IPv4 and IPv6. For most consumers, it provides a default prefix length of 56. A prefix length of 64 (FreshTomato default) also works. However, with a 64 prefix, it's not possible to assign different IPv6 address ranges to bridges 1 (br1) through 3 (br3).

Other options exist in this mode. If the prefix is smaller than 64, and bridges 1 through 3 exist, you can enable subnets for those bridges.

See the image below for details:

[Static IPv6]

This mode is similar to Static IP mode in IPv4. You must enter the IP address and other settings into this menu. Your ISP provides these settings.

[6to4 Anycast Relay]

6to4 is a transitional protocol for migrating from IPv4 to IPv6. 6to4 acts as a transparent transport layer between IPv6 nodes. It allows IPv6 packets to be transmitted over an IPv4 network, such as the Internet, without having to configure explicit tunnels. 6to4 hosts and networks communicate with native IPv6 networks via Special relay servers, known as “6to4 Anycast Relays”.

Note that 6to4 does not support communication between IPv4-only hosts and IPv6-only hosts.

6to4 Anycast Relay performs these functions:

1. Assigns a block of IPv6 address space to any host
   or network with a global IPv4 address.
2. Encapsulates IPv6 packets inside IPv4 packets for
   for transmission over an IPv4 network using 6in4.
3. Routes traffic between 6to4 and “native” IPv6 networks.

[6in4 Static Tunnel]

This static VPN tunneling protocol allows IPv6 traffic to be transmitted over IPv4-only infrastructure. It's also known as “proto-41 static”. This is because it has been designated IP protocol 41 and because each endpoint must be explicitly configured.

6in4 Static tunnels IPv6 packets inside IPv4 packets. It's a transitional protocol, to help us get through the transition to all IPv6.

Generally, 6in4 static uses a tunnel broker, a third-party service that provides an encrypted tunnel between you and your destination (ISP). Probably the most common tunnel broker is tunnelbroker.net. If you use a tunnel broker, you must set up a free account on their website before using 6in4 Static.

Example Configuration through Tunnelbroker.net

This example uses tunnelbroker.net to create a standard tunnel.

1. Login to tunnelbroker.net and click “Create a Regular Tunnel”.
   
   
2. On the “Create New Tunnel” page, enter your router's current IPv4 WAN address
   into the “IPv4 Endpoint (Your Side)” field.
   
   
3. Tunnelbroker.net tries to detect your current IPv4 WAN address, and displays it
   after the words: “You are viewing from:”. If it's correct, copy and paste it into the
   “IPv4 Endpoint address” field.
   
   
   
   
   
   1. The bar under IPv4 endpoint should display: “Checking…”, then turn green.
      It should then display: “IP is a potential tunnel endpoint.” An ICMP reachability
      test passed. If it doesn't, and reports ICMP is blocked to that address, you must
      go to FreshTomato's Firewall menu, and enable WAN interfaces respond to ping
      and traceroute. This will allow FreshTomato to respond to tunnelbroker.net's
      ICMP test to check
      its connection to your router.
   2. Select the closest city to your router from the list.
   3. Click Create Tunnel.

You should now see the Tunnel Details webpage shown below:

By default, tunnelbroker.net assigns your routed endpoint a routed IPv6 prefix of /64. This lets your endpoint act as the router for your netblock, and use RA/SLAAC or DHCPv6 to assign IP addresses from this allocation to your LAN.

Now, enter the corresponding data from Tunnel Details into FreshTomato:

1. Select the 6in4 Static Tunnel IPv6 Service Type.
   
   
2. Copy the Routed /64 address from Tunnel details and paste it in the
   FreshTomato Assigned/Routed Prefix field.
   
   
3. Select a Prefix Length of 64. You can sign up for other prefix lengths.
   
   
   
   
   
   
4. Leave the IPv6 Router LAN Address at the Default.
   
   
5. In the first Static DNS field, enter the Anycast IPv6 Caching Nameserver address in Tunnel Details.
   
   
6. In the second Static DNS field, you can (optionally) enter an external DNS server address.
   
   
7. If you want clients on your LAN to be able to autoconfigure IPv6 addresses, check that
   IPv6 Router Advertisements are enabled in DHCP/DNS/TFTP.
   These configuration options only appear when IPv6 is enabled.
   
   
8. From Tunnel Details, copy the Server IP4 address and paste it the Tunnel Remote Endpoint field.
   
   
9. From Tunnel Details, copy the Client IPv6 address and paste it the Tunnel Client IPv6 address field.
   
   
10. Leave Tunnel MTU and Tunnel TTL at their defaults. Click Save.
    
    
11. If your IP address is dynamic, you must use DDNS to update the “Client IPv4 Address” automatically when it changes. For an example, see this thread: https://www.linksysinfo.org/index.php?threads/setting-up-ipv6-for-he-tunnelbroker.35297/

For more details, see tunnelbroker.net's tutorial for creating tunnels: https://ipv6.he.net/presentations.php

[6rd Relay]

Fix Me

[6rd from DHCPv4 (Option 212)]

Fix Me.

[Other (Manual Configuration) ]

Debug

Checking this sets the Detail level in Logging to the Debug Level. This causes it to log all messages of debug level or higher.

IPv6 DUID Type

Every DHCP client/server has a DHCP Unique Identifier. The DHCP server uses this to identify clients for the selection of configuration parameters.

Options:

• DUID-LL (default) - uses the LAN (eth0) MAC address and will not
  change over time.
• DUID-LLT - uses the LAN MAC address, but in addition, will include
  time value, and will change on every reboot/reconnection of the WAN interface.

You can see the DUID type currently in use in the Overview menu. Support for DUID Type started in release 2022.4. Fixed DUID types and custom DUIDS are not supported.

Prefix Length
The network prefix is analogous to an IPv4 subnet mask. It represents the network portion (most significant bits) of the address. The leading bits are identical on all hosts on your assigned network.

Other options commonly used include 56 bits. (Default: 64).

Request PD Only
This setting should be enabled for ISPs that require only a Prefix Delegation. This is usually PPPoE-authenticated DSL or fiber connections.

Do not allow PD/Address release

Enabling this prevents DHCP6 clients from sending a release message to the ISP when disconnecting. With this set, the client is more likely to receive the same allocation on subsequent requests.

Support for this option started in release 2022.4.

Add default route ::/0
IPv6 Router Advertisements (through IPv6 ICMP on the WAN interface) will add the default route. As a result, this option is usually required. However, some ISPs, such as Snap (NZ), or Internode (AU) may require you to specify the default route / workaround.

See also Linksysinfo.org: IPv6 and Comcast

Static DNS
FreshTomato users can specify DNS server addresses. For example, if you are using DHCPv6 with PD on the ISP German Telekom, DHCP will automatically provide two IPv6 DNS server addresses. However, you can still manually add static DNS addresses if you wish.

Examples:

• 2001:4860:4860::8888 (Google public IPv6 DNS Server)
• 2001:4860:4860::8844 (Google public IPv6 DNS Server)

Accept RA from

This function will cause Tomato to accept IPv6 Router Advertisements.

Options:

• WAN - FreshTomato will accept IPv6 router advertisements
  on the WAN interface.
• LAN - FreshTomato will accept IPv6 router advertisements
  on the LAN interface.

When using DHCPv6 with Prefix Delegation, this option is enabled on the WAN interface. It can't be disabled, as it is necessary for that service type.

IPv6 is still new to many people and can be quite different from IPv4. Here are some good sources for learning IPv6 basics:

Network Lessons: Introduction to IPv6

https://networklessons.com/ipv6

Professor Messer: Assigning IPv6 addresses

Professor Messer: Network Plus-IPv6 Addressing