Another problem with WLAN diagnostics, the AccesPoints are categorized by SSID and not by MAC address.

Since 3 different AccesPoints share the network coverage across 3 corners in my house, they all have the same SSID.

It then looks like this:

If you now rename each AP individually it will look like this:

Hello everyone

I have now activated IPv6 on the IB - but have now encountered a problem.

After the IB crashed (separate problem), the Windows box no longer reaches the IPv6 DNS server because the IPv4 address (and thus the IPv6 subnet) has changed.

Windows continues to use the DNS server with the old global unicast address for DNS queries - ipconfig /release6 and ipconfig /renew6 are not enough - the interface has to be switched off and on again…

Therefore, I am of the opinion that it would make more sense to enter the link-local address of the Internet box as the DNS server in the router advertisement…

Hello

The IPv6 firewall also seems more like a joke: you don’t know what standard really means - what is really being blocked?

You would also like to be able to set rules per address or host - which I couldn’t find anywhere.

It’s pretty medieval if I have to open ports for all devices because of one device?!

It is not built in the Middle Ages but in such a way that it is suitable for the vast majority of customers, i.e. those without high technical requirements and/or technical know-how.

Hello

…and when will IP forwarding (IP passthroug / 1:1 NAT) come so that a site-to-site VPN (IPsec) can be done again via Zyxel USG? I’m still waiting for this function so that I can finally switch from the ISDN VDSL router (Motorola7347-84) and CentroPiccolo (Motorola 7640-47) to the internal box with DECT (VoIP).

Greetings

Neanderthals

This shouldn’t have a high priority either because a run-of-the-mill user doesn’t need it. And for companies that need this, there are appropriate solutions available through the business customer department.

Thanks for the clear answers.

What alternatives do I have as a private customer to do site-to-site VPN (network-network not client-network)?

Specifically, I currently have this in operation between my home and my holiday apartment. This has been working smoothly for years. But if I finally have to switch to VoIP in 2017 (ISDN and POTS will be switched off) I should have an alternative. The Internet box is ideal because it has the DECT base station integrated. But how do I then solve the VPN issue?

Greetings

Neanderthals

Quick note in advance: IP forwarding makes no sense: you can plug the SFP into any “decent” switch, accept VLAN 10 and forward it to a router (or you can have a router with an SFP slot).

I solved exactly your scenario (Neanderthal) - because I also want telephony; However, I would still like the SIP data…

But before you read my complicated instructions: This would also work with Double NAT, but you would then have no IPv6 functionality…

I use pfSense (192.168.1.2) and a Layer3 switch (192.168.1.254) for the whole thing.

1. First, I deactivated DHCP on the SC router and activated the DHCP server on pfSense. The pfSense DHCP server sets the default gateway to 192.168.1.254 (Layer3 switch) and itself as a DNS server. (If you don’t want to purchase a Layer3 switch, you can also define pfSense as the default gateway via DHCP)

2. On the Layer-3 switch I then specified that all traffic to 192.168.0.0/16 should be routed to 192.168.1.2, 0.0.0.0/0 to 192.168.1.1

3. I then entered on the Swisscom router that 192.168.1.2 should be used as the DNS server (otherwise I would get incorrect DNS answers via IPv6)

4. I entered an OpenVPN server on pfSense (remote site then client)

5. On the Swisscom router (on the OpenVPN server side) the necessary ports are NAT-forwarded to the pfSense.

Important, of course not both sides of the VPN tunnel must have 192.168.1.0/24 as the network address

(Final note: The clever professional will be bothered by the ICMP redirects generated by the Layer3 switch. Unfortunately, in my opinion, this cannot be prevented in a meaningful way)

Yes, sorry, the IB+ is also available with DSL - I hadn’t considered that.
But the following remains:
IP forwarding and VoIP hardly go together - and if you do without VoIP, you should actually be able to use your own DSL modem…

Due to the lack of ALLIP here in the village, I don’t yet have access to an IB (with or without +). I use a Fritzbox myself and am happy with it so far. But I want a TriplePlay provider and now I have to work out the various solutions.

My question goes along the same lines as asked above:

Does the IB have no way of defining a Anschluss as a DMZ, which means I can essentially put my UTM box completely out there and thus put the WAN Anschluss of the internal LAN ‘directly’ on the Internet -> so the UTM would offer all security-relevant and VPN options and serve my home network behind it.

Above we talked about VLAN10:

Does all Swisscom traffic come in separate VLANs? So telephony, TV and Internet in 3 separate VLANs? That would be important for understanding from time to time and if that is the case, you would have to set the package size to 1492 in the home network gateway in order to do the repacking on the high-performance devices. If the data streams were separated, I would not be able to use a DMZ solution, for example, without establishing a separate VLAN - only for S-TV - on the internal LAN. This wouldn’t really be a problem with centrally routed cables.

It would be nice to get some background information.

Hello alska65,

if you want to use a router other than Swisscom. You have to have VLAN 10 and DHCP option 60

Set “100008,0001,xxx fw dhclient” variable, otherwise you may not get a connection. It is best to use the CP as a bridge, see [here](http://www.tuxone.ch/2012/11/betriebsmodi -swisscom-centro-routers.html). Disadvantage Firmware does not support vectoring.