Having trouble getting my Sophos UTM Home (9.700-5) to support IPv6 over my BT-supplied FTTP service. Everything works fine with the SmartHub 2, but the UTM will not get an IPv6 address from the BRAS. the UTM will show me a prefix, but it will not assign an address to its WAN interface, so i have no route back to the BRAS. I think this is an issue with the UTM, but I need to compare with someone else before I take the drastic step that is rebuilding the UTM.
Does anyone have a Sophos UTM Home, working over IPv6? if so, does your external interface look like this?
I am expecting (I think) to see an IPv6 address alongside the 86.x.x.x address on the WAN interface.
the Sophos community is silent on this, and that's not like them at all. Way back in the past, DHCPv6-PD was definitely not supported, but nobody is making this information available to me.
Solved! Go to Solution.
Still struggling with this. In light of the earlier post about IA_NA addressing being absent, it became clear that the SH2 makes up its address, just by adding a 1 at the end of the prefix. I can do that too on my LAN interface, set up prefix advertisement, and all my clients get an IPv6 address. ip route shows a correct default route for both IPv4 and IPv6, and I can see the IPv6 traffic leaving via the PPPoE connection to BT, but nothing ever comes back.
I spent 12 hours yesterday messing with this. The *first* time i did it, with a fresh install of the UTM, I made a specific set of changes:
and it worked. This was at 8am on Sunday morning. I backed up the config, made the setup look like it should for me (the firewall has 4 ports, 3 of which I have in a bridge, and that is what I changed up at this point), and it broke.
backed up that 'bad' config, reloaded the good one and....it broke.
Wiped the UTM again, fresh install from USB, identical config to the first try (apart from a different prefix) and it did not work.
I reloaded configs, wiped the UTM several times and generally messed for 12 hours yesterday, and the only time it worked was the very first time.
At each stage, I always tested IPv4 first (the WAN IP changed almost every time), and had to change the static IP on the WAN interface. the UTM automatically renumbers the IPv6 settings.
the only conclusion i can draw is that there is something odd going on beyond the PPPoE connection. I can see my IPv6 traffic leave over it, but nothing comes back. No idea what to do next, as BT tell me that's Openreach magic at that point.
Couple of things, the first you are probably aware of but just in case BT use /56PD rather than /64PD.
Secondly, I could never get a TP link 9980 to work with IPv6. The weird thing is that it would work for about 2 minutes after configuring and then stop working, which sounds similar to your experience of intermittent working. Assume it was somehow the initial setup connected but subsequent RA/RS messages weren't working correctly.
If you have a managed switch you could mirror your WAN port and see what's happening with Wireshark.
I do have a managed hub, and I did try that, but only to look at the PPPoE setup traffic which it didn't forward to the spanned port for some reason. I'm going to buy a cheap tap from ebay, something like (Ixia Net Optics TP-CU3-ZD 10/100/1G Copper Ethernet Tap Gig Zero Lag)most likely, as you'll see error traffic with it, and maybe get a better handle on what's happening. I'd really like to get to the bottom of this, as I see no reason why it shouldn't work.
i just do not understand. I had TCP v6 disabled on my desktop since the weekend, and i just re-enabled it. 10/10 on test-ipv6.com. For the record, this is what I did:
That's it. I have no clue why a 3-day gap makes any difference, but clearly it did.