Tech

IPv6 and NAT

Published on:

October 30, 2013

IPv6 was designed to eliminate the need for network address translation (NAT) that became necessary with IPv4 due to the limited number of IP addresses. While IPv6 provides an abundance of addresses, NAT is still being considered by some firewall manufacturers as a necessary feature. For SIP clients, NAT behind IPv6 should work fine, as connection-oriented SIP packets like TCP or TLS handle responses naturally. The main issue with NAT and IPv6 arises when servers inside a network need to be accessed. The solution is simple: configure firewalls to forward packets to the PBX server, maintaining the security of internal devices while enabling remote connectivity.

One of the core goals of IPv6 was to get rid of the unfortunate network address translation (NAT) introduced with IPv4 and the foreseeable lack of IPv4 addresses for every connected device. Especially for SIP, NAT was a disaster that caused so much trouble SIP almost didn't make it into the real world.

While there are plenty of IPv6 addresses, it doesn't mean NAT will be completely a matter of the past. I was a little shocked when I saw discussions about NAT for IPV6. What I thought would be completely useless seems to have been picked up by firewall manufacturers as a must-have feature for their next generation firewall products. But on a second thought, at the end of the day what should be achieved here is devices in the private network should be accessible from the outside only for connections they have actually initiated. For SIP clients, this is perfectly okay. Actually, I even believe running a SIP IPv6 client behind a NAT for IPv6 with snom ONE would work perfectly fine. I couldn't try it out but, looking at the mechanisms, it should be working fine: SIP packets using TCP or TLS are connection-oriented anyway; SIP UDP packets are usually tagged with received parameters, so the responses find their way back without any issues. RTP packets are also automatically sent back where they come from, and I don’t see a reason why this shouldn't work with IPv6.

The only problem I see with NAT and IPv6 are servers that run in the LAN - we know this problem well from IPv4. The good news, however, is it will be relatively simple to get this working perfectly: all that's needed is that the firewall makes an exception for the device in the LAN so packets are forwarded to the PBX server. This will even work well with remote workers.

A well-designed firewall will be great for IPv6 and SIP. Companies won't lose any feature they had with IPv4; instead, they will finally have the opportunity to expose exactly those servers and services they want to (which includes SIP) while keeping clients protected from the public Internet.

Derniers articles

Voir tous

Keycloak OpenID Connect Integration for the Vodia PBX

Vodia’s PBX now integrates with Keycloak OpenID Connect, providing secure single sign-on for users so they can access all connected applications without repeated authentication. Logging out from one application automatically logs the user out of all connected systems, simplifying user management and improving security. Keycloak, a Cloud Native Computing Foundation project, supports standard protocols including OpenID Connect, OAuth 2.0, and SAML, offering enterprise-grade identity and access management. To ensure proper integration, Keycloak user emails must match the corresponding PBX extension emails. Complete guidance is available in the Vodia Keycloak integration guide, with additional details in the Keycloak official documentation.

September 12, 2025

Vodia Announces Partnership with Comms Group Global

Vodia Networks has announced a strategic distribution partnership with Comms Group Global (ASX: CCG), aiming to expand the reach of its feature-rich cloud PBX solutions across APAC and EMEA. Through this collaboration, Comms Group Global will serve as an official reseller, providing businesses of all sizes with scalable, secure, and integrated telephony solutions. Customers will benefit from advanced call management features, Microsoft Teams integration, and robust security standards, while also gaining access to Comms Group’s SIP coverage in over 65 countries. The partnership enables a streamlined “one-touch” provisioning process, ensuring fast and seamless deployment for enterprises and SMEs seeking to improve efficiency and reduce operational costs.

September 8, 2025

Why Fax Still Matters in 2025 and How Vodia Makes It Easy

Although many consider fax outdated, it continues to play a crucial role in sectors where compliance, confidentiality, and legal proof of delivery are non-negotiable. Healthcare providers rely on fax to meet HIPAA requirements, while industries such as finance, law, and real estate depend on it for contracts and documents that require signatures or legally verifiable transmission. Unlike email, fax offers confirmation reports that serve as proof of receipt, along with time-stamped records that hold up in legal proceedings. With Vodia’s PBX, digital fax becomes faster, easier, and more accessible than ever before, enabling users to drag and drop documents, monitor transmission progress, and receive immediate confirmations.

September 5, 2025