Connecting from an Android Mobile via IPv6 only carrier (Telstra) network (single stack) to Sophos XG19 via SSL VPN seems to create some strange issues.
The Sophos XG firewall has a single IPv4 gateway address that the client connects too without any issue.
I know in theory it is all transparent with IPv6toIPv4 translation at carrier level, and I can ping and trace route to internal network IPv4 addresses. The weirdness is that I can't access any Web resources using the IPv4 address, response just times out.
I verified this but changing the APN of the mobile network to IPv4 (CGNAT and public IP) and it all works as expected!
After trying different firewall rule configuration my gut feeling suspected something to do with IPv6.
Is there anyway to configure this to work with IPv6 only carrier networks (which are becoming more common) or is this still some limitation of Android client works. Obviously the tunnel is working as I can ping internal ipv4 address, but web browsers fail?