I had a dual stack running successfully for a few years under the previous version(s) of XG. Since installing v18 EAP1 or Refresh 1, IPv6 connectivity to the internet has failed. The circumstances are:
- I have a stateful setup for my LAN that properly assigns IPv6 addresses to the connected devices
- The WAN connection to the ISP get the proper IPv6 prefix and the proper gateway IP
- I can successfully ping6 any device on my LAN from within the LAN
- I can successfully ping6 any device on my LAN from the XG
- I cannot ping6 any device on the internet from my LAN
- I can successfully ping6 devices on the internet from the XG
- When I test IPv6 compatibility using one of the various websites, they report back that there is no IPv6 connection
- My firewall rules that I use are migrated from v17. The IPv6 rules are exact mirrors of the IPv4 rules (which obviously work). The NAT rules were created by the v18 install.
- I have tried connecting via IPv6 from my Mac, iPhone, Win10 laptop and Win10 desktop computers using Chrome, Internet Explorer and Safari.
In order to try and pin down possible causes I've tried the following, without success:
- My IPv6 connection to the ISP was configured as DHCP -> Manual -> DHCP only. I changed this to Auto. The XG was able to successfully connect to the ISP and get the correct IPv6 settings. A green light was indicated in the "WAN link manager". The XG was able to ping6 and trace route to google. I still could not ping6 or connect to the internet via IPv6 from the LAN.
- I deleted the automatically created NAT rules for IPv6. I created my own NAT rules to MASQ the IPv6 WAN traffic. While the NAT rules counters indicated that they were being used, I could not ping6 or connect via IPv6 to the internet. I could ping6 from the XG.
- I disabled the NAT rules. The same symptoms prevailed.
- I noticed that in the Interfaces configuration for IPv6, the Gateway IP was a link local address, which seemed odd. From the earlier traceroute, I could see the IPv6 address of the Gateway. I manually entered the Gateway IPv6 address. After a minute the XG successfully connected to the ISP via IPv6 and a green light was displayed on the connection. I could ping6 and trace route from the XG but there was no access from the LAN.
- I created a new IPv6 firewall rule to allow everything to the WAN (no filtering) and a linked NAT rule that applied MASQ to WAN bound traffic. Both the new firewall rule and the new NAT rule show that there was WAN bound traffic (counters increased immediately). I can ping6 from the XG but no IPv6 access from the LAN.
- I have tried the Logviewer to see what is going on with the NAT rule. When I enable filtering through NAT it just sits there processing for ages and never produces anything.
In summary, with all the changes I made above, the firewall rule counter and NAT rule counter increase. To me this indicates that the IPv6 traffic is being correctly processed by these rules. I cannot pin down the problem.
At this point, I cannot think of any other options to try. I have been in touch with the developers who have support access to my XG. At this point, they have confirmed that the XG can ping6 and trace route IPv6.
Am I completely missing something here? The only other thing I can think of is something has changed with my ISP.
