First of all I want to wish you guys a happy new year !
I’m new to the Mikrotik community and hardware. I’ve changed my ISP on my 2 location and with the new one I’m able to buy and setup my own router of internet access and I’ve choosen Mikrotik to do so.
What I need to do next is to create a IPsec tunnel between my routers. I’ve managed to do so with the public IPv4 addresses but they are not fixed so instead of going the dyndns way (my last option) I would like to go with IPv6 has my ISP stated : the assigned IPv6 /48 prefix is static, but keep my LANs IP configuration in IPv4 as it is more human friendly and already setup.
I’ve tried to use the address I have in “Local IPv6 Address” in the pppoe-out interface in the peer configuration of IPsec but it doesn’t establish the connection (probably because of firewall rules).
I’ve did a little research on the forum and found some posts approaching the subject but with no clear answer to me. Do someone have a setup procedure to follow to have this configuration realized ?
I know for certain that you can configure a GRE6 tunnel with IPsec secret and it will establish a multi-protocol tunnel that you can use to route IPv4 or IPv6 (set endpoint addresses e.g. a /30 and use statuc routing or autorouting).
Maybe you are trying to use IPsec policies directly? Don’t know if that works cross-protocol.
Make sure the IPv6 address you have on the PPPoE interface is routable. Can you directly ping between the two addresses?
First of all what kind of tunnel : ah good question, I followed this tutorial (https://www.youtube.com/watch?v=uVag_e475zc) to build a site-to-site VPN tunnel so I can access both my sites LAN. I don’t know what kind of tunnel specific is that.
In my IPsec policies I used my IPv4 LAN address
How to check if my IPv6 is routable ? I’ve tried to ping the address in the other router terminal but it say : pinging IPv6 link-local address requires that interface...
I’ve chosen IPsec because I’ve read it was good for permanant tunnels.
From the ping test I can see that my setup need some kind of IPv6 configuration / rules. I have fe80::xx:xx:xx:x addresses as “Local IPv6 address” on the routers
That means it is a local address, not routable. You need something that starts with a 2.
So that is likely the reason it does not work, first get that working. You need to check how your ISP will want you to configure the router to get an IPv6 address. And if they even offer you IPv6.
Usually with PPPoE they will expect you to configure a DHCPv6 client that requests prefixes, and you specify a “pool name” where those prefixes are put. Then you configure an IPv6 address on the interface “from pool” with the same name.
Check if you get a 2xxx:…. address on your PPPoE now and if you can ping between them.
Thx for all the info, we are on holidays at the moment so I’m going to go with the dynDNS version as for now and dig those info from my ISP and search for info on how to configure PPPoE with IPv6 later next week. Coming back here when I’ve made some advance on the subject.