I run two CCR2216-1G-12XS-2XQ with RouterOS 7.12.1 (will update to 7.14 soon).
I already have a well working IPv4 setup which I only wanted to extend to IPv6.
The routers have IPv6 PI space of which I intend to use e.g. a /48 to have the OpenVPN server give out IPv6 prefixes to clients.
This is the relevant (lab) config I have so far ....
Code: Select all
/ipv6 pool
add name=ovpn-pool prefix=2001:db8:9999::/48 prefix-length=64
/ppp profile
add local-address=172.16.0.1 name=ovpn remote-address=ovpn-pool remote-ipv6-prefix-pool=ovpn-pool
/interface ovpn-server server
set auth=sha256,sha512 certificate=mikrotik-rt-01 cipher=blowfish128,aes128-cbc,aes256-cbc default-profile=ovpn enable-tun-ipv6=\
yes enabled=yes ipv6-prefix-len=48 tun-server-ipv6=2001:db8:9999::1
I am a little confused about the required config options for IPv6 of the OpenVPN Server:
1) What do ipv6-prefix-len and tun-server-ipv6 actually configure? How do they correlate? What relation is there to the prefix-length of the ipv6/pool?
2) Is tun-server-ipv6 some relative address for each OpenVPN interface / connection, or global for the whole server? According to https://help.mikrotik.com/docs/display/ ... Properties the default is "::"? I seem to be unable to restore it to the default:
Code: Select all
[admin@mikrotik-rt-01] /interface/ovpn-server/server> set tun-server-ipv6="::"
failure: zero ipv6 device identifier is not supported
4) Regarding ipv6-prefix-len:
a) If I set this to /48 I see OpenVPN client complaining:
b) If I set this to /64 it works addressing-wise (and makes sense in relation to the ipv6/pool):Options error: ifconfig-ipv6: /netbits must be between 64 and 124, not '/48'
but I cannot ping any interface on the router (OpenVPN server) (even if manually setting a route via the VPN tun) and also the configured GW / tun-server-ipv6 is not reachable as it's not within the client's /64.net_addr_v6_add: 2001:db8:9999:1::/64 dev tun0