Community discussions

 
choletzke
just joined
Topic Author
Posts: 4
Joined: Tue Oct 11, 2016 9:47 pm

IPv6 Tunnel over https

Tue Oct 11, 2016 9:56 pm

Hi,

i have a problem with TCP 443 and tunnel over ipv6 with mikrotik.
ovpn or sstp and all other methods work only with ipv4. Only my raspberry
will provide for me a solution to become a tunnel from china to europe.

i think that metarouter openwrt will work to, but the world need a native
ipv6 tunnel support over https like TCP 443. When will router os provide
this service? or have anyone other solution for this. ipsec gre ipip work
over other protocols that are blocked in hotels etc...

thanks for solutions and answers
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: IPv6 Tunnel over https

Wed Oct 12, 2016 6:27 pm

I am not 100% sure what you are asking, but if its about creating an IPv6 tunnel over IPv4 then....


What you are looking for is a 6to4 tunnel which you can create once you have enabled Ipv6 on the router. You can obtain a free tunnel broker account from Hurricane Electric @ https://tunnelbroker.net

Example Config:
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=x.x.x.x mtu=1280 name=sit1 remote-address=y.y.y.y
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:1234:1234:1234:1 scope=30 target-scope=10
/ipv6 address add address=2001:1234:1234:1234::2/64 advertise=no disabled=no eui-64=no interface=sit1
You will need a static IP, or set up the Mikrotik to update the Tunnel IP when its IP changes. There are scripts available for that using their API.

TCP 443 is HTTPS....
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: IPv6 Tunnel over https

Wed Oct 12, 2016 6:39 pm

He wants IPv6 support in OVPN / SSTP

Currently, the clients for dial-out VPN connections don't support an IPv6 address for the remote host.

There are some static tunnel interface types which support IPv6:
IPIPv6
GREv6
EoIPv6

However these aren't encrypted by default (I suppose an IPv6 IPSec SA could be built as well) and require both ends to be static IP addresses and pre-configured. OP wants to be able to use road warrior VPN functionality, but over IPv6.

I agree that this should be done.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: IPv6 Tunnel over https

Wed Oct 12, 2016 6:43 pm

Ahh ok, thanks for the explanation :)
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
choletzke
just joined
Topic Author
Posts: 4
Joined: Tue Oct 11, 2016 9:47 pm

Re: IPv6 Tunnel over https

Wed Oct 12, 2016 6:44 pm

Exactly i need IPv6 support for OVPN/SSTP. IPIPv6,GREv6 or EoIPv6 have
other Protocols and not running over 443 https.
 
ivanfm
newbie
Posts: 47
Joined: Sun May 20, 2012 5:07 pm

Re: IPv6 Tunnel over https

Sat Oct 15, 2016 11:09 pm

I'm using IPV6 on SSTP VPN with mikrotik.

The server does not pull the address for client, but if you configure static address and routes the ipv6 traffic goes fine.

Will be very nice if mikrotik get the IP from radius and pull to the client.
 
choletzke
just joined
Topic Author
Posts: 4
Joined: Tue Oct 11, 2016 9:47 pm

Re: IPv6 Tunnel over https

Mon Oct 17, 2016 12:54 am

Can you give me a quick config for this over Sstp :)
 
ivanfm
newbie
Posts: 47
Joined: Sun May 20, 2012 5:07 pm

Re: IPv6 Tunnel over https

Tue Oct 18, 2016 9:35 pm

Create your SSTP VPN as documented here :
http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP

on client add static ip on the interface and the route
/ipv6 address add interface=CLIENT_VPN_INTERFACE address=CLIENT_IPV6_ADDRESS advertise=no
/ipv6 route add dst-address=THE_ADRESSESS_TO_ROUTE gateway=CLIENT_VPN_INTERFACE

On vpn server create manually the routes or let radius to send Framed-IPv6-Prefix with the network address that should be routed to the client.
Using the attribute on radius the server route will be created correctly.
 
choletzke
just joined
Topic Author
Posts: 4
Joined: Tue Oct 11, 2016 9:47 pm

Re: IPv6 Tunnel over https

Thu Oct 20, 2016 9:50 pm

/interface sstp-client add connect-to="no ipv6 support" hmmm

Who is online

Users browsing this forum: davidproton and 135 guests