TCP connection refused with an internal network and IPv6

joekearney · 2020-07-20T19:44:55+00:00

Sunrise community - customers help other customers with topics related to television, Internet, telephone and mobile. Register now!

joekearney

I have a problem with the same symptoms as this post:

UPC Connect Box in default mode (IPv4 and IPv6)
Unifi network wired to the Connect Box, my devices use wifi through this, not UPC
When my problem is happening, all devices see TCP Connection Refused errors (packet returned is ICMP “connection administratively prohibited”)
It’s not a physical connection problem. Ping and UDP DNS appear to be unaffected.
The problem mostly (but not completely) correlates with one particular device being connected to the inner Unifi network. When it’s connected directly to the UPC wifi, there’s no problem.
I have monitoring that tracks this by sending repeated curl requests and monitoring the output.

It’s often around 10-20% of connection requests that fail over a 30 minute window, with spikes up to 40-60%.

My suspicion is that it’s an interaction between some or all of:

double NAT
VPN connection from the one device that triggers it
IPv6 on the UPC that does not support subnetting/prefix delegation through to the internal Unifi network (setting up IPv6 on the Unifi network without prefix delegation had little effect, and may have made the problem worse).

I think my next step is to disable IPv6 on the Connect Box and move to bridge mode, to eliminate as much as possible from the connection path. My understanding is that this means:

No IPv6 - the Connect Box will get a single public dynamic IPv4 address, and no IPv6 address
No router - the Connect Box will not run a DHCP server, a DHCPv6 server, or wifi
Single NAT - my Unifi gateway will NAT to the Connect Box, but there won’t be any NAT between the Connect Box and the carrier network

@Sunrise_Team Is that true? If so, how can I get my Connect Box switched to IPv4-only? Should I also request to move to bridge mode (I want to do that eventually but like having a backup for when my problem happens!)

Thanks

joekearney

Changing the modem to IPv4 mode has solved this problem. Thanks for your help.

joekearney

Thanks, reset seems to have worked to get a connection back. I’ll wait a day or two to see if this also fixes the connection refused problem.

Daniele_Sunrise

@joekearney , I recommend you to make a reset. IPv4 will not be deactivated by a reset. Only we (UPC) can reset this to IPv6.

Greetings

Daniele

joekearney

Thanks, though this doesn’t seem to have worked. I can’t make any connection out to the internet. The Connect Box reports that it has a WAN IPv6 address but no gateway. I’ve restarted it a couple of times.

I see the new modem mode menu option, which I’ll experiment with later, so something has happened.

Is there something else that can be reconfigured on your side, or should I reset it and then ask again for it to be set to IPv4? Or should I just wait longer?

Daniele_Sunrise

@joekearney , Welcome to the community!

We have changed your modem to IPv4. The change will be completed in 30 minutes. Restart your modem afterwards. If you have problems, reset your modem. Press the reset button on the back of the modem with a pointed object for at least 25 seconds.

For instructions on how to set your modem into bridge mode, click here.

Greetings

Daniele