WAN interface IPv6 address changing

Hallo Timotheus,

Please show a picture of the Edit of the Interface definition in the UTM.

Would a fixed IP address on an internal device in your IPv6 subnet work for what you need to do?

Cheers - Bob

Hello Bob,

Screenshot looks like this:

The point is to advertise my mail server. I have used an A record for the IPv4 address. Recently a SMTP server rejected mails from us because it could not get a valid IPv6 address. So I assumed that I need a AAAA record for the same interface. If there is a better way of doing this I am interested to hear about it.

I have been wondering about the automatic renumbering feature:

Does this have anything to do with our issue?

Best regards,

Timotheus

I'm far from being a guru on IPv6, Timotheus, but I think you might want the fixed IPv6 IP on your mail server.  Your ISP should route that to your public IPv6 address and the UTM should know to send the traffic to the mail server.  Are you using the SMTP Proxy?

Cheers - Bob

Hello Bob,

This really got me thinking, but the problem just gets bigger.

I am using Email Protection, so the WAN address is actually the mail server address.

Right now I just need external SMTP servers to be able to do a helo to a AAAA record (mail.example.com) and get a valid answer.

Would an "additional address" on the WAN interface be sufficient?

I should have left off the line about thinking bigger. I was working on ideas about using IPv6 for various functions, but decided to keep this simple in order to get a solution to the specific issue.

My settings look the same with Deutsche Telekom too. I set up IPv6 not long ago for the same reason, but using it till now just outgoing.
I will have to check if the address is changing, can’t say that now. But of course I would agree you need a static address for an AAAA record.

Best regards 

Alex 

Yes, I would use an Additional Address, Timotheus.

Cheers - Bob

This morning another option occurred to me. Perhaps I should configure the UTM WAN interface to use a static IP.

I have a rule in my head that says PPPOE should never be set to Static PPPOE. But I cannot remember when I learned that. It could easily be provider specific and outdated. 

Does anybody see any reason not to select "Static PPPOE"?

Regards,

Timotheus

Hello Alex,

Thanks for providing your experience.

What do you see, is your address changing?

Do you have the check box for Static PPPOE IP set?

Regards,

Timotheus

Hi, 

after having a look in the IPv6 Log file I can confirm, my IPv6 address is changing too. My settings are identical to yours.
So thank you for giving that hint. But unfortunately I don't have a solution, either wasn't aware of that problem.

Best regards

Alex

Hi, 

after having a look in the IPv6 Log file I can confirm, my IPv6 address is changing too. My settings are identical to yours.
So thank you for giving that hint. But unfortunately I don't have a solution, either wasn't aware of that problem.

Best regards

Alex

Sounds like it's time to get Sophos Support involved.  Please let us know the solution.

Cheers - Bob

I am not convinced that this is a mistake. So before opening a case I need to be more convinced.
The provider may be routing that customer network to the public address. So a change of the public address might not be a problem.
Enclosed is an excerpt of the provider's details:

Does this make any sense?

Best regards

Alex

Good morning Alex,

I tend to agree that it does not look like a UTM error. It is more of a matter of knowing how to configure it.

It would be nice to know in advance what the "Static PPPOE IP:" on the under the WAN interface settings does and if that is meant for a situation like ours.

I am hesitant to try experiments.

Best regards,

Timotheus

I decided to go ahead and select the "Static PPPOE IP" option. It has been more than 24 hours since I did this and things are running smoothly.

Ok, may I ask which IPV6 address you put in the corresponding field of the interface? Like in my screenshot above DTAG gives only a subnet not a specific address.

BR

Hello Alex,

When I clicked the 'Static PPPOE IP Address' box it displayed the v4 and v6 address that the WAN interface was currently using. I just accepted those.

I talked to a Telekom technician before I raised this issue here and he told me that the changing IPv6 address was because of our configuration not theirs. I am wondering if the UTM was choosing a new address every day. It would be very nice if somebody from Sophos would comment on this and tell us how it is meant to work.

Regards,

Timotheus

It has been more than two weeks since I made this change and I have detected no negative effects. 

Before I did this I was having occasional problems with the WAN interface not reconnecting when it disconnected once a day. That seems to be better now too.

My thanks to Alex and Bob who helped me search for a solution on this. 

If any problems show up I will post them here, but for now I am regarding this issue as resolved.

Inspired by Timotheus, I changed that setting at my location too. I can confirm stable connection and IP4/6 too. It seems that static setting fits well for Deutsche Telekom Deutschland LAN VDSL with static IP.

Best regards 

Alex