IPv6 Firewall rules - TL-R605 v1 1.1.1
Starting to play around with IPv6 and it all works so fare very well... although I'm curious if I can find somewhere in the controller settings to adjust/manage firewall rules for IPv6.
Currently ports and services are exposed to the Internet via IPv6, of course I can do host based firewalls, but preferably do it on the router for the whole LAN.
To decrease the attack surface, I currently disabled IPv6 and enable it only when I play around with it.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello @unhappycust0mer
Thank you for your interest in the IPv6 firewall support on our router. I understand how important this feature is for you and appreciate your patience as we work to enhance our product. At this time, I do not have any new confirmed information about whether ER605 V1 will get a firmware update to support this feature.
However, I would like to assure you that your feedback has been forwarded to our development team and they are actively working on solutions to meet our customers' needs. In the meantime, if you require IPv6 firewall support urgently, we recommend exploring alternative solutions that may meet your needs.
Once again, we appreciate your support and feedback on our product, and we will continue to strive towards meeting our customers' expectations.
*Please note that the information provided here is based on the current information we have, it's provided for informational purposes only, not a guarantee or a promise. Any plans are subject to change, the final firmware releases shall prevail.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae are there already routers in the Omada range that do support IPv6?
- Copy Link
- Report Inappropriate Content
Dear @Fae
I really want, require and need a router with good IPv6 support. I can't work and live without IPv6. Period. My problem at home is the ISP ridiculous policy of change the prefix. I need to update DNS records online (one by one because it lacks of prefix update), I need to update all my firewall rules, webservices, and every single service settings which depends on IP addresses. For years I kept avoiding the configuration of some dhcp client-server with prefix delegation support to automate everything.
About 2 years ago I knew about omada. I liked the idea of getting information of my network. Tracking clients on network and a basic SDN tool. TL-R605 was announced and released. IPv6 support on omada was "In development".
With COVID19, work remotely or at home was finally accepted. Internet Providers expanded their fiber networks and I leave the city to country side, after Far-far-far-way, on the second on the left. By this, I could finally work the middle of nothing, test IoT solutions and sensor coverage within nature, above the stars..
Wider house area, outdoor wireless was a MUST and a renewal of the my infrastructure required new tools.
What I really wanted was a good IPv6 gateway/firewall/platform that solve my IPv6 (stupid dynamic) prefix issue. So let's wait a little bit for "In development" IPv6 support on TL-R605 and bring it on, Omada.
I bought a nice Omada switch with POE and outdoor AP. Software Controller installed. Omada up! Frequent updates, new features poping, beta releases, ... it looked like Xmas. Then it was Xmas. And I got the TL-T605 just to check it out. Pretty new features on controller are now available and no more "Router required". Then I discovered this forum and I wanted to get all fresh features, including some "only available on hardware controllers", so bring OC200 on.
- Time passed by. No news on IPv6 support on router.
- Let's check R605 standalone IPv6 support... and it didn't impressed much. Adopted back.
- Let's check stats, client management and dashboards... Oh.. stats are wrong. Then stats fixed but no more switch stats available. Then switch stats were back, but now we need to bare in mind the graphs with numbers like 8 000 000 000 byte axis labels, or switch port stats with weird traffic overview. Oh, vertical axis have MB/s on port 1, 3, 4, 5, and others are B/s and others in kB/s. To get a overview of all network traffic, figure out the the clients abusing bandwidth or flooding multicast and broadcast streams.. not very useful.
- Let's check network map: Oh: only this? [gateway] - [OC200] - [AP + 76 clients].
- Let's see the clients and non-omada switch: What? Where network map go? Wait... zoom in, zoom in, zoom in, .. is there, .. zoom in, zoom in ... Oh, they are all in a flat level. I know that my other managed switches are not adoptable by omada, but my other switches are TP-Link managed switches, with snmp support and enabled, and with other ways to provide switch stats which TP-Link knows very well, ... but no! Flat! Oh, it didn't impressed much.
- Let's check if it recognize TP-Link PLC devices installed and collect their well known stats.. Oh, ... no! Nothing here.
- Let's check clients stats and listing... Nice tables and icons.. it recognize mobile phones, but how to change device type of my watch? And RPi? ... Not possible; tplink devs know better which icons to show about my devices. What? My smartdisplay gone.. but I manage to find it. Darned autorefresh changed the clients list and display changed AP. Found it on a completly different section of controller where it keep history. And f***ing autorefresh update history tables too. Damn it,.. doing horizontal scroll of this tables easly triggers browser "back" or "forward" page. It would be nice to change font size. Oh, I'm starting to get nervous.
No news on IPv6 support on router.
And new beta release... for windows. Nothing about IPv6. Oh.
And new beta release... for linux. TL-R605 is being used as switch, but it's reporting GB of traffic in/out my internet connection. It's only serving OC200,.. Where this volume comes from? Oh.. I'm getting sad.
... new beta release, windows. No IPv6 updates.
... new beta release linux. Hardware controller release soon, by the end of month. recall "only available on hardware controllers"? Idiot, I get the latest good features as last.. eventually only in the next major version because Hardware Controller releases will jump directly to some release which will be released too many time, after windows and linux get more betas.
... and released new great device. OC200 updates? No.
-- beta release to linux. Hardware controller requires omada devices to be upgraded to some new version.
... TL-R605 support for IPv6. news? No. Issues found with dhcp, or VPN, or failed to be readopted..
... TL-R605 beta release, ... but for v2.
... IPv6 news in general? .. No. Router updates? "team is investigating the problem..." Released beta for other routers. New firmware for new great device.
Time passed by. No news on IPv6 support on router.
Time passed by. No news on IPv6 support on hardware controller.
Time passed by. No news on IPv6 at all.
TL-R605 is being used as switch.. for too many time. Days passed by and no IPv6 support. Months passed by... More than a year and I still have the same problem that made me believe on Omada.
I might bought OC200, outdoor AP and other omada devices as impulsive initiatives, so I can't complain. If Omada doesn't fullfills my expectations, .. my bad.
"At this time, I do not have any new confirmed information about whether ER605 V1 will get a firmware update to support this feature."
I think what you said is very serious to costumers trust on TP-Link products. We are not talking about ER605 V1 being able to make coffee, but IPv6 support.
The major upgrade of the key protocol of Internet. IPv4 address space runned out several years ago. One key rule on deploying IPv6 is to plan it from the scratch, never "over existing IPv4 setup" and prune as much possible of old, legacy, taped, patched and hanged with strings IPv4 existing setups.
I took 1 step back to take 2 steps forward and I already prepared and setup a pfsense.
Question: What should I do with my ER605v1? Do you want it back? I would like to get the specific and detailed information about hardware internals
Thank you.
- Copy Link
- Report Inappropriate Content
@Fae " As for whether the updated firmware would be for both v1 and v2 on the ER605 "
lol, we all know v1 will not be getting the update based on past experience but thanks for trying to give us hope. At this point the only thing the ER605 is good for is as a nice stand for a real business class router.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Im extremely surprised this isnt a feature yet. I very much would've expected this to be standard in any router by now, not to mention business hardware.
Personally, I dont have any v1 R605's, but I cant really buy any gateways at all unless this is available.
Which is a bit sad, since it makes the Omada Ecosystem less useful if I cannot also control the Gatway through it.
- Copy Link
- Report Inappropriate Content
Any update on the ipv6 firewall on ER605 v1 and v2 routers?
What's taking so long for your developers implement this on the firmware release?
- Copy Link
- Report Inappropriate Content
I would also like to know why it is taking them so long to implement this on the firmware release? We do not want to be put off any longer.
My ER605 v1 is still waiting for proper IPv6 firewall....
- Copy Link
- Report Inappropriate Content
Also just discovered this.
Moved over to Starlink, so stuck behind CGNAT and wanted to use IPv6 to get around having to use VPS and other fiddly methods to remotely access my home network. Promptly turned IPv6 off once I saw that any IP that was assigned to a device on my network would respond to a ping from the internet. Not happy, why enable IPv6 withouht the security controls to go with it?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 27
Views: 21422
Replies: 84