Community discussions

MikroTik App
 
RackKing
Member
Member
Topic Author
Posts: 321
Joined: Wed Oct 09, 2013 1:59 pm

IPV6 novice question....

Wed Mar 25, 2020 11:52 pm

HI,

I have a 3011 setup with a L2TP/IPSEC VPN server and have create a white-list for remote clients. One of these clients has an IPV6 WAN address. I know I need to add the IPV6 package, but how much more involved is it beyond that. I am just looking for some advice to get started. Can I use the IPV6 address-liist in the regular IP / Firewall?

Any advice appreciated to get me started.

Thanks.
 
tdw
Member Candidate
Member Candidate
Posts: 279
Joined: Sat May 05, 2018 11:55 am

Re: IPV6 novice question....

Thu Mar 26, 2020 12:00 am

If you want to add an IPv6 client you need to implement IPv6 on your device after enabling the package - WAN, LANs, firewall, etc. I can't remember offhand if the L2TP implementation supports IPv6 at the moment.
 
Sob
Forum Guru
Forum Guru
Posts: 5416
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPV6 novice question....

Thu Mar 26, 2020 12:44 am

IPv4 and IPv6 are two distinct protocols. Similar, but not the same. You can't have IPv6 addresses in IPv4 firewall. And since you ask about something so basic, I should point out that most important first step is to have IPv6 connectivity, which is not automatic, your ISP must provide it and many (maybe even most) still don't. And I also don't remember if RouterOS supports IPv6 for L2TP or not.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
RackKing
Member
Member
Topic Author
Posts: 321
Joined: Wed Oct 09, 2013 1:59 pm

Re: IPV6 novice question....

Thu Mar 26, 2020 3:49 am

IPv4 and IPv6 are two distinct protocols. Similar, but not the same. You can't have IPv6 addresses in IPv4 firewall. And since you ask about something so basic, I should point out that most important first step is to have IPv6 connectivity, which is not automatic, your ISP must provide it and many (maybe even most) still don't. And I also don't remember if RouterOS supports IPv6 for L2TP or not.
I am working on getting up to speed - I agree I should know more. The remote client trying to connect VPN has a public IPV6 address. I cannot put this into my current firewall where I have IPV4 users whitelisted..... I need to figure out how to add an IPV6 address to my white list to allow them to connect to the VPN server. I am researching now trying figure it out.
 
tdw
Member Candidate
Member Candidate
Posts: 279
Joined: Sat May 05, 2018 11:55 am

Re: IPV6 novice question....

Thu Mar 26, 2020 4:24 am

As mentioned unless your ISP provides you with an IPv6 WAN address there is no way they will be able connect directly using IPv6, so that is the starting point. If the Mikrotik L2TP server does not support IPv6 that will be a non-starter too.

If they only have IPv6 their provider will be providing some form of 6-to-4 NAT so they can access IPv4 resources, if you can find out which address ranges their ISP uses for this NAT you could whitelist those in your IPv4 firewall address list.
 
Sob
Forum Guru
Forum Guru
Posts: 5416
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPV6 novice question....

Thu Mar 26, 2020 5:02 am

I did a quick test and L2TP server in RouterOS doesn't seem to listen on IPv6.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
RackKing
Member
Member
Topic Author
Posts: 321
Joined: Wed Oct 09, 2013 1:59 pm

Re: IPV6 novice question....

Thu Mar 26, 2020 9:11 am

As mentioned unless your ISP provides you with an IPv6 WAN address there is no way they will be able connect directly using IPv6, so that is the starting point. If the Mikrotik L2TP server does not support IPv6 that will be a non-starter too.

If they only have IPv6 their provider will be providing some form of 6-to-4 NAT so they can access IPv4 resources, if you can find out which address ranges their ISP uses for this NAT you could whitelist those in your IPv4 firewall address list.
Got it - thanks.
 
RackKing
Member
Member
Topic Author
Posts: 321
Joined: Wed Oct 09, 2013 1:59 pm

Re: IPV6 novice question....

Thu Mar 26, 2020 9:11 am

I did a quick test and L2TP server in RouterOS doesn't seem to listen on IPv6.
Thank you very much for this.

Who is online

Users browsing this forum: eyestrey, Google [Bot], sindy and 211 guests