Hi,
I’m currently trying to figure out how to get my Mikrotik SXT-LTE kit to send IPv4 packets over an IPv6 Tunnel.
(This is part of an emergency out of band access system. The hosts at the Mikrotik location only get private IPv4 addresses.
In the end we want to use nat64 on the Fortigate to reach the hosts behind the Mikrotik in case all other connections to the location are broken.)
The setup:
host B—(IPv4)—SXT-LTE kit-(IPv6)—[internet]—(IPv6)-Fortigate FW—(IPv4)—host A
Host A should be able communicate with host B and others in the same network over an encrypted site-to-site tunnel.
We receive a fixed public /64 prefix from the LTE provider which requires to configure the APN to use IPv6 only.
What I did so far:
- create an IPv6 IPsec Tunnel between the SXT and a Fortigate Firewall (using a GRE6 Interface on the SXT and a “normal” encrypted VPN on the Fortigate)
- create routes for the hosts on both sides which point to the tunnel interfaces
- both tunnel Interfaces have /32 v4 IPs configured
- create policies to allow the traffic on both ends (IPv4 and v6)
I can verify that pings from host A reach host B but on the way back are not getting sent through the tunnel by the SXT.
This is the farthest I got the packets to go.
I also tried a dedicated v4 gre tunnel over a v6 ipsec tunnel but here traffic would stop at the fortigate already.
tia for your suggestions.