T-Mobile nat64 IPv6 Issue

[cyberk]

Team,

I'm hoping for some help in resolving this issue, starbucks gift card to whomever fixes it for me , lol

I'm on T-Mobile and am using Sophos UTM as my openVPN server.

Recently, when connecting to my vpn while on the T-Mobile network, T-Mobile is assigning an ipv6 (nat64) IP to my server's IPv4 address. I connect via a FQDN with an A record, but instead of seeing my usual IPv4 address on the iOS client, it shows up the made up T-Mobile ipv6 address for my server.

This seems to result in a missing route in openvpn, at first this fixed itself when I enabled "seamless tunnel" in my iOS openvpn client, when enabled, i would see my usual ipv4 address in the client, but now it's back to not working and showing me that weird ipv6 nat64 address.

I connect via UDP and I've tried this on several ports, both tcp and udp

iOS 10.2
T-Mobile 27.1
Iphone 7+
OpenVPN Connect 1.0.7 build 199 (iOS 64-bit)

Any assistance would be truly appreciated, if there are any details I've left out, please ask and I will do my best to provide

[cyberk]

PS: here are some related posts and links to other forums I've posted in

viewtopic.php?t=21989

Other pleas for help:
https://community.sophos.com/products/u ... nd-openvpn

https://www.reddit.com/r/tmobile/commen ... pv6_nat64/

[TinCanTech]

What service do you use for your Server FQDN ?

[cyberk]

What service do you use for your Server FQDN ?

a domain name that I own, in this particular case, a sub-domain with the format, vpn.mydomain.net.

There's some traction on this in the t-mobile reddit link that i posted

[TinCanTech]

Can you assign an IPv6 address to your FQDN ?

[cyberk]

Can you assign an IPv6 address to your FQDN ?

I can, but I fear this "ipv6" address would only exist within the t-mobile network...in any case, I'll try it

[cyberk]

I put everything in, I'm still unable to reach devices behind my VPN

[TinCanTech]

Can you connect to your VPN over IPv6 now ?

Or is this a separate problem ?