SSL Remote Access VPN and IPv6

This just started happening to me, in this case on iOS using the OpenVPN client. The first time the vpn client connects to the vpn server (on a new IP) it works fine, the connection details show ipv4 ip and port..all is good. The second time around though, it somehow connects via ipv6, not even sure how....but once it connects via ipv6, I can't access any resources behind the VPN....any help?

BTW, although it is apparent that my IPv4 addresses somehow have an IPv6 counterparts, I do not have ipv6 enabled anywhere in my UTM

Way to hijack my thread.  :(  My issue was never solved.  And it had nothing to do with IOS.  And it only happened with IPv6 enabled in the UTM.  So really your issue is in no way related.  BAlfson ?????

Hi Dan,

IPv6 enable can you please show me where do you enable this? I will try to test the scenario but, prerequisites will be:

1. Upgrade your UTM on the latest version.

2. Which iOS version and device.

3. Which VPN client and version (latest preferred)

Thanks

Hi Sachin,

If you look through the original thread you will see it has nothing to do with iOS.  Kent hijacked it with a presumable unrelated issue.  Back in August I was running the latest version of the UTM and both the official client and a stock OpenVPN client fail to function with IPv6 enabled on the UTM.  I haven't tried it since as no solution was provided and I need VPN more than I need IPv6.

Thanks,

Dan

Your thread was abandoned and quiet since August...I certainly did not mean to hijack your thread, but my issue looked somewhat related. Enjoy the holiday season, don't be grump.

As to my issue, I was able to resolve it by enabling the "Seamless Tunnel" option in the openvpn client. The current hypothesis is that my mobile service provider started adopting nat64, and for whatever reason, the openvpn client was preferring the nat64 ipv6. I can't explain why "seamless tunnel" fixes the issue, but it does. Hope this helps someone

Sorry Kent, I was really just grumpy since this issues hasn't even been acknowledged as a problem.  I got excited when I saw a new post thinking it was maybe a solution.  I didn't mean to crap on your parade, so to speak, I'm just frustrated with Sophos that there isn't even any type of "yeah, this is an issue being worked on" response.

Glad you got you issues resolved, and sorry for the grump.  :)  Cheers!

I think this post I posted some months ago may help both of you:

https://community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access/75700/9-4-soft---ipv6-ssl-remote-access---ios/310309#310309

I think this post I posted some months ago may help both of you:

https://community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access/75700/9-4-soft---ipv6-ssl-remote-access---ios/310309#310309

Hi apijnappels!  That looks helpful, but I'm not 100% sure I follow.  Did you just change the local networks from any to those two subnets?

Correct. In stead of using any or Internet IPv4, use the two definitions from the other thread. It will "repair" the routing bug.

Hey @apijnappels  Thanks for this, that workaround seems to have resolved the issue!  Looks like I can finally move forward with getting IPv6 setup in my network.  Thanks so much!