In reply to a post by candlerb:

Chances are this is a configuration issue.

Are inbound packets arriving at the target server? Check with tcpdump (Linux) or Wireshark (Windows). If they are, then possibly the server itself isn't accepting incoming connections from public IPv6 addresses - which could be due to a software firewall on the server itself. Possibly the service is bound to IPv4 only, although I expect you've already tested IPv6 connectivity locally across the LAN.

If packets aren't arriving, then you focus on the router firewall configuration. It's not *impossible* that it's totally broken, but if it is, it's unlikely you're the first person to come across the problem.

Good points, I agree.

In reply to a post by candlerb:

If in the end you still want a new router, then my recommendation is Mikrotik - it does everything I could possibly want. Note that I'm a bit of a router geek and I configure it via the CLI, but there are other ways.

I note you said you wanted integrated wifi. I'd recommend against that - buy one or more Unifi U7 Lite APs for the wifi. Mikrotik do have a couple of routers with integrated wifi but they're very old standards (Wifi 5, from memory)

Yes. Routers with integrated wifi are exclusively consumer oriented and the settings are accordingly dumbed down. What you want to do, OP, with your own servers on IPv6 is very much an edge case for consumer routers, so if you can't make it work on the TP link, better to go with separate kit for the router and the wifi.

With the Mikrotik routers, there is a web interface, but this is not dumbed down. I am very happy with mine, but they are not for everyone. But then, if you are going to have your own IPv6 servers, you may well need to face up to a little complexity.

In reply to a post by Andrue:

Edit: This isn't just for a web server. It's actually for my mail server so I need SMTP, IMAP and HTTP/S. It's working for IPv4 with port forwarding but as I have IPv6 access I'd also like my mail server to be visible that way. There are some email servers using it eg; GMail.

Is it possible the relevant ports are blocked at the ISP?
The IPv6 ones.

In reply to a post by clyde123:

In reply to a post by Andrue:

Edit: This isn't just for a web server. It's actually for my mail server so I need SMTP, IMAP and HTTP/S. It's working for IPv4 with port forwarding but as I have IPv6 access I'd also like my mail server to be visible that way. There are some email servers using it eg; GMail.

Is it possible the relevant ports are blocked at the ISP?
The IPv6 ones.

There is that too. Probably OP needs to start a process of rodding through

• Can the server ping the IPv6 loopback address -
• Can the server see its own services on the IPv6 loopback address?
• Can the server ping its own Global IPv6 address?
• Can the server see its own services on its own Global IPv6 address?
• Can other machines on the LAN ping the server link local IPv6 address?
• Can other machines on the LAN see the services on the server link local IPv6 address?
• Can other machines on the LAN ping server Global IPv6 address?
• Can other machines on the LAN see the services on the server Global IPv6 address?

Once that stage has been reached, OP needs to refer to tech support for the router and to ensure that the ISP is permitting the services if it still isn't working

In reply to a post by Andrue:

Although I do at least have the UI option to disable the firewall it doesn't seem to have any effect. The Windows firewall logs only show IPv6 packets from the LAN regardless.

Are you saying that the servers can make outbound connections to global IPv6 addresses (e.g. ping 2001:4860:4860::8888) but not receive inbound?

I would have expected that disabling the firewall would have allowed everything in and out.

One thing to check: make a web connection to ip6.me, either from a web browser or
curl ip6.me/api/

Does the IPv6 address you see, match the interface IPv6 address? (ipconfig /all) I'm just wondering if the router is doing IPv6 NAT - it's unusual, but it does exist.

(Note: there's a bug in ip6.me where it truncates the address by one character, if there are no leading zeros in any of the 16-bit words. So don't worry if you see that).

In reply to a post by candlerb:

In reply to a post by Andrue:

Although I do at least have the UI option to disable the firewall it doesn't seem to have any effect. The Windows firewall logs only show IPv6 packets from the LAN regardless.

Are you saying that the servers can make outbound connections to global IPv6 addresses (e.g. ping 2001:4860:4860::8888) but not receive inbound?

Correct.

I would have expected that disabling the firewall would have allowed everything in and out.

So would I.

One thing to check: make a web connection to ip6.me, either from a web browser or
curl ip6.me/api/

Does the IPv6 address you see, match the interface IPv6 address? (ipconfig /all) I'm just wondering if the router is doing IPv6 NAT - it's unusual, but it does exist.

(Note: there's a bug in ip6.me where it truncates the address by one character, if there are no leading zeros in any of the 16-bit words. So don't worry if you see that).

Now that is weird..and interesting. My laptop works fine with IP6.me but although my server has a global IPv6 address that website reports that it doesn't. In addition I note that my dynamically assigned devices have an IPv6 address starting 2a02:xxxx:xxxx:1::4362 whereas the server has two IPv6 address - one that is similar and the static address of 2a02:xxxx:xxxx:1:201:c0ff:fe11:f814. Doesn't that mean it's on a different subnet? It doesn't seem to be an issue on the LAN but I wonder if that's breaking IPv6 connectivity?

I think I've seen Windows do this before so I'll try and delete that spurious address.

In reply to a post by clyde123:

In reply to a post by Andrue:

Edit: This isn't just for a web server. It's actually for my mail server so I need SMTP, IMAP and HTTP/S. It's working for IPv4 with port forwarding but as I have IPv6 access I'd also like my mail server to be visible that way. There are some email servers using it eg; GMail.

Is it possible the relevant ports are blocked at the ISP?
The IPv6 ones.

No. IDNet have never blocked any ports and the IPv4 side is working correctly. I really don't think it can be anything to do with my ISP. All they've done is moved me over to FTTP. However as noted in another reply there is something odd with my server's IPv6 handling.

As been said, maybe your problem is user error, I don't know, I have not really gone into that sort of thing. My router works, it does what I need. Just because you have a problem with one item from a company, don't mean others are like it.

I hope you get it sorted, but as you posted, very few people on here will do what you do, most of us will just plug the thing in, change a few settings and that is it.

It's sorted! Something (I'm glaring at that bloody Windows update) had set the default IPv6 gateway to ::. I've set it back to what it should be with the new router and everything is fine.

Good grief.

To be honest I've had gateway issues before with Windows. It'd be nice if there was some mechanism where it could get that automatically despite having a static IPv6 address but I suppose given how IPv6 works that's not going to be possible.

Thank you all for your help - you nudged me in the right direction when I realised that the server only had local IPv6 functionality. And I owe TP-Link an apology

Edit: I see I was late with this and it is all sorted, great news, but I'll leave this here:

In reply to a post by Andrue:

Does the IPv6 address you see, match the interface IPv6 address? (ipconfig /all) I'm just wondering if the router is doing IPv6 NAT - it's unusual, but it does exist.

(Note: there's a bug in ip6.me where it truncates the address by one character, if there are no leading zeros in any of the 16-bit words. So don't worry if you see that).

Now that is weird..and interesting. My laptop works fine with IP6.me but although my server has a global IPv6 address that website reports that it doesn't. In addition I note that my dynamically assigned devices have an IPv6 address starting 2a02:xxxx:xxxx:1::4362 whereas the server has two IPv6 address - one that is similar and the static address of 2a02:xxxx:xxxx:1:201:c0ff:fe11:f814. Doesn't that mean it's on a different subnet? It doesn't seem to be an issue on the LAN but I wonder if that's breaking IPv6 connectivity?

I think I've seen Windows do this before so I'll try and delete that spurious address.

2 facts about IPv6

[1] What is net and subnet is sorted out in the highest 64 bits. Every subnet has a full 64 bits of addressing. So what you are seeing is not a different subnet.

[2] Interfaces usually have multiple IP addresses. Besides the link-local address, you will typically find 2 Global addresses and 2 unique local addresses. 1 of each is static and the other changes each session. You need the static addresses for servers

Edited by DFScale (Fri 11-Jul-25 21:21:04)

Glad you got it sorted. I know what it is like when something is not working, and you can't figure out why.
you got a server, then?


I have a NAS, but it don't do IPv6, I suppose there is no need to.