IPv6 and L2TP VPN

RouterOS General
1

Hello,

I am struggling to get IPv6 work with my L2TP server and I was hoping someone could advise.

I have a network with a router running Mikrotik version 6.35. IPv6 functions correctly within the network using SLAAC addresses. My L2TP clients connect successfully but only ever receive a link local ipv6 address. I have switched ipv6 to yes in the PPP profile and configured a /64 prefix pool but clients never receive an address other than link local.

Is there anything I can do to troubleshoot this issue? Does mikrotik 6.35 even support giving IPv6 addresses to L2tp clients?

Regards,
Achelon

2

same Problem
is there anyone to know about this? Advertising IPv6 on L2tp VPN (ipv4) ??

3

Hi,

Old topic but there is still no answer.
Would like to get it to work too.

Thanks!

4

Works fine for me. What clients are they? Note that you need to specify “remote ipv6 prefix pool” in the ppp profile.

5

Hello,

IPv6 over IPSec/L2TP works well, it gives you prefix, but not address, so it’s suitable for travel router that will share the prefix for you. The trick is in L2TP server’s default IPv6 firewall rules:
/ipv6 firewall filter

add action=drop chain=input comment=“defconf: drop everything else not coming from LAN” in-interface-list=!LAN

add action=drop chain=forward comment=“defconf: drop everything else not coming from LAN” in-interface-list=!LAN

I changed them to:

add action=accept chain=input comment=“allow from VPN” in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=input comment=“defconf: drop everything else not coming from LAN” in-interface-list=!LAN

add action=accept chain=forward comment=“allow from VPN” in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=forward comment=“defconf: drop everything else not coming from LAN” in-interface-list=!LAN

and everything started to work. Client configuration:
/interface l2tp-client add name=l2tp-out1 connect-to=VpnServer user=VpnUser password=VpnPassword use-ipsec=yes ipsec-secret=VpnSecret allow=mschap2 add-default-route=yes allow-fast-path=yes disabled=no
/ipv6 dhcp-client add add-default-route=yes interface=l2tp-out1 pool-name=l2tp-ipv6 request=prefix
/ipv6 address add address=::/64 from-pool=l2tp-ipv6 interface=bridge advertise=yes disabled=no eui-64=no no-dad=no

6

I am so lucky to get great answer at my first time, thanks!

7

Is there a way with a laptop and/or iphone to obtain a single IPv6 address with L2TP tunnel?