Recommend me a router..

I've recently upgraded to FTTP and as part of the deal I got a new router. That allowed me to rearrange my network which was great but now it appears that the router isn't all that it's cracked up to be. It's a TP-Link VX230V and the problem is that the IPv6 Firewall appears to have a bug that means you can't allow incoming connections through to services.

So I'm considering shelling out on a new router but as usual it's difficult to find the kind of reviews that I want because I have technical requirements. The TP-Link has shown that you can't go by reading manuals because the manual gives incorrect information about the firewall. Without a review of this feature there'd be no way to know it was flawed.

So what I need from a router:
2.4 & 5GHz Wifi
Dual-stack IPv4/6.
The ability to allow incoming connections on IPV6.
Three LAN ports, one WAN port. None of them have to be gigabit.

I also don't want to spend a huge amount. I don't need performance I just want a router that supports IPv4 and IPv6 properly - surely that isn't too much to expect?

Edited by Andrue (Thu 10-Jul-25 08:10:49)

I thought dual stacking was something done by the ISP, not the router.

Does your ISP support IPv6? Not all of them do.

Not sure what services you want to use with Ipv6, I am not really up to date with IPv6 as such.

I have a TP-link Archer AX53, works with IPv6 fine, not sure about the firewall and incoming connections as I have not really touched that.

In reply to a post by zyborg47:

I thought dual stacking was something done by the ISP, not the router.

Yes but the router has to support it. The router has to know to ask for IPv6 information during login as well as asking for IPv4.

Does your ISP support IPv6? Not all of them do.

I wouldn't be asking about router IPv6 features if it didn't

Not sure what services you want to use with Ipv6, I am not really up to date with IPv6 as such.

I have a TP-link Archer AX53, works with IPv6 fine, not sure about the firewall and incoming connections as I have not really touched that.

Based on my experience with this vx230v I don't think I'd touch another TP-Link with a bargepole. Releasing a router with such an egregious bug does not inspire confidence.

Edited by Andrue (Thu 10-Jul-25 09:03:40)

In reply to a post by zyborg47:

Does your ISP support IPv6? Not all of them do.

OP is with IDNet and from his previous thread, it appears that he has got IPv6 working apart from this issue.

In reply to a post by Andrue:

It's a TP-Link VX230V and the problem is that the IPv6 Firewall appears to have a bug that means you can't allow incoming connections through to services.

Have yo tried enabling the required service in the IPv6 firewall settings? ie are we looking at a problem of you not having found the setting or of the setting not working?

In reply to a post by DFScale:

In reply to a post by Andrue:

It's a TP-Link VX230V and the problem is that the IPv6 Firewall appears to have a bug that means you can't allow incoming connections through to services.

Have yo tried enabling the required service in the IPv6 firewall settings? ie are we looking at a problem of you not having found the setting or of the setting not working?

Good question. It could just be that the instructions are wrong and I haven't yet worked out what I'm supposed to be entering. What I've found is the settings page for the IPv6 firewall. The help for that page states:

IPv6 Firewall protects your IPv6 network by preveting access from the internet. However, when you are hosting a service, such as a file sharing server in your local network, you can choose to allow access to the server from the internet by adding entries on this page. This feature is available only when you've set up an IPv6 connection.

To add an entry
Click Add.
Select an interface name from the drop-down list. Interface names are names of the internet connections you have set up.
Click View Existing Applications to select a service from the list to automatically populate the Port field with an propriate port number. It is recommended to keep the default Port if you are unsure about which one to use. If the service is not listed, manually enter the Service Type and the Port number (e.g., 21 or 21-25).
select the local host device running the service. Enter its global IPv6 address in the Global IPv6 Address field.
Select a protocol for the service from the drop-down list.
Select Enable This Entry.
Click OK.
Note
1. If you want to disable this entry, click the Bulb icon.
2. If the local host device hosts more than one type of available service, you need to create a rule for each service. Please note that ports should NOT be used by multiple services.

Which is all well and good except that there is no way to select a host device and the only IP address input field is labelled 'Internal IP:' I initially assumed this was a typo so I put in the global IP address as the help suggests but that didn't work. I've also tried putting in the link-local address of the server with no expectation of it working and of course it didn't. I've also tried putting in the IP address without the prefix '::201:c0ff:fe11:f814' but that doesn't work either.

Editing an entry on the settings page

In reply to a post by Andrue:

Editing an entry on the settings page

It is http on port 80. https is on 443

In reply to a post by DFScale:

In reply to a post by Andrue:

Editing an entry on the settings page

It is http on port 80. https is on 443

Good catch but that's just a text description as far as I can tell. I've corrected it and the ports remain blocked on IPv6.

Edit: This isn't just for a web server. It's actually for my mail server so I need SMTP, IMAP and HTTP/S. It's working for IPv4 with port forwarding but as I have IPv6 access I'd also like my mail server to be visible that way. There are some email servers using it eg; GMail.

Edited by Andrue (Thu 10-Jul-25 11:37:27)

Chances are this is a configuration issue.

Are inbound packets arriving at the target server? Check with tcpdump (Linux) or Wireshark (Windows). If they are, then possibly the server itself isn't accepting incoming connections from public IPv6 addresses - which could be due to a software firewall on the server itself. Possibly the service is bound to IPv4 only, although I expect you've already tested IPv6 connectivity locally across the LAN.

If packets aren't arriving, then you focus on the router firewall configuration. It's not *impossible* that it's totally broken, but if it is, it's unlikely you're the first person to come across the problem.

If in the end you still want a new router, then my recommendation is Mikrotik - it does everything I could possibly want. Note that I'm a bit of a router geek and I configure it via the CLI, but there are other ways.

I note you said you wanted integrated wifi. I'd recommend against that - buy one or more Unifi U7 Lite APs for the wifi. Mikrotik do have a couple of routers with integrated wifi but they're very old standards (Wifi 5, from memory)

In reply to a post by candlerb:

Chances are this is a configuration issue.

Are inbound packets arriving at the target server? Check with tcpdump (Linux) or Wireshark (Windows). If they are, then possibly the server itself isn't accepting incoming connections from public IPv6 addresses - which could be due to a software firewall on the server itself. Possibly the service is bound to IPv4 only, although I expect you've already tested IPv6 connectivity locally across the LAN.

The server configuration has been unchanged for several years. All that's happened is that I've switched from FTTC to FTTP. It's the same ISP and the same static addresses. I did briefly have an issue because a Windows update coincidentally reset the server's network profile to Public but that blocked all access to the mail server and has been changed back and all is fine again from the LAN. Most devices on the LAN are connecting via the public IPv6 address although I think my phone connects over IPv4.

If packets aren't arriving, then you focus on the router firewall configuration. It's not *impossible* that it's totally broken, but if it is, it's unlikely you're the first person to come across the problem.

I can believe I'm the first to encounter this since it's basically a home router and I doubt many home users want to expose public services let alone on IPv6. From spending time on their forums it's clear that almost no-one uses this model of router and several other models have issues with the firewall. Although I do at least have the UI option to disable the firewall it doesn't seem to have any effect. The Windows firewall logs only show IPv6 packets from the LAN regardless.

If in the end you still want a new router, then my recommendation is Mikrotik - it does everything I could possibly want. Note that I'm a bit of a router geek and I configure it via the CLI, but there are other ways.

I note you said you wanted integrated wifi. I'd recommend against that - buy one or more Unifi U7 Lite APs for the wifi. Mikrotik do have a couple of routers with integrated wifi but they're very old standards (Wifi 5, from memory)

Thanks for the recommendation. I had been using a WAP and I could reinstate that but I like the fact that having it all in one box has allowed me to unplug several pieces of kit.