I have started with the network migration today. There is now a fritzbox between the UPC ConnectBox and my router. For IPv4 this now means triple NAT \o/.
One of the most important task was to make my FreeBSD routers SSH port accessible from the internet.
What I have tried:
- Wireguard: The FreeBSD go package uses SSE2 which results in an illegal hardware instruction. :-S
- Reverse SSH: Yes it works. But I want something better.
- IPv6: Following steps were necessary to get it working:
- Disable the IPv6 Firewall on the ConnectBox
- Enable IPv6 support on the Fritzbox
- Disable “DHCPv6 Rapid Commit” on the Fritzbox.
- Enable IA_PD and IA_NA on the LAN side of the Fritzbox
- Configure my router as “Ipv6 Exposed Host” on the Fritzbox
Now what I have to think about: Do I trust the Fritzbox enough as a firewall?