This is very interesting, thanks for sharing Paul!
I did take the diagnostics. I cannot ping 192.168.100.1 it losses all packets. 192.168.100.1 does not show up in the arp interface. Did you want me to transfer you the diagnostic files?
No, that just re-enforces what I see with the DSL modem… That Starlink has the same behavior.
Ask peplink to support static routes on the WAN interface, there are about to be a lot of Starlink Customers, viewing the diagnostics via a phone is a core activity and they may want to support them directly.
For now, you will either have to allocate an additional WAN interface (If you have one free) or use an old router to handle the OOB traffic. To use a second router set its WAN to 192.168.100.2 /24 Assign the LAN to 192.168.101.2 /24. On the peplink set an Access VLAN 101 to have an IP address of 192.168.101.1 and then add a static route for 192.168.100.0/24 via 192.168.101.2. Connect the 2 WAN ports and Starlink to a Switch, and connect the second router’s LAN port to the Access Vlan 101 port.
I have an ethernet USB converter and GigE switch ready for when I can order Starlink.
2 Likes
I give that a big thumbs up - peplink needs to do whatever is needed to fully support starlink on the WAN. I will likely put in several hundred myself. We sell phone service and cellular backup Internet to pizza restaurants, but they need decent WAN.
I have a waiting list of over a hundred locations waiting until they have some kind of high speed Internet to sign up with us.
5 Likes
Here is what I wound up doing. I put an unmanaged switch hub in between the dish and the peplink, then put the original starlink router off of the hub; after adding a Poe box. I have to connect to the starlink WiFi network to use the app. It did a firmware update as soon as I hooked it up, not sure if both the dish and then router or just the router. The starlink router is forced to be at 192.168.1.1 and doesn’t let you into any settings. I tried to hook a peplink ap300m up instead but all lights flash on it, I suspect a hardware error.
The starlink router no longer wrecks havoc with the rest of my network like it was doing when plugged directly off the starlink router network output port, even though I had noting on the 192.168.1 network.
1 Like
I would only watch that the system is ok with having two router IP’s on the same dish. Both the peplink and starlink routers now have DHCP addresses. There is nothing illegal about this from a network point of view, but traditionally cable and DSL providers limit the DHCP clients on the remote side. Starlink may not be regulating this now, but they may in the future.
1 Like
Thanks Paul, the starlink app shows “connected devices”. Any device that connects to the Starlink router shows up in the list, plus the Peplink shows up as "one device with the WAN mac address showing up. This leads me to believe it’s acceptable behavior (for now).
Reviving this older thread as I just received my Starlink terminal.
I am running the OOB management via a Juniper SRX connected via an Access VLAN, similar to my previous tests with the DSL modem. This works fine, and I may continue with this configuration to test and provide IPv6 via the SRX.
I also wanted to test a second WAN interface for the OOB managment, but my generic 1G switch was dead.
I wound up having to use an unmanaged switch after the dish forked onto the starlink wifi and the rest of my network. The wifi on my normal network is much faster than the starlink and I need to connect to the starlink wifi network for stats and uogrades
Slightly off topic but how are Starlink handing out IPv6 to subscribers, is it DHCPv6 with a delegated prefix? If so what size are they delegating - details seem a bit thin on the ground for this 
It is supposed to be a DHCPv6 with PD… but those that have seen it say that the route goes away after 20 mins… or when any type of “interruption” happens in the link…
I have yet to get a reply packet back to my SRX… so I may have to try some other technologies… pfsense seems to be on the list. Clearly not fully supported.
10:00:48.178956 Out 64:87:88:1d:42:08 > 33:33:00:01:00:02, ethertype 802.1Q (0x8100), length 122: vlan 1, p 6, ethertype IPv6, (hlim 255, next-header: UDP (17), length: 64) fe80::6687:88ff:fe1d:4208.dhcpv6-client > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 solicit(C cliaddr=1:a:3:1:6487:881d:4d08:19 relayaddr=c::ffff:ffff:ffff:ffff:3)
1 Like
Thank you for the information everyone has shared so far. I’ve requested to be in the beta as well, but it will be later this year. I am very interested in the disaster response portion of the network and hope they will open the ability for travelling dishes soon too.
I rolled up a PFsense VM… and did some more snooping on the WAN interface segment. It seems that any IPv6 results on Startlink were from months ago, and I see no indications that Starlink is currently supporting RA’s, SLAAC or DHCPv6 requests.
IPv6 neighbors remain empty unless I open up IPv6 on the peplink and then I see all of my LAN clients.
1 Like
Well, the previous message wasn’t quite right. Others indicated that IPv6 was still working in a way. So I moved my PFsense VM directly to the Starlink WAN network and I was able to receive via SLAAC an IPv6 address… which promptly went away.
Then I reset my VM to request both IPv4 DHCP and IPv6 and received both.
and then the IPv6 goes away… so still no clear results.
When it worked there was an dhcpv6 PD of /56 (which I requested).
1 Like
Thanks for doing the testing @Paul_Mossip
Good to hear in some regards that they are at least planning some IPv6 service over their network… be nice if other ISPs (and equipment vendors) were thinking along these lines. I’ve had native IPv6 in my home network for nearly a decade now, would be nice to avoid nasty tunnels and other hacks if I get Starlink intsalled.
Hopefully they will have it all working once the service moves into a full production state, along with some (cost) option to get rid of the CGNAT layer too for those who really need a public IPv4 address.
I wasn’t sure if people wanted to keep discussing IPv6 in a peplink thread.
I’ve run IPv6 on and off for years, and since I’m behind AT&T fixed LTE I would have to use a tunnel broker as peplink doesn’t support IPv6 on wireless WAN links. I have also found that nobody wants to debug ipv6 issues… if Netflix doesn’t work, they ask, turn off ipv6… does it work now… OK, we are done.
I’ll start with using a peplink router. Forget it. (reasons will be coming down message).
The Starlink IPv6 implementation seems to be fundamentally flawed in a number of ways. This is all conjecture as Starlink says nothing about their system.
#1 The Starlink system does not send periodic RAs as required by RFC
#2 The system does not respond to RE requests unless the MAC address of the client is already in contact with the starlink core.
#3 the default router fe80::1 does not respond to NDP packets at all. So if for any reason you loose the NDP via timeout, your default route becomes useless.
The first two items combined make any generic bridged SLAAC system a non starter, and that is the default Peplink “bridged ipv6 mode”.
So, what does work?
A number of open source firewalls seem to work to start. PFsense, OPNsense.
What these do is
#1, DHCP for the IPv4 address, this primes the core to allow services to and from that MAC address. DHCP lease of 500 seconds.
#2 Send a ipv6 RE request, not waiting for the network to advertise a RA that will never come.
#3 In response to this RE the starlink network replies with a RA, (TTL 500sec) This allows the firewall to turn up a SLAAC address add the default route and NDP cache
#4 the firewall requests a DHCPv6 PD, and Starlink sends back a /56 assignment.
This is all well and good for the next 500seconds… Since the starlink network doesn’t send another RA (which should be done at least < 1/2 the RA timeout interval) the original RA will time out, the NDP will time out and the IPv6 addresses go away.
So, to keep the IPv6 network up, as soon as you boot up, you need to convert all dynamic assignments to permanent.
In a shell, find your current address (ifconfig em0) and then switch it from autoconfig to permanent.
ifconfig em0 inet6 ####:####:####:####:####:####:####:#### ( insert your negotiated SLAAC address)
Second, the NDP cache will also time out, since it was filled in via the RA. This is a fixed assignment:
ndp -s fe80::1%em0 02:02:00:00:00:02
Third, fix the default route.
route -6 add default fe80::1%em0
Finally, the firewall needs to keep sending packets into the core to keep the NDP cache primed on the starlink side… so these firewalls send pings once a second to fe80::1.
If you turn off this gateway check… you eventually loose connectivity.
I have not yet configured a LAN side of this firewall to see if it will pass networks out of the /56.
Since Starlink isn’t really supporting IPv6, I will probably stop here until they announce general support.
3 Likes
First troubleshooting of everyone is disable IPv6. I understand the reason for IPv6 but it seems to be very poorly implemented in every system I have attempted to use it with. It is amazing how quickly network problems go away across many services when IPv6 is disabled.
1 Like
I worked some more on the Starlink IPv6 limitations.
The main requirement is to send manual router solicitations faster than the entries time out.
Installing the cron module into the PFsense and setting a rtsol em0 every 60 seconds keeps the firewall’s IPv6 connection active, that allows the firewall to issue the PD RAs to its connected LAN interfaces and renew the leases every 500 seconds.
-
-
-
-
- root /sbin/rtsol em0
-
-
-
If you are using outbound policies with domain name matching in your Peplink, you will need to forward DNS to the peplink, as the PFsense will advertise itself as an IPv6 DNS endpoint.
1 Like
FYI - they added a fix to allow the app to function without the router in place.
Wating for the B20X release… then I can test.
1 Like