Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 30 subscribers
  • Views 29236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring IPv6

Simon Porter

I'm hoping someone might be able to help me. I'm trying to setup IPv6 on a CR50iNG running Sophos OS 17.0.6 MR-6. This sits behind a managed Cisco router that the ISP looks after.

IPv6 below have been changed from their real 2001:4d48:x:x values.

My ISP has reserved a /48 prefix. e.g 1111:2222:3333::/48. They have configured 1111:2222:3333::1/64 on the LAN port of the Cisco. They do not use DHCPv6 for IP assignment. To quote the email I had from my ISP: "If you need any more addresses out of the /48 then you need to let us know where to route them to."

On the Cyberoam I have configured on the WAN port:

IP Assignment: Static

IPv6/Prefix: 1111:2222:3333::2/64

Gateway IP: 1111:2222:3333::1/64

The gateway is appearing as green in the WAN link manager. I can ping websites via IPv6 using the diagnostic tools of the Cyberoam.

My issue is I don't have IPv6 connectivity from any of my PCs sitting behind the Cyberoam. 

I have configured IPv6 router advertisement using the 1111:2222:3333::/64 range and also tried a different subnet 1111:2222:3333:1::

Windows PCs are picking up an IPv6 address, temporary address and a link local address.

They are picking up a gateway address for the Cyberoam but it is a link local address starting with fe80.

I can ping the link local address and the IPv6 address I've assigned to the LAN port on the Cyberoam ok. I cannot ping out to any websites.



This thread was automatically locked due to age.
Parents
  • 0

    Hey Simon Porter,

    Are you running a DHCPv6 server? For whatever reason, if I don’t use a DHCPv6 server and allow devices to assign their own IPv6 address based on the RA prefix, I fail the ipv6-test.com. If I setup a DHCPv6 server and setup RA to use the DHCP server, everything works fine.

  • 0 in reply to shred

    No I'm not running DHCPv6. Just autoconfig.

    It's not something I can setup with our current network.

    IPv6 is working with NAT. I'm happy to leave it as is for now.

    Thanks for the suggestion.

  • 0 in reply to Simon Porter

    Ah, I think I just fixed my issue. I’m running autoconfig as well and all appears to be working now.

    My ISP is assigning my router 2600:XXXX:XXXX:300:YYYY:YYYY:YYYY:YYYY.

    I had my Prefix Advertisement Configuration /64 setup with 2600:XXXX:XXXX:300:: and this was not working. When I changed that setting to 2600:XXXX:XXXX:301::, everything is working now. I need to do more research on IPv6. I was under the impression the preferred technique was to use your ISP assigned /64 and have each device assign its own IP address using the ISP assigned prefix such that if I don’t want to NAT a device (i.e. allow it to be accessed directly), I could.

    I’m seeing the same thing as you though on ipv6-test.com. ICMP is “Filtered”.

    Edit: When I enabled “Ping/ping6” on my WAN zone, it’s now showing ICMP “Reachable”. However, I’d prefer to only enable ICMP for IPv6... doesn’t appear to be a way to enable only “ping6” on an interface.

Reply
  • 0 in reply to Simon Porter

    Ah, I think I just fixed my issue. I’m running autoconfig as well and all appears to be working now.

    My ISP is assigning my router 2600:XXXX:XXXX:300:YYYY:YYYY:YYYY:YYYY.

    I had my Prefix Advertisement Configuration /64 setup with 2600:XXXX:XXXX:300:: and this was not working. When I changed that setting to 2600:XXXX:XXXX:301::, everything is working now. I need to do more research on IPv6. I was under the impression the preferred technique was to use your ISP assigned /64 and have each device assign its own IP address using the ISP assigned prefix such that if I don’t want to NAT a device (i.e. allow it to be accessed directly), I could.

    I’m seeing the same thing as you though on ipv6-test.com. ICMP is “Filtered”.

    Edit: When I enabled “Ping/ping6” on my WAN zone, it’s now showing ICMP “Reachable”. However, I’d prefer to only enable ICMP for IPv6... doesn’t appear to be a way to enable only “ping6” on an interface.

Children
No Data