Allow IPv6 with cOS PPPoE

Post your thoughts and suggestions here!
Post Reply
SECOIT GmbH
Posts: 37
Joined: 13 Feb 2018, 16:20
Contact:

Allow IPv6 with cOS PPPoE

Post by SECOIT GmbH » 22 Apr 2018, 13:31

Currently PPPoE is limited to IPv4 in cOS Core when the integrated client is used.

Not sure if Germany is considered an important market for Clavister but here most smaller companies use an ADSL/VDSL connection which is established via PPPoE (in our case it 100% of our customers with less than 100 employees who use xDSL where only our bigger customers are willing to pay for a "professional" internet connection).

So concluding from our situations I believe it's fair to expect that most companies in Germany use an xDSL internet connection. I might be wrong though, just a guess from what I have seen out there.

When using Clavister cOS Core that basically leaves two options:
1. Use a modem/bridge and don't use IPv6 (in fact no option. it's an integral part of modern OS's and especially when communication with a lot Asian companies IPv6 is required unless you want to use an IPv4/IPv6 tunnel which has other disadvantages)
2. Use an external modem/router and do NAT to the firewall which has a lot disadvantages, mainly:
- Can't do "proper" IPSec since ESP won't be forwarded and NAT-T needs to be used since this setup will only pass TCP/UDP/ICMP but no other protocols
- Not all provider supported modems can do "full cone NAT" which means a lot of issues when doing VoIP for example or using an unsupported modem and potentially lose provider's support
- Troubleshooting can be a pain in the ... with this constellation since WAN traffic cannot be captured with most of the modems out there.


So please consider implementing IPv6 for PPPoE.
At least here in Germany I have not heard anything about PPPoE disappearing in the near future.
Best Rregards
Michael

Anton
Posts: 26
Joined: 16 Jun 2016, 18:50
Location: Clavister HQ - Örnsköldsvik

Re: Allow IPv6 with cOS PPPoE

Post by Anton » 27 Apr 2018, 08:56

Hello

As mentioned in the support ticket we have forwarded your feedback to product management. For now we will not investigate the possibility to implement IPv6 support for PPPoE. The reasoning for this is that PPPoE have or has been being phased out in most countries and its hard to to motivate the cost and time it would require to develop such support.

For example in Sweden PPPoE pretty much disappeared overnight a few years ago, question is not if but when will other countries follow the same path. Next month? Next year? 10 years from now? We just do not know.

Best regards
Anton

SECOIT GmbH
Posts: 37
Joined: 13 Feb 2018, 16:20
Contact:

Re: Allow IPv6 with cOS PPPoE

Post by SECOIT GmbH » 28 Apr 2018, 08:35

Hi Anton,

Many thanks for looking into this.
Don't get me wrong, I understand that Germany is probably not a big market since there are so many other established firewall brands here and also most IT consultants I'm getting in touch with don't fully understand IPv6 so they rather don't implement it at all so I would probably make the same decision if I was Clavister.

But I really like cOS core and I would like to stick with it so it would be still great if someone could be looking into this and provide a howto/workaround so IPv6 can be used with xDSL without being forced to be using NAT with IPv4 at the same time (because of the disadvantages I was already writing earlier and in fact there are a lot more).

Also IT systems change a lot and it they change fast. Not implementing a feature because it might disappear eventually (and I agree, PPPoE will disappear at some point) would mean that it's not worth implementing any feature at all. ;)

Anyway, if you guys have a good idea of how to use xDSL (with PPPoE) and IPv6 and not be forced to using IPv4 NAT at the same time on the WAN interface (by connecting an external modem/router) it would be great if you could share and it would make it a lot easier to live without the requested feature. Maybe there are some "dirty tricks" out there that I can't think of that would allow achieving something similar without any changes on cOS Core.

Many thanks!
Michael
Best Rregards
Michael

Post Reply