Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 1499 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prefix Deligation on XG

Sophos User544

I am newbie with XG. I installed the XG for the the firsttime. But I have experience with UTM and Linux generally. I read that the XG has no implantation of a prefix deligation. 
I get a /56 prefix from my internet provider  and i want to put a /64 prefix to my lan interface. Under Linux i used the wide-dhcpv6-client package. 

like this

interface ens18 {
send ia-pd 1;
send rapid-commit;
script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc pd 1 {
prefix ::/56 infinity;
prefix-interface ens20 {
sla-id 0;
ifid 1;
sla-len 8;
};
};

Is there a plan to implement this on the XG?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you will need to assign a /64 to your internal interface from your /56 range. You then enable RA under Networks tab.

    That will give you multiple IPv6 addresses per device even if you are using DHCP.

    Also you will need a NAT for each IPv6 firewall rule or a common NAT for all IPv6 rules.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    ok i assigned Port1 Port3 and Port4 with IPv6 addresses. 

    2a02:x:y:z:201::1/64
    2a02:x:y:z:203::1/64
    2a02:x:y:z:204::1/64

    Port2 is the wan interface. 

    My setup was DHCP and Mode Auto .... 

     

    ping6 -I 2a02:x:y:z:204::1 www.heise.de worked ... 

    thank you very much. 

    One question ... why do i need a nat rule for ipv6?

  • 0 in reply to Sophos User544

    Hi,

    because the current implementation of IPv6 on the XG is very poor. There is a rumour that there will be changes to XG IPv6 later this year, but only a rumour.

    There are a couple of other bugs in FQDN use and country blocking. 

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    my ping check were wrong 

    i have to use ping6 -i 2a02:x:y:z:204::1 www.heise.de ... and I don't get a reply

    ok i understand ... so  i have to nat my /56 prefix to have access to the internet?

    that's killercriteria for me, so i can't use a XG 

    I will have a look on the XG when the IPv6 implentation comes to 21 centaury

    thanks for the answer  

     

     

  • 0 in reply to Sophos User544

    Hi,

    you do not have to NAT your /56 only the /64 networks. If you enable the NAT you will get a reply, I have IPv6 working through a NAT (MASQ).

    You cannot NAT your /56 because there is one /64 0f your /56 on the external interface. In your firewall rule have you enabled PING/ICMP etc?DId you try ping from the XG diagnostics TAB?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Sophos User544

    Hi,

    you do not have to NAT your /56 only the /64 networks. If you enable the NAT you will get a reply, I have IPv6 working through a NAT (MASQ).

    You cannot NAT your /56 because there is one /64 0f your /56 on the external interface. In your firewall rule have you enabled PING/ICMP etc?DId you try ping from the XG diagnostics TAB?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML