UPC/Magenta Fritzbox and IPv6 Prefix Delegation

I have started with the network migration today. There is now a fritzbox between the UPC ConnectBox and my router. For IPv4 this now means triple NAT \o/.

One of the most important task was to make my FreeBSD routers SSH port accessible from the internet.

What I have tried:

  • Wireguard: The FreeBSD go package uses SSE2 which results in an illegal hardware instruction. :-S
  • Reverse SSH: Yes it works. But I want something better.
  • IPv6: Following steps were necessary to get it working:
    • Disable the IPv6 Firewall on the ConnectBox
    • Enable IPv6 support on the Fritzbox
    • Disable “DHCPv6 Rapid Commit” on the Fritzbox.
    • Enable IA_PD and IA_NA on the LAN side of the Fritzbox
    • Configure my router as “Ipv6 Exposed Host” on the Fritzbox

Now what I have to think about: Do I trust the Fritzbox enough as a firewall?