Community discussions

MikroTik App
 
achelon
just joined
Topic Author
Posts: 15
Joined: Wed Dec 25, 2013 7:30 pm

IPv6 and L2TP VPN

Sat Apr 23, 2016 9:46 pm

Hello,

I am struggling to get IPv6 work with my L2TP server and I was hoping someone could advise.

I have a network with a router running Mikrotik version 6.35. IPv6 functions correctly within the network using SLAAC addresses. My L2TP clients connect successfully but only ever receive a link local ipv6 address. I have switched ipv6 to yes in the PPP profile and configured a /64 prefix pool but clients never receive an address other than link local.

Is there anything I can do to troubleshoot this issue? Does mikrotik 6.35 even support giving IPv6 addresses to L2tp clients?

Regards,
Achelon
 
irghost
Member
Member
Posts: 302
Joined: Sun Feb 21, 2016 1:49 pm

Re: IPv6 and L2TP VPN

Sat Jul 16, 2016 10:32 am

same Problem
is there anyone to know about this? Advertising IPv6 on L2tp VPN (ipv4) ??
 
martin3444
newbie
Posts: 25
Joined: Tue Jul 24, 2018 1:58 am

Re: IPv6 and L2TP VPN

Wed Sep 05, 2018 11:54 pm

Hi,

Old topic but there is still no answer.
Would like to get it to work too.

Thanks!
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPv6 and L2TP VPN

Thu Sep 06, 2018 12:25 am

Works fine for me. What clients are they? Note that you need to specify “remote ipv6 prefix pool” in the ppp profile.
 
kalamaja
Member Candidate
Member Candidate
Posts: 112
Joined: Wed May 23, 2018 3:13 pm

Re: IPv6 and L2TP VPN

Thu Jul 11, 2019 5:35 pm

Hello,

IPv6 over IPSec/L2TP works well, it gives you prefix, but not address, so it's suitable for travel router that will share the prefix for you. The trick is in L2TP server's default IPv6 firewall rules:
/ipv6 firewall filter
...
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
....
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

I changed them to:
...
add action=accept chain=input comment="allow from VPN" in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
...
add action=accept chain=forward comment="allow from VPN" in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

and everything started to work. Client configuration:
/interface l2tp-client add name=l2tp-out1 connect-to=VpnServer user=VpnUser password=VpnPassword use-ipsec=yes ipsec-secret=VpnSecret allow=mschap2 add-default-route=yes allow-fast-path=yes disabled=no
/ipv6 dhcp-client add add-default-route=yes interface=l2tp-out1 pool-name=l2tp-ipv6 request=prefix
/ipv6 address add address=::/64 from-pool=l2tp-ipv6 interface=bridge advertise=yes disabled=no eui-64=no no-dad=no
 
EmmaSorensen
just joined
Posts: 2
Joined: Fri Jul 12, 2019 11:10 am

Re: IPv6 and L2TP VPN

Sat Jul 13, 2019 6:22 am

I am so lucky to get great answer at my first time, thanks!
 
hci
Long time Member
Long time Member
Posts: 674
Joined: Fri May 28, 2004 5:10 pm

Re: IPv6 and L2TP VPN

Mon Nov 22, 2021 7:16 pm

Is there a way with a laptop and/or iphone to obtain a single IPv6 address with L2TP tunnel?

Who is online

Users browsing this forum: johnson73, Marc1963 and 45 guests