Open IPv6 Issues / questions

- will the fix for issue NUTM-7187 be included with 9.5?

- is there a fix in the works for IPv6 Connections where the WAN Port is supposed to use an address out of the delegated prefix? Currently users of such ISPs do not get any IPv6 address. (for esxample KPN netherlands)

- what about the ability to change/edit the UID for IPv6 Delegation Requests?

- what about long standing feature requests such as 6tunnel integration, lets encrypt - is that on the roadmap? Users, myself included had high hopes for 9.5 but this seems to be more than a maintance release.


thank you in advance.

  • In reply to Ben:

    Hi All,

       Sorry for not updating the progress since I am busy finalizing all the changes, i.e. making sure it is really well done.

       Thanks for all of your help.

       Quick Summary:

       1) SanderRutten system: everything is good to go

       2) Rklomp system: Same as 1

       3) Ben system: There is one small issue that I just put another newer rpm on it to see if it can resolve this issue (RA is not automatically sent by router - this is the hypothesis: to be confirmed by the reconnect by 4:00AM Ben's time).

       Once Ben system is good to go, then at lease the issue of "reboot and reconnect" is fixed for PPPoE connection.

       Thanks and sorry about the delayed update.

  • In reply to Duc Le:

    looking good, ipv6 still up and working after last nights reboot.

    thanks for the awesome work Le!

  • In reply to Ben:

    Great to hear that it is OK with Ben's system. And I also just checked it now. It looks good.

    Thanks so much for all of you help. It would be almost impossible without your help.

    You fellows (SanderRutten, Ben and Rene) are great to work with. It is much appreciated.

  • In reply to Duc Le:

    likewise ;) glad that this could finally be fixed! looking forward to have this into one of the next up2date patches ;)

    now we only need the ipv6 ip counting removed/softened for home licences ;) (you hit 50 devices very quick with ipv6 enabled windows devices)

    again, thank you Le for the hard work and the throughout fix that adresses all issues we encountered.

  • In reply to Duc Le:

    Hi Le,

    Thanks for the update. Unfortunately I am still not automatically getting a default route for IPv6



  • In reply to rklomp:

    Hi Rene,

       On your network to which the UTM is connected to on the ppp0, there is no router which will respond to the router Solicitor Request (RS). Hence

       the UTM will not get a route out of that ppp0. There is nothing UTM can do. Upstream router must advertise itself. Thanks.

       Are you sure upstream router will respond to the RS coming from UTM? Please let me know. Thanks Rene.

  • In reply to Duc Le:

    Hi Le,

    Sorry for the late reply. I was on holiday for the last two weeks.

    There is indeed no router that responds to RS messages. Also in the capture I made from the ISP provided CPE I do not see any RS/RA messages and still it is working correctly on this device. I guess the provide CPE is using the remote LL address received via PPP as the default gateway. I think it would be nice if the UTM would use that address as well when no RAs are received.

     You have XS4all right? I thought the implementations of those providers where the same, but apparently you are receiving a RA?


  • In reply to rklomp:

    Yeah I got it fully working thanks to Le (And others?) with XS4ALL.

    Could it be that I'm using a managed switch between my fiber NTU and the firewall?  
    In my setup, my NTU is connected to LAN1, tagged with VLAN6. LAN2 is untagged, and going to the WAN port of my Sophos UTM.
    So my Sophos UTM is only setting up a PPPoE connection, and not a PPPoE with VLAN. Not sure if this matters for the IPv6/RA part tho.

  • In reply to SanderRutten:

    I have the same setup. A managed switch tagged to the fiber NTU with vlan 6 and tagged towards my vmware machine. The virtual machine itself is untagged in vlan 6 so UTM sets up PPPoE without vlan.

    Do you see RS/RA messages when doing a packet capture?

  • In reply to rklomp:

    Hi Rene,

       Good to hear from you. Hope that you had a great holiday.

       I will pass on your request to the team wrt using the remote LL as default gateway.

       Thanks for your help and suggestion.

  • In reply to Duc Le:

    Hello Le,

    i noticed the 9501055 Update contains a "ep-ipv6-watchdog-9.50-3.g64d8245.rb3.i686.rpm"

    does it include the fixes for the ipv6 pppoe prefix delegation or do i still need to apply this private patch?

    i would like to update our work machines and my own machine sometime soon, but didn't because of the fix.

    thank you!

  • In reply to Ben:

    Hi Ben,

       No I don't believe 9501055 contains the fix since the QA is currently going thru the fix. So you still need the emergency patch. I will announce it here once the fix becomes GA. Sorry and Thanks and your patient! 

  • Hi Ben, SanderRutten and Rene,

       I just merged the fix for the PPPoE issue from the 9.4 release into 9.5 release. The testing on 9.4 is going fine.

       I just wonder if you fellows allow me to test the fix for 9.5 on your 9.5 UTM. If yes, please let me know the

       login parameters.

       Thanks Fellows!

  • In reply to Duc Le:

    Hi Le!

    I will update the production machine to 9.5 in that case that you had access to before. Will send you a PM as soon as that is done. If you leave the patch on /home/login after installing, i will also install it on another machine i got running.

  • In reply to Ben:

    OK, and Thanks Ben.