cancel
Showing results for 
Search instead for 
Did you mean: 

HT2000W IPv6 inbound services

Junior

Re: HT2000W IPv6 inbound services

@C0RR0SIVE I am a residential subscriber. I personally was never promised static IPv6 addresses (or any IPv6 at all, for that matter) during the sales process, but it appears that others have been. Regardless, every other ISP that I'm aware of in the US provides static IPv6 prefixes to its fixed customers. This is a central design feature of IPv6, evidenced by the lack of wide support for IPv6 dynamic DNS and Hughesnet's own IPv6 firewall design in its HT2000W router. The firewall rules must be built with the end device's IPv6 address, so if those addresses are dynamic, the user would need to reconfigure their firewall rules every few days.

Sophomore

Re: HT2000W IPv6 inbound services

@C0RR0SIVE I'm also a residential subscriber, but offered to become a business subscriber if it would make a difference (After our discovery that these ipv6 delegates arent static).  I was toldf it works the same way for business subscribers, and the only way to have a static ipv4 or ipv6 address is to be a legacy business customer.

Sophomore

Re: HT2000W IPv6 inbound services

Just a quick update for anyone looking for answers to this in the future.

 

Until HughesNet addresses thier very strange implementation of ipv6, I have reverted to using a raspberry pi plugged directly into the hughesnet modem to perform DDNS via DYNv6.  Anything you want to access remotely (besides the pi) will need to be configured to use stateless ipv6 (making your mac address public).  You then would need to alter the DYNv6 update script on the pi (they supply a nice one on thier website) to glue together the /51 assigned by hughes to the stateless address on your device... or you can just use the pi to route/redirect ports instead.  I believe @pswired has done something similar using his own script.  If anyone needs step by step for the raspberry pi let me know. 

 

Note that this effectively puts the pi open to the world, and you should take measures to secure it against such.

Sophomore

Re: HT2000W IPv6 inbound services

@Liz

Any update from the "Engineers" regarding this issue?

Moderator
Moderator

Re: HT2000W IPv6 inbound services

Haven't heard anything back. I've pinged them for any news to share.

 

Thanks,
Liz

Did my post answer your question? Accept as Solution to help others find it faster.--------------------------------->

Highlighted
New Poster

Re: HT2000W IPv6 inbound services

I would love to see your instructions for setting up with a RPi if you could post them

Sophomore

Re: HT2000W IPv6 inbound services

Here is a quick (Totally from memory) list of the steps to follow.  Note that if your hikvision DVR does not support IPV6 that it will still not be accessible.  I’m not sure of your tech/linux comfort level, but if you have ever used linux this should be very simple.
 
Note, prior to performing the below you need to establish a FREE account at https://dynv6.com
 
1. Download the latest and greatest image of raspbian from https://downloads.raspberrypi.org 
2. Follow instructions for burning the image to an sd card (google for your os)
3. You will need to place a blank file called "ssh" in the root (top level directory) of the sd card AFTER you burn the image (note you may have to remount the sd card to see it on some os's).  This will enable us to ssh headless into the pi. Also note that the file should have NO EXSTENSION (.txt etc).
4. Connect the pi to your home router via ethernet, the pi will dhcp and you can obtain the ip address from your routers assigned dhcp screen.  You should setup your router to always hand this mac address this IP, but thats not covered here.
5. SSH into the pi (on windows you will need a terminal like putty, on osx just use terminal).
6. You will be prompted for a password, by default the password is "raspberry"
7. Change your password
   $ passwd
8. You will be prompted to enter a new password, choose wisely as the pi will be publicly accessible
9. Get your pi up-to-date with patches etc
   $ sudo apt-get update
   $ sudo apt-get dist-upgrade
   $ sudo rpi-update
10.  Reboot your pi
   $ sudo reboot
11. Reconnect from your terminal
   $ ssh pi@your.ip.address.here (note use the pw you set)
12. Since were public accessible lets change the default port for ssh
   $ sudo nano /etc/ssh/sshd_config
   Comment out the line that says "Port 22" by placing a hash in front of it like "#Port 22"
   Below that line add "Port 12345" where 12345 is a port number you choose
   $ sudo service ssh restart
   $ logout
13. From your terminal reconnect, note the new port number
   $ssh -p 12345 pi@your.ip.address.here
14. Lets install the dynv6 DDNS script
   $ cd ~/7a07f5ac901844bd20c9
   $ cp dynv6.sh ~/
   $ cd .. 
   $ sudo chmod +x ./dynv6.sh
15. Edit the dyn script
   $sudo nano ./dynv6.sh
   Save and exit.  This will prevent dynv6 from updating your NAT'ed ipv4, remember we only want the ipv6
16. The dynv6 script is now executable and we can test it by running 
   $token=YOURTOKENHERE ./dynv6.sh YOURCHOSENSUBDOMAINHERE.dynv6.net
17.  Add the script to cron to run every minute
   $ sudo crontab -e
   Add the line 
   */1 * * * * /home/pi/dynv6.sh >> /var/log/dynv6.log 2>&1
   Save the cron file and exit back to a prompt
18. Lets check the loggies and make sure it's working, it should run every minute (command below will read the log file in realtime)
   $ tail -f /var/log/dynv6.log
   To exit tail hit "control-c"
19. Your pi is now accessible via YOURCHOSENSUBDOMAINHERE.dynv6.net, you can test by using level3 looking glass, choose ping, check the box that says prefer ipv6.
 
This will send the ipv6 handed out from your hughesnet modem to dynv6.  Note that you will need to further customize the dynv6.sh script in order to parse the pi's public ipv6, extract the hughesnet delegated /51, and append it to your "stateless" address of your other device that you want publicly accessible.  Regex will be your hated friend : )
 
I'm not going to cover hardening your pi here, there are plenty of guides out there on the internet, but at minimal you should at least install and setup 
$ sudo apt-get install unattended-upgrades
# sudo apt-get install fail2ban
Freshman

Re: HT2000W IPv6 inbound services

Where do we stand on a firmware update for the HT2000W to enable IPv6 inbound traffic and ultimately customers' ability to access LANs via public IP address without all the workarounds noted in this thread? Looks like the last response on this thread was on 11/20/2017...This is a very important issue that needs to be resolved for the rapidly expanding availability of the IOT's -- especially security systems that do NOT work through the vendor's server.

New Poster

Re: HT2000W IPv6 inbound services

@Liz

Ditto, any update from the "Engineers" regarding this issue?

 

I am new to this forum, but also have 3 "systems" inside a LAN that need to be remotely accessed by IP (IPv6 I guess, as IPv4 seems impossible via HT2000W). Anyway, these 3 devices include: pool-system controller, security camera NVR, and security system. I'm not sure all of these devices have the ability to change/set their IPv6 address, so I'm hoping that the HT2000W will be able to NAT from some IPv6 (or DDNS IPv6) address to a LAN IPv4 with an associated Port #.

 

From another forum:

"There are scenarios where a person may have already deployed a private IPv6 network using ULA space (unique local address; it's equivalent to the RFC1918 private IP space (192.168.x.x etc)). If they didn't want to re-IP their network, they could use NAPT (network address/port translation) to forward requests from the ISP supplied GUA (globally unique address aka public IP) to the ULA network and vice versa."

Junior

Re: HT2000W IPv6 inbound services

No updates, and I imagine that the whole Gen5 system grinding to a halt due to oversubscription is probably a big enough distraction that we won't see much progress on this anytime soon.

 

I will note that the frequency of my Hughes-assigned IPv6 prefix changing has gone way down since this thread started. It stayed constant for most of the month of December, then changed during the outage that took down everyone on Echostar 19 on New Years Day.