This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.TP-Link Archer A6(US)_V2 IPv6 firewall doesn't work
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Before I mention about the IPv6 firewall issue.....I would like to give a feedback on Archer A6 Internet LED refuses to change from orange/red to green after enabling IPv6 and router IPv6 firewall doesn't work. Steps to reproduce, begin by logging into the router:
1) Advanced, Network, Internet, IPv4, Internet Connection type :PPPoE............Next, expand the 'Advanced' and enter custom Primary and Secondary DNS (in my case, I select cloudflare DNS 1.1.1.1 and 1.0.0.1), Save
2) Advanced, Network, IPTV/VLAN, Settings, check "Enable IPTV/VLAN", select Mode: Malaysia-Unifi (my ISP).
3) Advanced, Security, Settings, ensure SPI Firewall is enabled. Both 'Ignore Ping Packet From WAN Port' and 'Forbid Ping Packet From LAN Port' are checked.
4) Advanced, UPnP......disabled UPNP
5) Advanced, IPv6, enable IPv6, selecting PPPoE, checked 'Use the same session with IPv4 connection. Expand 'Advanced', Select SLAAC at 'Get IPv6 Address', enable 'Prefix Delegation', using custom IPv6 DNS 2606:4700:4700::1111 and 2606:4700:4700::1001. Finally Save.
6) Reboot the router.
Now then, problems. As I wrote before, the Internet LED refuse to change from orange/red to green after enabling IPv6 (I verified IPv6 Internet connectivity is successfully established). In addition, with IPv6 enabled, the 'Check for upgrade' section at System Tools, Firmware Upgrade will always return 'No Internet Connection'. Please fix these issue.
Note: I had upgraded the Archer A6 v2.0 firmware to 1.1.2 Build 20190403 rel.65811(5553) in which the changelog mentioning something about Improve the security of device that doesn't fix the IPv6 firewall at all......
Moving on to IPv6 firewall......
Instead of the A6 router IPv6 firewall filtering out the uninitiated inbound connection, my software firewall (Comodo firewall) is hit with port scans by random devices. I run a port scan test using https://ipv6.chappell-family.com/ipv6tcptest/ and my Comodo firewall is receiving and blocking all those port scan attempts. You can see the comodo log in picture below.
Comodo firewall is sure doing a good job here.
If I use my previous C1200, the Comodo Firewall will not even be hit by IPv6 port scans at all as the C1200 router will filter it off before reaching my devices.
Thing is looking bad for my android based phones with Archer A6:
If I use Archer C1200, the page will show all green STLTH on my android phones on IPv6 connection.
It get worse. I run another IPv6 port scans on Archer A6 Global IPv6 Address (the router IPv6 address) directly using http://www.ipv6scanner.com/cgi-bin/main.py and this is what I found out.
Seriously? Port 22 and 53 are open?
Compare the result above with Archer C1200 below;
This is clear Archer A6 IPv6 firewall doesn't not function properly. I sent an email to TP-Link support on 4 April 2019, but there is no further reply other than automated message with "TPLINK SUPPORT #182050". The latest firmware published on 2019-04-17 Archer A6(US)_V2_190403 1.1.2 Build 20190403 rel.65811(5553) doesn't fix the IPv6 firewall and the Internet LED status.
Any idea what should I do next?
Update:
May 10, 2019.
Received an email from TP-Link
[quote]
Thank you very much for using TP-Link Product
Hi Sir
1.Can i know your web management portal status internet was showing Exclamation mark ,when status conformations for ipv4 and ipv6 was working?
2.May i know did try to visit ipv6-test.com for confirm ipv6 is working?
[/quote]
Thus, I sent several screenshots on the 'Basic' menu screenshot, 'Advanced'-->Status for IPv4 , 'Advanced'-->Status for IPv6 as well as screenshot of https://ipv6-test.com/ as requested by TP-Link support team.
May 13, 2019.
Received another reply from TP-Link
[quote]
Thank you very much for using TP-Link Product
Hi Sir
Thanks you information.
May you try restart your router?
After restart still same, please try open CMD and try key in the ipconfig/release6---ipconfig/renew6
[/quote]
............I was like......
.......what make the team think I never restart the router? I had been restarting, hard resetting, reconfiguring several times before and it doesn't fix anything.....and those two ipconfig commands only renew global IPv6 prefix address for devices with Microsoft Windows......it is clear from my first post that the issue lies with the A6 firmware and not my devices.
I received another e-mail response from TP-Link. I had replied with additional feedback on the Internet LED issue. Please check the email reply.
In case if the image attachment doesn't go through the email server, here a copy of the IPv6 DNS settings that affect Internet LED status and online firmware upgrade checker status.
Selecting "Get dynamically from ISP" = Internet LED changed to green and online firmware upgrade checker works!
Selecting "Use the following DNS addresses" and manually enter Google, Cloudflare and my ISP IPv6 DNS = Internet LED stuck at orange and online firmware upgrade checker doesn't work.
Note: Even with "Get dynamically from ISP" being selected, IPV6 firewall still doesn't work.......
Will be waiting for status update for the IPv6 firewall. Thank you.
Bump.
Just noticed there is new firmware being released at TP-Link website.
Archer A6(US)_V2_190712
Updated to it immediately and it displays 1.1.3 Build 20190712 rel.56946(5553)
......it still exhibits same problems with IPv6 enabled (ipv6 firewall issue, Internet LED not changing color to green with ipv6 enabled with custom ipv6 dns, unable to check for firmware upgrade at router interface). Basically, the new firmware doesn't fix any of the reported issues at all.
