Hello Sophos Community,
it is me again - Posting like a Boss the cause is that I like the XG Firmware allot and am eager to learn more...
This is not Business Critical but a common issue here in Germany since ppl are forced to use DS-Lite connections on KMU / SMB sized structures.
What I dislike about DS-Lite is that are only a few Modem/Routers that ISPs provide and both have very harsh limitations on configuring or use terminology that is not common knowledge!
But not to nag on how to do things in the ISP side better... Is on how to learn from it "Improvise, Adapt, Overcome"!
So what did I do so far and did it work?
Fritzbox Configuration (Sorry for the menu points in German)[IP Address Used are all fictional!]:
Fritzbox -> Heimnetz -> Netzwerk -> Activated Option for Sophos-XG to retain the same IPv4 and IPv6 Address
Fritzbox -> Internet -> Freigaben -> Portfreigaben -> Activated Option for Sophos-XG to be an Exposed Host for IPv4 and IPv6 [without the option for Deligated IPv6 Prefix]
Sophos Configuration (This time in English):
Configure -> Network -> Interfaces -> WAN -> Edit Interface -> DHCP On for IPv6 [2001:] /59
Configure -> Network -> Interfaces -> LAN -> Strict IPv6 Address [fd] :1 /64
Firewall -> IPv6 Rule -> [For Testing] Any Any Any Rule with NAT Masq enabled
DNS Settings forward to my Pi-Hole:
DNS1 -> Normal IPv4 Address all OK
DNS1 for IPv6 -> ??? with [2001:] /59 should be OK because of internet.nl result?!
Static IPv6 Address on Test System PC with [fd] :2 and GW [fd] :1 and DNS [fd] :1
PC Setup:
IPv4 is DHCP because it just works with Sophos XG :D
IPv6 is Static with the GW pointing to the Sophos XG LAN Port IPv6 Address [fd]:1 /64
What happuns...?!
On the test-ipv6 site it tells me that my browser refuses IPv6 but my machine is capable of IPv6 traffic?
On the internet.nl site that tells me IPv6 communication is OK but the Encrypted part of DNSSec is unsecured [Mybe coz of HTTPS Decryption]
Somehow it works but also does not work... can not get Teredo to work at all!!! Even if I bypass all Security features... Grrr...
The Browser refuses IPv6 communication unless forced by benchmarks... also... Grr...
I am already biting of the corners of my Sophos XG because I do not understand why It does not want to function... For sure I configured something wrong and thats why I post this here to learn and write a Guide for ppl that want to use IPv6 on the whole network. :D
Sincerely
Eli.
P.S. @Sophos why not produce a MODEM that just decodes the DS-Lite to PPPoE and let the XG dial in...[No Router - No nothing - JUST a Modem]? The newer models from AVM / Fritzbox can not be converted to modem mode when provided by the ISP!
This thread was automatically locked due to age.
