IPv6 support - jamesmacwhite/hh70-ee GitHub Wiki

The 4GEE Home Router supports IPv6, however in the default in IPv4v6 mode, the 4GEE Home Router doesn't appear to allocate an IPv6 prefix without forcing it. I'm not entirely sure why either. I don't know if this is by design or a quirk in the firmware as most 4G mobile devices with IPv6 support do this automatically.

To have both IPv4 and IPv6 as "dual stack" you need to follow this sequence:

  1. Disconnect through the web interface
  2. Go to Setup > Data Connection and change the Connect IP mode to IPv6
  3. Go back to the Status tab and connect. Wait for an IPv6 prefix to be allocated. You'll know this has happened you see an IPv6 address on the status page.
  4. Disconnect again, go back to the page in step 2, but this time set the Connect IP mode back to IPv4v6
  5. Connect again from the status page and wait, you should see another IPv6 prefix allocated alongside your IPv4 address which will be something like 19.x.x.x, 100.x.x.x or 10.x.x.x.

This will allocate a /64 prefix to your 4GEE Home Router. You cannot obtain anything larger than a /64. No other prefix delegation is provided if you are using this device as a second WAN/configured with another router. You may be able to potentially relay the /64 in some cases, given you cannot subnet a /64 without breaking SLAAC and a lot of IPv6 configurations that are assumed by devices.

If you do reboot the 4GEE Home Router, you will need to redo the steps above to obtain another IPv6 prefix alongside the IPv4 connectivity as it doesn't happen automatically.

IPv6 inbound firewall

EE firewall unsolicited IPv6 inbound traffic on their 4G network. The primary reason for this is to prevent unnecessary data usage as a lot of 4G customers will have limited data plans. This means you will not be able to host any services behind an EE 4G IPv6 address. The firewall block is being done in their core network. Even if you drop the firewall on the 4GEE Home Router itself entirely, it doesn't matter, as the firewall rules are being applied higher up in the network than the CPE (Customer Premises Equipment) itself. Certain IPv6 traffic like ICMPv6, Router Advertisements and other essential IPv6 traffic to comply with RFC standards are permitted between EE IPv6 prefixes but will not respond outside of the EE network.

IPv6 graceful fallback

EE does not appear to gracefully fallback to IPv4 if the IPv6 connection fails. This was tested using ipv6-test.com.

ipv6-test.com result

This means if a website publishes an IPv6 DNS record but the IPv6 connectivity is misconfigured or doesn't work properly, that website/service is likely to appear down for EE mobile IPv6 users.

At some point in 2020, this appears to have changed and IPv6 fallback does appear to work now. Retesting on the 4G EE network, a score of 17/20 is now given. The tests that fail are the reverse DNS and ICMP filtering. The reverse DNS test is minor and not something an EE customer can resolve, given you won't control the IPv6 prefix for rDNS delegation. You are unlikely to need rDNS anyway, given you cannot host inbound services on the 4G network. The ICMP test is due to EE applying ICMP filtering inbound in their network, which again you have no control over.