W dniu 20.10.2025 o 16:49, jordi.palet--- via ipv6-wg pisze:
So how you fix this in the authenticator so it gathers both the IPv4 and IPv6 addresses and consequently open the firewall for both IPv4 and IPv6 of this user?
Fortinet appliances have supported NAT64 for quite some time without any issues. To simplify captive portal authentication in the network, you can configure Windows clients to operate in IPv6-only mode. If that’s not feasible, the setup described below might be helpful. In our campus wireless network (which runs dual-stack), we’ve been advertising RDNSS servers via Router Advertisements that provide DNS64, along with a DHCPv4 configuration that includes option v6-only-preferred 43200. It seems that Android clients stop the DHCPv4 negotiation after receiving the first DHCPOFFER packet. Although the ISC-DHCP daemon doesn’t fully implement RFC 8925 as far as I know, this setup works fine - all recent Android devices switch to IPv6-only mode. Windows devices in this environment run in dual-stack mode with dual DNS servers (IPv6 with DNS64 and IPv4 without). As a result, Windows also primarily utilizes NAT64 for most connections. Cheers -- Marek Zarychta