VPN Issues with IPv6

Follow

sedimentary

• January 10, 2024 16:11

I have recently received my new Firewalla Gold SE (amazing by the way!) and wanted to try out the WireGuard server. When using my cellular data with T-Mobile, I can connect and use the internet, however LAN traffic is non-existent. In my research, I found another post on these forums where another T-Mobile user found it is an issue with their network: they only assign IPv6 addresses, not IPv4. I confirmed this as the suspected issue by connecting to a different WiFi network and suddenly, I can communicate with my LAN. I tested OpenVPN as well and it has this same "issue." When I gave my friend (who uses a different carrier) a profile, he was able to communicate with my LAN. We used the Network Analyzer app (found on both Android and iOS by Jiri Techet) to confirm the IPs given to us by our carriers.

My question then is what if anything can I do in order to resolve this? I tried to increase the MTU from 1412 to 1452 (seen in the other forum post) to no avail. Using Termux and a random ping command someone suggested on StackOverflow, I find that I have an MTU of 1408 anyways, so increasing it won't help. I make a habit of not connecting to any other WiFi network than my own and family, so this would mean I cannot VPN in and talk to any of my home devices without connecting to an open, public WiFi and pray they don't block VPN traffic.

0

• 

  Firewalla

  • January 15, 2024 20:16

  You mean, you can VPN home from outside network and not VPN from inside the same network?

  0

  Comment actions Permalink
• 

  sedimentary

  • January 15, 2024 21:23

  When I VPN into my Firewalla from my cell data, I am unable to communicate with my LAN devices. If I am connected to WiFi (on an external network, not meaning my own WiFi), then it is fine. The only difference I can find is that my cellular provider (T-Mobile) does not assign private IPv4 addresses, only IPv6.

  0

  Comment actions Permalink
• 

  sedimentary

  • January 25, 2024 16:36

  Are there any updates on this?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 25, 2024 17:43

  Did you use the IPv6 address to VPN? If not, see this article https://help.firewalla.com/hc/en-us/articles/115004274633-Firewalla-VPN-Server and look at section with ipv6 

  0

  Comment actions Permalink
• 

  sedimentary

  • January 25, 2024 19:39

  I had attempted that, even trying to use IPv6 only. It did not affect anything. I noticed the client profile is still referencing IPv4 addresses, which I believe is the possible culprit.

  0

  Comment actions Permalink
• 

  Firewalla

  • January 25, 2024 20:36

  The client profile should have a DDNS address, and after you setup ipv6, the DDNS address should automatically point to the ipv6 address instead of ipv4

  0

  Comment actions Permalink
• 

  sedimentary

  • January 25, 2024 20:42

  I'm unsure of what extra setup is required for IPv6 to work. My WAN has always had IPv6 turned on with DHCPv6, the Wireguard server by default enables DDNS with "Dual Stack" selected. Even if I choose "Use IPv6 only" it does not affect anything. Is there a specific step you believe I'm missing? When it's using IPv4, it clearly shows an "IPv4 Address" listed in the DDNS menu. When I select IPv6 only, nothing happens.

  0

  Comment actions Permalink
• 

  Firewalla

  • January 25, 2024 21:39

  Do you have another router in front of the firewalla that may be blocking incoming connections?

  0

  Comment actions Permalink
• 

  sedimentary

  • January 25, 2024 21:45

  I do not, it was fed straight from the modem.

  0

  Comment actions Permalink
• 

  sedimentary

  • February 23, 2024 14:05

  Are there any other ideas?

  0

  Comment actions Permalink
• 

  Firewalla

  • February 23, 2024 16:36

  Do you know if your ISP has another layer (firewall) that may block your IPv6 traffic from coming back to your router? I assume your ipv4 is NAT (or CGNAT?)

  0

  Comment actions Permalink
• 

  sedimentary

  • February 24, 2024 02:44

  Unfortunately I do not know.

  0

  Comment actions Permalink
• 

  Firewalla

  • February 24, 2024 17:15

  You should ask them for a public IPv4 or IPv6, without it, you really can't run VPN server. 

  0

  Comment actions Permalink
• 

  sedimentary

  • February 24, 2024 17:17

  I have a public IP, the VPN is running and it works perfectly fine when I'm connected to a network outside of my home. I just said I don't know what their configuration is for us as customers. I guess nobody knows why this is all issue?

  0

  Comment actions Permalink
• 

  sedimentary

  • February 24, 2024 17:20

  The problem is with IPv6 only. My cell carrier (T-Mobile) only gives you an IPv6 address on their network. Anyone else I know with T-Mobile has this same issue with my Firewalla Wireguard VPN. If I connect to a network which provides me an IPv4 address, everything works fine.

  I have tried DDNS, it does nothing in dual stack or IPv6 only. I've tried without DDNS, still no changes.

  0

  Comment actions Permalink
• 

  sedimentary

  • February 24, 2024 17:36

  After a brief call with my ISP, they do not offer a public IPv6.

  0

  Comment actions Permalink

Please sign in to leave a comment.