I’m using RouterOS 7.10.1 with a RB760iGS
I have a dual-ISP set up, where each of the providers come into a separate ethernet interface which lives in its own VRF. One uses DHCP/DHCPv6 over ethernet (Starlink) and the other (Stix) uses PPPOE but does not provide me with IPv6. For the purposes of this, I’m aware that I won’t be able to establish my L2TP tunnel over IPv6 with the provider that doesn’t support IPv6.
I then configure an L2TP tunnel to another ISP (Andrews and Arnold), and if I use their IPv4 endpoint as the connect-to with the relevant vrf name, I can get the tunnel to be created via whichever of the providers I use.
So for example:
/interface/l2tp-client/set 0 connect-to=l2tp.aa.net.uk@starlink-vrf
will establish the L2TP tunnel over the “starlink-vrf” and if I swap it to “stix-vrf” then the L2TP connection is established over my other provider. This works really well.
However, according to the “Support Features” list at https://help.mikrotik.com/docs/pages/viewpage.action?pageId=328206#VirtualRoutingandForwarding(VRF)-Supportedfeatures - VRF is not supported for PPTP in IPv6. So instead of explicitly referencing a VRF in the IPv6 L2TP “connect-to”, I use the IPv6 address of the IPv6 L2TP endpoint (l2tp-client doesn’t seem to support looking up AAAA records for the connect-to address). I then leak the v6 L2TP endpoint from the relevant VRF into my “main” VRF.
/ipv6/route/add dst-address=2001:8b0:0:53::19 gateway=2a0d:3344:100:ffff::1@starlink-vrf
At this point, with the l2tp-client disabled, I can ping the ipv6 l2tp endpoint without any problems (and most importantly, without specifying a VRF, so it’s using the “main” VRF):
/tool/ping 2001:8b0:0:53::19
and the ping traffic passes over the starlink-vrf and I get icmp-echo replies. I can verify this by sniffing for the traffic on the starlink interface and I see the queries go out, and replies come back.
However, the moment I enable the pptp client, I see debug entries like the following:
23:03:42 l2tp,ppp,info aaisp-l2tp: initializing…
23:03:42 l2tp,ppp,info aaisp-l2tp: connecting…
23:03:42 l2tp,debug tunnel 12 entering state: wait-ctl-reply
23:03:42 l2tp,debug,packet sent control message to 2001:8b0:0:53::19:1701 from 2a0d> :3344:> 100:ffff:a99:ffff:ffff> :1f6c:> 1701
23:03:42 l2tp,debug,packet proto version 2, tunnel-id=0, session-id=0, ns=0, nr=0
23:03:42 l2tp,debug,packet (M) Message-Type=SCCRQ
23:03:42 l2tp,debug,packet (M) Protocol-Version=0x01:00
23:03:42 l2tp,debug,packet (M) Framing-Capabilities=0x1
23:03:42 l2tp,debug,packet (M) Bearer-Capabilities=0x0
23:03:42 l2tp,debug,packet Firmware-Revision=0x1
23:03:42 l2tp,debug,packet (M) Host-Name=“MikroTik”
23:03:42 l2tp,debug,packet Vendor-Name=“MikroTik”
23:03:42 l2tp,debug,packet (M) Assigned-Tunnel-ID=0x00:0c
23:03:42 l2tp,debug,packet (M) Receive-Window-Size=4
However, no packets pass over the starlink interface and the l2tp tunnel fails to come up. The moment I swap back to:
/interface/l2tp-client/set 0 connect-to=l2tp.aa.net.uk@starlink-vrf
The l2tp tunnel happily establishes using IPv4.
Does anyone have any ideas? I’ve tried adding ipv6 firewall filter rules at the top of the stack that allow everything on the input/output/forward chains. No difference.