Page 1 of 1

IPv6 and L2TP VPN

Posted: Sat Apr 23, 2016 9:46 pm
by achelon
Hello,

I am struggling to get IPv6 work with my L2TP server and I was hoping someone could advise.

I have a network with a router running Mikrotik version 6.35. IPv6 functions correctly within the network using SLAAC addresses. My L2TP clients connect successfully but only ever receive a link local ipv6 address. I have switched ipv6 to yes in the PPP profile and configured a /64 prefix pool but clients never receive an address other than link local.

Is there anything I can do to troubleshoot this issue? Does mikrotik 6.35 even support giving IPv6 addresses to L2tp clients?

Regards,
Achelon

Re: IPv6 and L2TP VPN

Posted: Sat Jul 16, 2016 10:32 am
by irghost
same Problem
is there anyone to know about this? Advertising IPv6 on L2tp VPN (ipv4) ??

Re: IPv6 and L2TP VPN

Posted: Wed Sep 05, 2018 11:54 pm
by martin3444
Hi,

Old topic but there is still no answer.
Would like to get it to work too.

Thanks!

Re: IPv6 and L2TP VPN

Posted: Thu Sep 06, 2018 12:25 am
by mducharme
Works fine for me. What clients are they? Note that you need to specify “remote ipv6 prefix pool” in the ppp profile.

Re: IPv6 and L2TP VPN

Posted: Thu Jul 11, 2019 5:35 pm
by kalamaja
Hello,

IPv6 over IPSec/L2TP works well, it gives you prefix, but not address, so it's suitable for travel router that will share the prefix for you. The trick is in L2TP server's default IPv6 firewall rules:
/ipv6 firewall filter
...
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
....
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

I changed them to:
...
add action=accept chain=input comment="allow from VPN" in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
...
add action=accept chain=forward comment="allow from VPN" in-interface-list=dynamic log=yes log-prefix=DYNACCEPT:
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

and everything started to work. Client configuration:
/interface l2tp-client add name=l2tp-out1 connect-to=VpnServer user=VpnUser password=VpnPassword use-ipsec=yes ipsec-secret=VpnSecret allow=mschap2 add-default-route=yes allow-fast-path=yes disabled=no
/ipv6 dhcp-client add add-default-route=yes interface=l2tp-out1 pool-name=l2tp-ipv6 request=prefix
/ipv6 address add address=::/64 from-pool=l2tp-ipv6 interface=bridge advertise=yes disabled=no eui-64=no no-dad=no

Re: IPv6 and L2TP VPN

Posted: Sat Jul 13, 2019 6:22 am
by EmmaSorensen
I am so lucky to get great answer at my first time, thanks!