Hello,
could be someone from swisscom so kind and contact me offlist via email please.
our customer has a swisscom dsl connection and last week they changed these to v6. he already tried 3 times via swisscom helpdesk without success. the first level seems to have no idea about ds lite and v6... ;-/
we want to go back to v4 native. in customer center we have deactivated v6 - but it is still online via v6 and ds-lite
we did all what was explained: - switchoff modem for an hour - reboot 3 times router etc
effectively now the vpn is for sure not working via ds lite and carrier grade NAT....
thanks in advance
Stephan
Besten Dank.
Freundliche Grüsse, WolfSec-Support
WolfSec Postanschrift: Swiss Post Box: 104213 Zürcherstrasse 161 CH-8010 Zürich
SOLVED:
many thanks to all @ swisscom who helped me
issue solved.
for propperness:
it was CG NAT, not ds-lite
(I had a week ago an issue with UPC and ds-lite; so was my fault)
now back to dual stack and all works :)
have a nice weekend, cheers stephan
2017-10-27 9:00 GMT+02:00 WolfSec-Support support@wolfsec.ch:
Hello,
could be someone from swisscom so kind and contact me offlist via email please.
our customer has a swisscom dsl connection and last week they changed these to v6. he already tried 3 times via swisscom helpdesk without success. the first level seems to have no idea about ds lite and v6... ;-/
we want to go back to v4 native. in customer center we have deactivated v6 - but it is still online via v6 and ds-lite
we did all what was explained:
- switchoff modem for an hour
- reboot 3 times router etc
effectively now the vpn is for sure not working via ds lite and carrier grade NAT....
thanks in advance
Stephan
Besten Dank.
Freundliche Grüsse, WolfSec-Support
WolfSec Postanschrift: Swiss Post Box: 104213 Zürcherstrasse 161 CH-8010 Zürich
Well i only suspecting your try to use ipsec, wich is a crazy vpn solution. I would sugest to evaluate ssl based vpn in the future which naturally do not run into nat problems.
Just my five cents
Em 27 de outubro de 2017 03:00:18 AMT, WolfSec-Support support@wolfsec.ch escreveu:
Hello,
could be someone from swisscom so kind and contact me offlist via email please.
our customer has a swisscom dsl connection and last week they changed these to v6. he already tried 3 times via swisscom helpdesk without success. the first level seems to have no idea about ds lite and v6... ;-/
we want to go back to v4 native. in customer center we have deactivated v6 - but it is still online via v6 and ds-lite
we did all what was explained:
- switchoff modem for an hour
- reboot 3 times router etc
effectively now the vpn is for sure not working via ds lite and carrier grade NAT....
thanks in advance
Stephan
Besten Dank.
Freundliche Grüsse, WolfSec-Support
WolfSec Postanschrift: Swiss Post Box: 104213 Zürcherstrasse 161 CH-8010 Zürich
Roger
Well you are wrong. No ipsec.
With CGN outbound for sure no prob. But inbound due to CG NAT impossible.
Br Stephan
Am 28.10.2017 17:32 schrieb "Roger Schmid" roger@mgz.ch:
Well i only suspecting your try to use ipsec, wich is a crazy vpn solution. I would sugest to evaluate ssl based vpn in the future which naturally do not run into nat problems.
Just my five cents
Em 27 de outubro de 2017 03:00:18 AMT, WolfSec-Support support@wolfsec.ch escreveu:
Hello,
could be someone from swisscom so kind and contact me offlist via email please.
our customer has a swisscom dsl connection and last week they changed these to v6. he already tried 3 times via swisscom helpdesk without success. the first level seems to have no idea about ds lite and v6... ;-/
we want to go back to v4 native. in customer center we have deactivated v6 - but it is still online via v6 and ds-lite
we did all what was explained:
- switchoff modem for an hour
- reboot 3 times router etc
effectively now the vpn is for sure not working via ds lite and carrier grade NAT....
thanks in advance
Stephan
Besten Dank.
Freundliche Grüsse, WolfSec-Support
WolfSec Postanschrift: Swiss Post Box: 104213 Zürcherstrasse 161 CH-8010 Zürich
Hi,
On Sun, Oct 29, 2017 at 09:52:07AM +0100, WolfSec-Support wrote:
With CGN outbound for sure no prob. But inbound due to CG NAT impossible.
Run the VPN over IPv6?
In 2017 there shouldn't be any reason anymore to rely on IPv4...
Gert Doering -- NetMaster
The vpn needs to run on v4 Its not site 2 site in this case.
As all know it is still rare to get v6 access everywhere
But in general it would be better if an ISP informs the customer BEFORE such a change.
To implement CGN without making sure the customer gets a notice was simply the root of the problem
Br Stephan
Am 29.10.2017 10:12 schrieb "Gert Doering" gert@space.net:
Hi,
On Sun, Oct 29, 2017 at 09:52:07AM +0100, WolfSec-Support wrote:
With CGN outbound for sure no prob. But inbound due to CG NAT impossible.
Run the VPN over IPv6?
In 2017 there shouldn't be any reason anymore to rely on IPv4...
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi,
On Sun, Oct 29, 2017 at 10:32:03AM +0100, WolfSec-Support wrote:
The vpn needs to run on v4 Its not site 2 site in this case.
As all know it is still rare to get v6 access everywhere
But in general it would be better if an ISP informs the customer BEFORE such a change.
To implement CGN without making sure the customer gets a notice was simply the root of the problem
Yeah, it's quite unfortunate that IPv4 ran out so suddenly, barely 15 years after people were told to move towards IPv6.
Gert Doering -- NetMaster
Yeah, it's quite unfortunate that IPv4 ran out so suddenly, barely 15
years
after people were told to move towards IPv6.
sad but true
2017-10-29 10:33 GMT+01:00 Gert Doering gert@space.net:
Hi,
On Sun, Oct 29, 2017 at 10:32:03AM +0100, WolfSec-Support wrote:
The vpn needs to run on v4 Its not site 2 site in this case.
As all know it is still rare to get v6 access everywhere
But in general it would be better if an ISP informs the customer BEFORE such a change.
To implement CGN without making sure the customer gets a notice was
simply
the root of the problem
Yeah, it's quite unfortunate that IPv4 ran out so suddenly, barely 15 years after people were told to move towards IPv6.
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279