Community discussions

MikroTik App
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jul 06, 2017 5:45 pm

Layer2 VPN packet filtering

Thu Jun 07, 2018 10:35 pm

Hi,

I have 2 mikrotik routers interconnected with a layer 2 VPN. Layer 2 because I need to use broadcast messages between the sites because of a DLNA server in use.

Is it possible somehow to block IPv6 IP address advertisements via the VPN? I want to avoid somehow to get IPv6 address from the other site.
And how is the IPv6 routing happen if a client has IPv6 address from both router? One IPv6 address from the local router and another one from the router at the other end of the VPN.

Thanks & br,
Halacs
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1180
Joined: Fri Jul 28, 2017 2:53 pm

Re: Layer2 VPN packet filtering  [SOLVED]

Fri Jun 08, 2018 10:16 am

You can block all frames with ethertype 0x86DD on bridge filter. Or, if you have some switches between routers, on them with L2 access list.
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jul 06, 2017 5:45 pm

Re: Layer2 VPN packet filtering

Fri Jun 08, 2018 10:15 pm

Is this the so called "MAC Protocol-Num" in winbox in the "New Bridge Filter Rule"? If yes, how can I filter only the inter-VPN advertisements? I cannot select VPN interface.

UPDATE: my problem seems to be solved with the above hint I got. I added a bridge filter for ipv6 MAC protocol plus the MAC address of the local bridge as source. IPv6 works well on both side without mixing the addresses. Thanks a lot!
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Jul 06, 2017 5:45 pm

Re: Layer2 VPN packet filtering

Sun Nov 17, 2019 7:20 pm

Few days ago I have set EoIP tunnels between my two flats and have set VLAN-s too. All fine, but now I can't filter out the IPv6 address advertisements.

I tried to use the forward chain and the EoIP interface as the incoming interface with "86dd (ipv6)" MAC protocol, but PCs get IPv6 address from the other side of the EoIP tunnel as well. I have run out of the idea now.

"Fast forward" can have any effect on this?

Who is online

Users browsing this forum: No registered users and 9 guests