I have had an EdgeRouter for years, and recently got moved onto the nbn™. Aussiebroadband seemed to be a good choice for me, being referred to as the “new iiNet” on the forums. I figured I should give them a try.

One thing I noticed when in the days before signing up was that there is an IPv6 beta. Naturally, I immediately signed up. This post is an explanation of how to get IPv6 working on your EdgeRouter.

Firewall

These rules stop connections to devices behind the router. ICMP is important to allow connection management in IPv6, so needs to be allowed through the firewall.

set firewall ipv6-name WAN_IN6 default-action drop
set firewall ipv6-name WAN_IN6 rule 10 action accept
set firewall ipv6-name WAN_IN6 rule 10 description 'Allow established/related'
set firewall ipv6-name WAN_IN6 rule 10 log disable
set firewall ipv6-name WAN_IN6 rule 10 state established enable
set firewall ipv6-name WAN_IN6 rule 10 state related enable
set firewall ipv6-name WAN_IN6 rule 20 action drop
set firewall ipv6-name WAN_IN6 rule 20 description 'Drop invalid state'
set firewall ipv6-name WAN_IN6 rule 20 log disable
set firewall ipv6-name WAN_IN6 rule 20 state invalid enable
set firewall ipv6-name WAN_IN6 rule 30 action accept
set firewall ipv6-name WAN_IN6 rule 30 protocol ipv6-icmp
set firewall ipv6-name WAN_LOCAL6 default-action drop
set firewall ipv6-name WAN_LOCAL6 rule 10 action accept
set firewall ipv6-name WAN_LOCAL6 rule 10 description 'Allow established/related'
set firewall ipv6-name WAN_LOCAL6 rule 10 log disable
set firewall ipv6-name WAN_LOCAL6 rule 10 state established enable
set firewall ipv6-name WAN_LOCAL6 rule 10 state related enable
set firewall ipv6-name WAN_LOCAL6 rule 70 action accept
set firewall ipv6-name WAN_LOCAL6 rule 70 description 'Allow IPv6 icmp'
set firewall ipv6-name WAN_LOCAL6 rule 70 protocol ipv6-icmp
set firewall ipv6-name WAN_LOCAL6 rule 80 action accept
set firewall ipv6-name WAN_LOCAL6 rule 80 description DHCPv6-PD
set firewall ipv6-name WAN_LOCAL6 rule 80 destination port 546
set firewall ipv6-name WAN_LOCAL6 rule 80 protocol udp
set firewall ipv6-name WAN_LOCAL6 rule 100 action drop
set firewall ipv6-name WAN_LOCAL6 rule 100 description 'Drop invalid state'
set firewall ipv6-name WAN_LOCAL6 rule 100 log disable
set firewall ipv6-name WAN_LOCAL6 rule 100 state invalid enable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable

Interface Definitions

This assumes the internet is on eth0 and the LAN interfaces is eth1.

The no-dns statements ensure that the DNS servers from Aussiebroadband aren’t propagated through to your devices. Delete these statements if you don’t have your own internal DNS server.

set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 dhcp-options default-route update
set interfaces ethernet eth0 dhcp-options default-route-distance 210
set interfaces ethernet eth0 dhcp-options name-server no-update
set interfaces ethernet eth0 dhcpv6-pd no-dns
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth1 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth1 no-dns
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth1 prefix-id 1
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth1 service slaac
set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length /56
set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 firewall in ipv6-name WAN_IN6
set interfaces ethernet eth0 firewall local ipv6-name WAN_LOCAL6
set interfaces ethernet eth1 address dhcpv6

And that’s it! Your devices should soon have an IPv6 address. You can test your IPv6 connectivity at:

You should be able to get full marks from both of these websites.

And you should be able to load the IPv6-only website https://ipv6.google.com