Page 1 of 1

Layer2 VPN packet filtering

Posted: Thu Jun 07, 2018 10:35 pm
by halacs

I have 2 mikrotik routers interconnected with a layer 2 VPN. Layer 2 because I need to use broadcast messages between the sites because of a DLNA server in use.

Is it possible somehow to block IPv6 IP address advertisements via the VPN? I want to avoid somehow to get IPv6 address from the other site.
And how is the IPv6 routing happen if a client has IPv6 address from both router? One IPv6 address from the local router and another one from the router at the other end of the VPN.

Thanks & br,

Re: Layer2 VPN packet filtering  [SOLVED]

Posted: Fri Jun 08, 2018 10:16 am
by Anumrak
You can block all frames with ethertype 0x86DD on bridge filter. Or, if you have some switches between routers, on them with L2 access list.

Re: Layer2 VPN packet filtering

Posted: Fri Jun 08, 2018 10:15 pm
by halacs
Is this the so called "MAC Protocol-Num" in winbox in the "New Bridge Filter Rule"? If yes, how can I filter only the inter-VPN advertisements? I cannot select VPN interface.

UPDATE: my problem seems to be solved with the above hint I got. I added a bridge filter for ipv6 MAC protocol plus the MAC address of the local bridge as source. IPv6 works well on both side without mixing the addresses. Thanks a lot!

Re: Layer2 VPN packet filtering

Posted: Sun Nov 17, 2019 7:20 pm
by halacs
Few days ago I have set EoIP tunnels between my two flats and have set VLAN-s too. All fine, but now I can't filter out the IPv6 address advertisements.

I tried to use the forward chain and the EoIP interface as the incoming interface with "86dd (ipv6)" MAC protocol, but PCs get IPv6 address from the other side of the EoIP tunnel as well. I have run out of the idea now.

"Fast forward" can have any effect on this?