cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1,612 Views
Message 1 of 18

Smarthub 2 creates pinhole for wrong IPv6 address

My Linux box configures two IPv6 addresses - one appears to be always the same and has the "noprefixroute" flag, and therefore cannot be accessed externally; the other is new every boot-up and is the one intended to be externally accessible.  The Smarthub 2 should create a pinhole for the second, but most often creates it for the first, which means it is not accessible from outside.

This is a problem when I need to use certbot to renew certificates, because port 80 (or 443) must be accessible from outside to respond to the ACME challenge.

The Smarthub 2's interface is dumbed down to the point of unusability - I can't change the address of an IPv6 device, nor can I add a device with an IPv6 address that I choose.

Does anyone know a solution?

0 Ratings
Reply
17 REPLIES 17
1,594 Views
Message 2 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

I cant answer the original question but surely with that sort of requirement you would be better off using your own router so you can see what is actually going on whilst also completely open configuration. I cant imagine when the Hub2 was put together the concern was around folks utilizing IPV6, more like just folks switching it on and forgetting about it.

Anyway, surely if an IP you want to access externally keeps changing thats problematic anyway, you cant forward ports to an internal IP that keep changing, is that what you are saying, that you cannot set a static IP in the Router for IPV6?

If so why dont you just set the IP address on the linux box manually and take it out of the DHCP range on the router?

 

-----------------------------------------------------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,587 Views
Message 3 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

I don't need a static IPv6 address; I have dynamic DNS (free) which I can update on every boot-up of the Linux box. So all I need is the Smarthub to either respond to only the correct one (preferably), or to allow me to add a device with the other address (less desirable because it requires manual intervention on every boot-up of the Linux box).
0 Ratings
Reply
1,576 Views
Message 4 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Sorry, I'm lost.

Are the IPV6 addresses internal (LAN) or external?

I use dynamic DNS for my PPPOE IP4 address, just to update an A record when BT ever give me a different address, so I can always find my LAN from an external DNS record, then my router will port forward based on what I tell it to to fixed local addresses.

So I just dont think I understand your scenario or setup or expectation. 

-----------------------------------------------------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,565 Views
Message 5 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

The internal IPv6 address is irrelevant; it would never be accessible from the outside world.
The addresses I'm concerned with are external ones.
To update SSH/TLS certificates, I have to run certbot, which makes Let's Encrypt issue ACME challenges to verify that I own the domain in question. These challenges come in from several sites in the outside world. Hence certbot must be accessible from the outside world via port 80 or 443 for a few seconds while it responds to the challenges. The easiest way is to leave the chosen pinhole permanently open; certbot is only invoked for a few seconds while doing the update.
For more context, maybe it would help if you search the Internet for certbot, ACME challenge, and Let's Encrypt. The trouble is that I know how it works, so I probably take some particular knowledge for granted, i.e. I don't know what you don't know!
0 Ratings
Reply
1,557 Views
Message 6 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Mate your first paragraph is about IPV6 addressing and how it can or cannot be accessed externally, you go on to mention pinhole, another name for port forwarding right? Sounds like a typical external IP to internal IP port forward question at that point.

But youre right, the rest I do not know and I wont know more than you it seems so will leave it there.

-----------------------------------------------------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,549 Views
Message 7 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Thanks for trying. Port forwarding is really an IPv4 concept. IPv6 means each device can have an externally accessible IPv6 address, and the firewall opens a pinhole for a port (or a range of ports) for that IPv6 address, which are forwarded without translation. So IPv6 is in some ways simpler than IPv4.
1,534 Views
Message 8 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Now that is a very simple way of explaining IPV6.

-----------------------------------------------------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,528 Views
Message 9 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Presumably as the publicly routeable IPv6 address is dynamic, the Hub pinhole has to track it from the device name rather than being able to enter an IP address.

I'm not sufficiently familiar with Linux, but can you give the publicly routeable address a unique name so the hub doesn't get confused.

0 Ratings
Reply
1,523 Views
Message 10 of 18

Re: Smarthub 2 creates pinhole for wrong IPv6 address

Are you using Stateful or Stateless addressing.

0 Ratings
Reply