Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 3769 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 on WAN interface

semoca
Hi,

My ISP has started to roll out IPv6 and I'm one of the beta testers for this setup
They are using dual stack and I don't seem to get this configuration working with my sophos utm box.
Looks like I'm not getting an automatic IPv6 from the ISP.

Interface is configured as DSL(PPPOE) and I've got ticked both IPv4 and IPv6 GWs. If I only tick v6, I lose internet connection.

Prefix, 6to4 and tunnelling are all off 
automatic IPv6 renumbering is on



Native over WIMAX: fe80::813a:434c:8cc6:ed5d
Subnet: NONE

Firmware version: 9.204-20

Please advise

thanks


This thread was automatically locked due to age.
  • 0
    Hi,
    there are a couple of log files you can check and post if you wish.
    1/. the PPPoE entries on re-connect
    2/. the IPv6 entries

    What you will need to find out is what sort of IPv6 address allocation method your ISP is using?

    Then the wizkids will be able to guide you further.

    Ian
  • 0 in reply to RFCat_vk_01
    Hi,

    Thanks for the quick response.

    Below are the logs for the ipv6 and pppoe session.  (removed some parts)

    BTW, the ISP is using Dual stack

    2014:07:31-00:53:12 gw01 radvd[24515]: resuming normal operation
    2014:07:31-00:53:12 gw01 radvd[24515]: attempting to reread config file
    2014:07:31-00:53:12 gw01 radvd[24515]: resuming normal operation
    2014:07:31-00:53:12 gw01 radvd[24515]: attempting to reread config file
    2014:07:31-00:53:12 gw01 radvd[24515]: resuming normal operation
    2014:07:31-00:53:12 gw01 radvd[24515]: attempting to reread config file
    2014:07:31-00:53:12 gw01 radvd[24515]: resuming normal operation
    2014:07:31-00:53:13 gw01 radvd[24515]: attempting to reread config file
    2014:07:31-00:53:13 gw01 radvd[24515]: resuming normal operation
    2014:07:31-00:53:26 gw01 ipv6_watchdog[22854]: Start of monitoring interface ppp0 (68)
    2014:07:31-00:53:26 gw01 ipv6_watchdog[22854]: Interface ppp0 (68) changed RA flags: NONE -> SENT,READY



    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: pppd 2.4.6 started by root, uid 0
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  dst ff:ff:ff:ff:ff:ff  src 0:50:56:a3:b8:b0
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  [service-name] [host-uniq  3b 7e 00 00]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 108
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  dst 0:50:56:a3:b8:b0  src 2:21:ef:41:e9:97
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  [host-uniq  3b 7e 00 00] [service-name] [AC-name RouterOS] [service-name removed] [service-name removed] [service-name removed] [service-name removed] [service-name removed] [service-name removed]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Send PPPOE Discovery V1T1 PADR session 0x0 length 12
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  dst 2:21:ef:41:e9:97  src 0:50:56:a3:b8:b0
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  [service-name] [host-uniq  3b 7e 00 00]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Recv PPPOE Discovery V1T1 PADS session 0x60b9 length 12
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  dst 0:50:56:a3:b8:b0  src 2:21:ef:41:e9:97
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]:  [host-uniq  3b 7e 00 00] [service-name]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: PADS: Service-Name: ''
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: PPP session is 24761
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Connected to 02:21:ef:41:e9:97 via interface eth2
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: using channel 39
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Using interface ppp0
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: Connect: ppp0  eth2
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: sent [LCP ConfReq id=0x1  ]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: rcvd [LCP ConfReq id=0x1  ]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: sent [LCP ConfAck id=0x1  ]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: rcvd [LCP ConfAck id=0x1  ]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: sent [LCP EchoReq id=0x0 magic=0xed1ea813]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: rcvd [CHAP Challenge id=0x1 , name = "RouterOS"]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: sent [CHAP Response id=0x1 , name = "removed"]
    2014:07:31-00:53:12 gw01 pppd-pppoe[32315]: rcvd [LCP EchoRep id=0x0 magic=0x56b02e7d]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [CHAP Success id=0x1 "S=removed"]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: CHAP authentication succeeded
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: peer from calling number 02:21:EF:41:E9:97 authorized
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPCP ConfReq id=0x1   ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPV6CP ConfReq id=0x1 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPCP ConfReq id=0x1  ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPCP ConfRej id=0x1 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPV6CP ConfReq id=0x1 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPV6CP ConfAck id=0x1 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPCP ConfNak id=0x1   ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPCP ConfReq id=0x2   ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPV6CP ConfAck id=0x1 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: local  LL address fe80::813a:434c:8cc6:ed5d
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: remote LL address fe80::0000:0000:00f0:612a
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: Script /etc/ppp/ipv6-up started (pid 32353)
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPCP ConfReq id=0x2 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: sent [IPCP ConfAck id=0x2 ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: rcvd [IPCP ConfAck id=0x2   ]
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: local  IP address 89.140.x.x
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: remote IP address 89.140.x.x
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: primary   DNS address 185.44.x.x
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: secondary DNS address 89.140.x.x
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: Script /etc/ppp/ip-up started (pid 32360)
    2014:07:31-00:53:13 gw01 pppd-pppoe[32315]: Script /etc/ppp/ipv6-up finished (pid 32353), status = 0x0
    2014:07:31-00:53:15 gw01 pppd-pppoe[32315]: Script /etc/ppp/ip-up finished (pid 32360), status = 0x0
  • 0
    i have the same problem as semoca

    from reading through i believe the problem is pppoe while the interface is ethX but the ipv6 should come from pppoe?
  • 0 in reply to ben83
    Hi folks,
    I went through the logs on my UTM with native IPv6 and the setting you are querying is similar.
    What your log file shows is very similar to mine. What you need to ask your ISP is what method do they use for their IPv6 advertisement?
    Then bring the answer back to the forum.

    You more than likely don't need the renumbering turned on.

    Ian
  • 0
    My Problem is, Sophos UTM gets an IPv6 that is reachable from the Internet. Seems like i get a Prefix too, but anything in that is not useable unless i use a Fritzbox to connect via PPPoe to my ISP.

    The only way IPv6 will work in my LAN is if i enable Masquarading, than my UTM WAN IPv6 is shown everywhere.



    My IPv6 Log:

    2015:02:26-10:50:09 astarovm radvd[28662]: version 1.9.2 started
    2015:02:26-10:50:09 astarovm radvd[28665]: sendmsg: Operation not permitted
    2015:02:26-10:50:33 astarovm radvd[28665]: attempting to reread config file
    2015:02:26-10:50:33 astarovm radvd[28665]: resuming normal operation
    2015:02:26-10:50:33 astarovm radvd[28665]: attempting to reread config file
    2015:02:26-10:50:33 astarovm radvd[28665]: resuming normal operation
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: Start of monitoring interface ppp0 (17)
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: Installing default route via fe80::f2f7:55ff:fe55:f300 (17)
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: Installing address 2a01:66a0:***X:0:***X:e5e8:***X:f0f7/64 (17)
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: Interface ppp0 (17) changed RA flags: NONE -> SENT,RCVD,OTHER,MANAGED,READY
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: Interface ppp0 (17) changed type to DHCPv6 with Prefix Delegation
    2015:02:26-10:50:36 astarovm ipv6_watchdog[27758]: JSON "ppp0", "unknown", "up", { "gateway6": "fe80::f2f7:55ff:fe55:f300", "network6":"1"}

    My PPPoE Log:
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: pppd 2.4.6 started by root, uid 0
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  dst ff:ff:ff:ff:ff:ff  src 0:c:29:58:b8:cc
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  [service-name] [host-uniq  f2 6c 00 00]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 110
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  dst 0:c:29:58:b8:cc  src f0:f7:55:55:f3:0
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  [service-name] [host-uniq  f2 6c 00 00] [vendor-specific  00 00 0d e9 01 14 30 2e 30 2e 30 2e 30 20 65 74 68 20 31 2f 32 30 3a 38 30 30 02 18 31 63 36 61... (length 52)] [AC-name len-teutel-bbr-001] [AC-cookie
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:   33 b1 98 d9 38 39 fe 80 fa 73 d5 ef c2 48 d8 5b]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Send PPPOE Discovery V1T1 PADR session 0x0 length 32
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  dst f0:f7:55:55:f3:0  src 0:c:29:58:b8:cc
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  [service-name] [host-uniq  f2 6c 00 00] [AC-cookie  33 b1 98 d9 38 39 fe 80 fa 73 d5 ef c2 48 d8 5b]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Recv PPPOE Discovery V1T1 PADS session 0x142 length 88
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  dst 0:c:29:58:b8:cc  src f0:f7:55:55:f3:0
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]:  [service-name] [host-uniq  f2 6c 00 00] [AC-cookie  33 b1 98 d9 38 39 fe 80 fa 73 d5 ef c2 48 d8 5b] [vendor-specific  00 00 0d e9 01 14 30 2e 30 2e 30 2e 30 20 65 74 68 20 31 2f 32 30 3a 38 30 30 02 18 31 63 36 61... (length 52)]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: PADS: Service-Name: ''
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: PPP session is 322
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Connected to f0:f7:55:55:f3:00 via interface eth5
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: using channel 2
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Using interface ppp0
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Connect: ppp0  eth5
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [LCP ConfReq id=0x1  ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [LCP ConfReq id=0x1   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [LCP ConfAck id=0x1   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [LCP ConfAck id=0x1  ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [LCP EchoReq id=0x0 magic=0x3897fd4f]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [PAP AuthReq id=0x1 user="******XX" password=]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [LCP EchoRep id=0x0 magic=0x26b0b365]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [PAP AuthAck id=0x1 ""]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: PAP authentication succeeded
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: peer from calling number F0:F7:55:55:F3:00 authorized
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPCP ConfReq id=0x1   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [IPCP ConfReq id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPCP ConfAck id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [IPCP ConfNak id=0x1   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPCP ConfReq id=0x2   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfNak id=0x1 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: rcvd [IPCP ConfAck id=0x2   ]
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: local  IP address 100.70.2.190
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: remote IP address 185.42.252.1
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: primary   DNS address 5.61.190.6
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: secondary DNS address 5.61.190.118
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Script /etc/ppp/ip-up started (pid 27921)
    2015:02:26-10:50:02 astarovm pppd-pppoe[27890]: Script /etc/ppp/ip-up finished (pid 27921), status = 0x0
    2015:02:26-10:50:04 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:04 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x2 ]
    2015:02:26-10:50:05 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:08 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:11 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:14 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:17 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:20 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:23 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:26 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:26 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x3 ]
    2015:02:26-10:50:26 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x3 ]
    2015:02:26-10:50:28 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x4 ]
    2015:02:26-10:50:28 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x4 ]
    2015:02:26-10:50:29 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x2 ]
    2015:02:26-10:50:30 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x5 ]
    2015:02:26-10:50:30 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x5 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: IPV6CP: timeout sending Config-Requests
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfReq id=0x6 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x3 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfAck id=0x6 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfNak id=0x3 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: sent [IPV6CP ConfReq id=0x4 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: rcvd [IPV6CP ConfAck id=0x4 ]
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: local  LL address fe80::0cee:e5e8:2e0d:f0f7
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: remote LL address fe80::f2f7:55ff:fe55:f300
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: Script /etc/ppp/ipv6-up started (pid 28909)
    2015:02:26-10:50:32 astarovm pppd-pppoe[27890]: Script /etc/ppp/ipv6-up finished (pid 28909), status = 0x0
  • 0
    You have a /60 delegated from your ISP which is some number of /64s.  Are you set up to hand out/advertise ipv6 on your internal interfaces under prefix delegation?
  • 0
    yes,i used a tunnelbroker before and i am familiar with subnetting the ipv6 prefix into /64 for the UTM interfaces. Also i have used both stateless and statefull (with dhcp6) prefix delegation.

    Fritzbox gets a /48 subnet, everything is working great
    UTM shows (i am not sure if it gets) a /60 subnet, only its own WAN ipv6 is useable through masq. and nat.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?