We’re currently using an IPsec VPN on a FortiGate device for remote access because SSL has reached EOL. Our entire network, including both internal and public IP addresses, is IPv4-only (no IPv6). Here’s a rough summary of our setup:
Issue Summary:
The IPsec VPN is configured correctly; users on Wi-Fi can connect and access the internal NVR server (10.0.0.4) without issues. However, cellular clients using IPv6-enabled ISPs experience the following problems:
Troubleshooting Steps Taken:
Enabled IPv6 Mode Config:
Result of IPv6 Mode Config:
Adjusted IPv6 Split Tunnel to Match Resolved IPv6 Address:
DNS Configuration Changes
Current Situation:
In summary, we have no native IPv6 configuration on our public-facing interface or internal network. Despite this, when cellular clients connect via the IPsec VPN, they can’t access the internet and can’t stream RTSP live views unless IPv6 mode config is set to “All.” However, setting this to “All” blocks internet traffic entirely.
My Questions:
Hopefully someone can help me, this issue is driving us (me) crazy.
PS: We have tried chancing NAT Transversal from [Enable] to [Disable] to [Forced], did not resolve the issue.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1062 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.