By the way, wondering how other firewall vendors are actually resolving this?
El 20 oct 2025, a las 23:13, jordi.palet--- via ipv6-wg <ipv6-wg@ripe.net> escribió:
Yep, this seems a viable solution.
Tks!
Saludos, Jordi
@jordipalet
El 20 oct 2025, a las 22:56, Marek Zarychta via ipv6-wg <ipv6-wg@ripe.net> escribió:
W dniu 20.10.2025 o 16:49, jordi.palet--- via ipv6-wg pisze:
So how you fix this in the authenticator so it gathers both the IPv4 and IPv6 addresses and consequently open the firewall for both IPv4 and IPv6 of this user?
Fortinet appliances have supported NAT64 for quite some time without any issues. To simplify captive portal authentication in the network, you can configure Windows clients to operate in IPv6-only mode. If that’s not feasible, the setup described below might be helpful.
In our campus wireless network (which runs dual-stack), we’ve been advertising RDNSS servers via Router Advertisements that provide DNS64, along with a DHCPv4 configuration that includes option v6-only-preferred 43200. It seems that Android clients stop the DHCPv4 negotiation after receiving the first DHCPOFFER packet. Although the ISC-DHCP daemon doesn’t fully implement RFC 8925 as far as I know, this setup works fine - all recent Android devices switch to IPv6-only mode. Windows devices in this environment run in dual-stack mode with dual DNS servers (IPv6 with DNS64 and IPv4 without). As a result, Windows also primarily utilizes NAT64 for most connections.
Cheers
-- Marek Zarychta
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.