Fritz!Box general

From SixXS Wiki
Jump to: navigation, search

Prerequisites

In order to get IPv6 working with your Fritz!Box you need to take the following steps on the SixXS website:

  • First create a SixXS account.
  • Request a heartbeat tunnel..
  • Use the routed per default subnet

If you have a real static public IPv4 address, one could on newer firmware (06.01+) also sett up a 6in4 tunnel. See Fritz!Box 7390 6in4 for details. Note though that a heartbeat tunnel is a 6in4 tunnel with some very lightweight signalling of your current IPv4 address. As such, using heartbeat and configuration using TIC is very easy and works with dynamic IPv4 addresses; this while a static 6in4 tunnel is static and thus does not work for long with dynamic addresses.

Supported Plattforms

Model Firmware / Date Support
3270 ? yes
3370 ? yes
6360 85.05.09 (cable/unitymedia)

12.03.2012

yes
7170 any no
7240 74.04.86 yes
7270 (v1) any no
7270 (v2, v3, international) 74.04.86

74.04.88 74.05.05

yes
7312 05.50 yes
7320 ? yes
7330 (1&1 HomeServer) 06.21 yes
7340 ? yes
7360 06.20 yes
7390 74.04.86 yes
7490 05.59 yes
7570 AVM does not longer (Jan 2014)

provide support for this device.

yes


Additionally, you need either a Fritz!Box 7270, 7240 or 7390 with Firmware version at least 54.04.81-17599 (international version) or 74.04.86 (german version) (available as of Sep, 16th 2010). Firmware xx.04.86 isn't yet available for the international version, but you can get the FRITZ! Lab IPv6 firmware from The AVM service site.

Currently (Sept 2010) there is no other Fritz!Box supporting IPv6 other than the ones mentioned above. Statements from AVM suggest that there will be no IPv6 support on older Fritz!Box models.

20 April 2011: Updated Firmware for many AVM devices now includes IPv6 support: Complete list of devices: AVM Fritz!Box WLAN 3270 and 3370, FRITZ!Box Fon WLAN 7240, 7270 (only v2, v3 and international, no IPv6 on 7270 v1), 7320, 7340, 7390 and 7570

April 8th, 2012: The newer german Firmware 74.04.88 (at least for the 7270v3) does provide native IPv6 as well as multiple tunneling methods: automatic (try native, then "6to4"), "6to4", "6RD", "SixXs", "6in4". I had no luck on one client with "automatic" and "6to4" (ISP: Netaachen/Netcologne): the box does not display the DNS servers in the summary on the configuration page, so I thought that DNS doesn't work properly and requested a SixXs tunnel to try this instead. It now turned out that this was in fact a browser issue: "my" Firefox had disabled IPv6 lookups; no DNS servers being displayed on the web interface does not mean that there aren't any reachable.

Feb 2th, 2014: Current firmware (06.02-beta, 7490) allows to route PING-6 for selected hosts. Also, all IPv6 traffic can be directed to one host bypassing the router's firewall.

Configuration

FritzboxHowto.jpg

After you have a heartbeat tunnel and a subnet attached to it, log in to your Fritz!Box. See screenshot for detailed instructions.

German Firmware UI

  • Go to Einstellungen -> Internet -> IPv6.
  • Select Unterstützung für IPv6 aktivieren.
  • Select IPv6 über einen SixXS-Tunnel nutzen.
  • Enter your username, password and tunnel ID.
  • Click Übernehmen.

German Firmware UI 74.04.88

  • Menü Internet -> Zugangsdaten.
  • Reiter IPv6
  • Haken bei Unterstützung für IPv6 aktiv
  • Auswahl Immer ein Tunnelprotokoll für die IPv6-Anbindung nutzen
  • Auswahl SixXS
  • Eintragen: Benutzername, Kennwort, Tunnel-ID
  • Anklicken: Übernehmen

English Firmware UI

  • Go to Settings -> Advanced Settings -> Internet -> IPv6.
  • Select Enable support for IPv6.
  • Select Use IPv6 via a SixXS tunnel.
  • Enter your username, password and tunnel ID.
  • Click Apply.

You have to set you password on the tunnel status page in your SixXs home page. The username is like the one mentioned on the tunnel status page (userid/tunnel-id).

Both Languages

FritzboxConntected.jpg

Now the Fritz!Box will reset and should come up with everything working. The startscreen will show IPv6 connected when ready.

Note for FritzBox 7390 and FritzBox 7270 users

Attention - FritzBox 7390 users and FritzBox 7270 users (with V 74.05.06 software), and maybe others as well, must use a different syntax for the username: it is your SIXXS username followed by a slash and your tunnel ID, as in AAA1-SIXXS/T12345.

Regarding the password, you must not use the password sent by email when you registered your SIXXS username but the TIC password that can be setup on your Tunnel Information Page at sixxs.net/home/tunnelinfo/?T##### (T##### is your tunnel number). This page is accessed from the Details Box of the Tunnel Listing on your homepage.

This applies to my Swiss (.ch) FritzBox 7390 using the english language firmware, but has also been reported for the German FritzBox on the forum as fritzbox username problem

Note for the 7270v3 with firmware 74.04.88: The router will not reboot after entering the IPv6 configuration data, it will be activated on the fly.

Clients

Make sure to renew the DHCP lease on your local clients, as you won't get a working IPv6 address otherwise.

Testing

On Linux and Mac OS X you can test your Tunnel with ping6

$ ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2a01:xxx:xxx::xxx:xxx:xxx:xxx --> 2001:4860:a003::68
16 bytes from 2001:4860:a003::68, icmp_seq=0 hlim=59 time=51.396 ms
16 bytes from 2001:4860:a003::68, icmp_seq=1 hlim=59 time=56.082 ms
16 bytes from 2001:4860:a003::68, icmp_seq=2 hlim=59 time=56.018 ms
16 bytes from 2001:4860:a003::68, icmp_seq=3 hlim=59 time=64.578 ms

On Solaris and OpenSolaris normal ping does ipv4 and ipv6 so you can just use ping for the same test.

Also, you can see your IPv6 address here: http://www.ipv6forum.com/test_ipv6.php

DHCPv6 and Router Advertisments

Enabling IPv6 will enable a DHCPv6 server on the Fritz!Box. As of Fritz!OS 6 the integrated DHCPv6 server can be controlled via Networksettings/IPv6 Addresses. There you have three options when disabling the DHCPv6 Server:

  1. There are no other DHCPv6 servers in the home network. = The M and the O flag in the router advertisement messages of the FRITZ!Box are disabled.
  2. Enable the O flag in the router advertisement messages of the FRITZ!Box = O flag only. The enabled O flag transmits the information that there is a DHCPv6 server in the home network, and that IPv6 settings can be obtained from this server, but not the IPv6 address.
  3. Enable the M and the O flag in the router advertisement messages of the FRITZ!Box. = This setting enables the M and O flags in the router advertisement messages of the FRITZ!Box. These two enabled flags transmits the information that there is a DHCPv6 server in the home network, from which the IPv6 address and other IPv6 settings can be obtained.

Cf. http://service.avm.de/help/en/FRITZ-Box-Fon-WLAN-7490/012/hilfe_ipv6_settings


For older versions these information may still be useful:

Enabling IPv6 will (firmware 54.04.86) unconditionally enable a DHCPv6 server on the Fritz!Box. There does not appear to be a way to disable the server (e.g. if you already have a DHCPv6 server on your local network).

The DHCPv6 server will provide the address of the Fritz!Box as the Recursive DNS Server IPv6 address.

The parameters of the router advertisement messages sent by the Fritz!Box can't be controlled. Currently (firmware 54.04.86) they are hard-coded to:

  • Disable stateful (DHCPv6) address configuration
  • Enable stateful configuration of other parameters
  • Enable autonomous address-configuration for the advertised prefix

For those who have enabled telnet on Fritz!Box there is the possibility to overcome those shortcomings. In ar7.cfg there is a setting "dhcpv6lanmode" that controls the DHCPv6 and RA behaviour. The supported values are:

   dhcpv6lanmode_off
   dhcpv6lanmode_stateless (default)
   dhcpv6lanmode_statefull
   dhcpv6lanmode_onlyprefixes
   dhcpv6lanmode_off_stateless
   dhcpv6lanmode_off_statefull

"dhcpv6lanmode_off_stateless" is most useful if running a DHCPv6 service on another server as it turns off the DHCPv6 server in the Fritz!Box but leaves the "Other configuration" option in the RA on. "dhcpv6lanmode_off_statefull" in addition turns on the "Managed address configuration" option in the RA to allow for DHCPv6 server assigned addresses. (The "..._off_..." settings have been tested on a 7390 with 84.05.07beta firmware. The setting is already in the 84.05.05 firmware but has not been verified to work.)

Miscellaneous

Incoming ICMPv6 traffic to your subnet is currently (firmware 54.04.86) blocked, meaning that you won't be able to e.g. ping hosts behind the Fritz!Box. In FRITZ!OS 06.01 (newer firmwares) you can optionally allow ICMPv6 for selected hosts ("ping6" option). The IPv6 firewall also allows you to open UDP/TCP ports on a per-host basis so this limitation is hardcoded.

The Fritz!Box (firmware 54.04.86) automatically picks a /64 subnet from the /48 subnet and you won't be able to pick a different subnet. You can also not set up any static routes for additional subnets.

Old versions of the Fritz!Box IPv6 Labor Firmware caused the SixXS status graphics for the tunnel to show up with 100% package loss. This issue was caused by the firmware blocking incoming ICMP6 traffic to the tunnel endpoint (your local end does not respond to ping). This incompatibility with the SixXS tunnel uptime verification method showed up with firmwares up to Fritz!Box IPv6 Labor Firmware 54.04.94-13992 and was fixed in 54.04.94-14338. So make sure you update at least to that version. See this forum discussion for more information.

Multiple subnets behind Fritz!Box

Source: Multiple IPv6 subnets with Fritz!Box

Even if you have a full /48 subnet, it shows it as /48 in the web interface, but in reality it picks the first /64 subnet from it for LAN and the second /64 for guest network (even if it is disabled). But what if you have a second router and some devices behind it? Here is the solution:

Step 1. Enable Telnet on you Fritz!Box

Pick up the phone connected to you Fritz!Box and dial #96*7* to enable Telnet. You can later on dial #96*8* to disable it.

Step 2. Add static IPv6 routes

From your internal network:

Log on to your Fritz!Box using your favorite Telnet application. I would recommend Putty for Windows or default telnet command on Linux/Unix or MacOS Use the same password you set up to access web interface.

To add temporary routes, just type the following in the command prompt:

route -A inet6 add XXXX:XXXX:XXXX:XXXX::/64 gw YYYY:YYYY:YYYY::YYYY dev lan

Where XXXX:XXXX:XXXX:XXXX::/64 is the destination subnet (for example, a network behind the second router), YYYY:YYYY:YYYY::YYYY is the IPv6 address of the second router’s interface connected to Fritz!Box and lan is the name of Fritz!Box’s interface connected to your second router. “lan” is the default one.

If you want this route to be permanent, you’ll have to store this command in the flash memory. I use /var/flash/debug.cfg. This file is empty by default. It is executed at router’s start up. To have your IPv6 route activated automatically at boot time, run the following from the command prompt:

echo “route -A inet6 add XXXX:XXXX:XXXX:XXXX::/64 gw YYYY:YYYY:YYYY::YYYY dev lan” > /var/flash/debug.cfg

Assuming that you didn’t have anything else in this file already, otherwise replace “>” with “>>” to add a line at the end of debug.cfg.

Step 3. Test

Just ping an IPv6 host from behind the second router. If it works, your routing is set up correctly.

Some useful commands for debugging:

cat /var/flash/debug.cfg

Should return the following:

route -A inet6 add XXXX:XXXX:XXXX:XXXX::/64 gw YYYY:YYYY:YYYY::YYYY dev lan


ip -f inet6 route

Should, among many other routes, return the following:

XXXX:XXXX:XXXX:XXXX::/64 via YYYY:YYYY:YYYY::YYYY dev lan  metric 1

If the output is too big, filter it by

ip -f inet6 route | grep XXXX:XXXX:XXXX:XXXX::/64

and you shall see just 1 line:

XXXX:XXXX:XXXX:XXXX::/64 via YYYY:YYYY:YYYY::YYYY dev lan  metric 1

Use ping6 command to test ping using IPv6. Unfortunately, traceroute6 command is absent in my FritzBox.

Dyndns

The Fritz!Box updates your dyndns hostname with your IPv4 and with the IPv6 of your tunnel. (Fritz!Box 7240 FW:73.05.22)

In most cases you want to redirect some ports (http/ssh...) of your IPv4 to an internal host and open some ports for the IPv6 interface ID of this host. The host gets an IPv6 of your subnet which is not the same that is in your dyndns account now.

To update the dyndns-account properly, use "manual configuration" and enter the following URL

Update-URL: members.dyndns.org/nic/update?system=dyndns&hostname=<domain>&myip=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx&myip=<ipaddr>&wildcard=NOCHG
Hostname: (your dyndns hostname)
Username: (your dyndns username)
Password: (your dyndns password)

You have to replace xxxx with the proper IPv6 of your internal host. Dyndns is updated now with this static IPv6 and dynamic IPv4

FAQ

"Internetverbindung IPv6 (SixXS Tunnel) ist fehlgeschlagen. Subnetz überprüfen"

  • You might not have entered the right Tunnel-ID. In /var/flash/ar7.cfg (telnet to your box and open with nvi) there's a section "sixxs". In this section you find the data your box will use to connect to sixxs. Make sure the Tunnel-ID is right and there is no trailing "\t". This may be a Bug in Lab-Version of 7270 when copy/paste the Tunnel-ID from sixxs. You can delete the \t by webinterface.

Note: Call #96*7* to enable telnetd. Call #96*8* to disable telnetd again.

"After a router restart the SixXS Tunnel is down (FRITZ!OS 05.22, Heartbeat Type)"

  • After a restart from the fritzbox, the router is not acquiring the right date and time. That would cause to send invalid Heartbeats (incorrect time stamp) to the corresponding PoP. That can be confirmed under:

Übersicht -> Verbindungen -> verbunden seit 01.01.1970, 00:15 Uhr.

A solution consist on enabling Telnet Call #96*7*, logging into the router, and changing the date manually "date -s YYYY-MM-DD hh:mm:ss". The tunnel will come up automatically. Do not forget to disable telnetd.

External Links

  • AVM - Makers of the FRITZ!Box.