being a networking expert with nearly 20 years of experience with running IPv6 networks I appreciate that Teltonika devices seem to use IPv6 by default. However, I would like to see this network configuration.
One of the RUTX08 devices that I manage has decided to choose an IPv6 ULA prefix, configure itself to be a nameserver (most interestingly NOT a router) and to announe that prefix and itself as nameserver. Since it doesn’t know about the site’s split DNS setup, this has broken DNS for the better part of the internal network of that site and some of the system administrators are now even more opposed against iPv6 as they were before: It only causes trouble!
Where in the web interface (and, optionally, in the RMS) would I see that ULA prefix and would be able to disable it? Where would I disable the announcement of the prefix and the DNS service?
I am sorry for not returning to this any earlier. I now learned that the firmware 7.18.3 distributes IPv6 UL Addresses (RFC4193) by default in the factory settings. The firmware seems to automatically choose an address space, configure this and distributes those addresses to clients.
This is not immediately visible in the WebUI.
Strictly speaking this is compliant with RFC4193, since the RFC doesn’t forbid enabling ULA setup automatically. However, this might cause incidents in the LAN of different magnitiude, reaching from annoyances like non-fitting DNS entries, to outages like in our case where the Teltonika router distributed itself as a recusive DNS server but was not configured to know about the internal DNS zones, to fully-fledged security incidents in case of default “allow-all” IPv6 acls on devices that had IPv6 enabled accidentally as well without administrators taking care of network security as they did for IPv4.
As a networking professional with more than a decade of operational IPv6 experience I recommend strongly that your devices stop distributing arbitrarily chosen IPv6 ULA Prefixes to clients in their default configuration. It is okay to distribute global IPv6 addresses IF the upstream offers IPv6, but it is a decidedly bad idea to automatically configure IPv6 UL Addresses by default.
To make things worse, your devices announce that prefix with unlimited lifetime (preferred lifetime: “infinity”) so that it needs manual intervention on every node that has processed the router advertisement to get rid of the unwanted IPv6 configuration. I can send you a pcap from the LAN interface to describe. Wireshark screenshot attached.
Judging from the other parts of your WebUI not being quite IPv6 ready¹ I’d say that enabling this is premature. Please reconsider this decision.
(and this is hidden behind an “advanced” switch and off by default)
To get rid of those announcements, one needs to to go Network > LAN > Edit and turn off “Enable DHCPv6” on the “General Settings” tab which is On by default.
¹ For example, there is no possibility to configure my own IPv6 prefix on the LAN interface - I might already HAVE an ULA prefix
I have relayed your suggestion to disable distributing IPv6 addresses by default to our research and development team. Once I receive feedback from them, I will get back to you.
Thank you. From my part this is considerd finished. I have said everything I have to say and now it is your job to take a wiser decision that the current one. If your engineering department has more questions how to handle IPv6 on your devices, I am eager to help.
