Community discussions

MikroTik App
 
User avatar
acruhl
Member
Member
Topic Author
Posts: 371
Joined: Fri Jul 03, 2015 7:22 pm

How to get IPv6 address over NAT friendly VPN?

Sat Nov 12, 2022 4:46 am

I've been using an L2TP client on my Mac to tunnel back home when I'm away from the house for some "road warrior" type of stuff, but it's IPv4 only. How do I get an IPv6 address from the IPv6 prefix I'm allocated at home onto my remote Mac? I'm currently on an IPv4 only NAT at a hotel. This is how it's set up:
/ppp profile
set *0 local-address=10.0.24.1 remote-address=vpn-pool
/interface l2tp-server server
set enabled=yes ipsec-secret=totallysecret use-ipsec=yes
/ip pool
add name=vpn-pool ranges=10.0.24.2-10.0.24.10

I noticed in the /ppp profile stuff there is an option called
use-ipv6=yes
and I don't understand what it does.

It would be nice if I didn't have to install something onto my Mac but I would if it is the right thing to do.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to get IPv6 address over NAT friendly VPN?

Sun Nov 13, 2022 8:48 am

There are two even more interesting options in PPP profile:

- dhcpv6-pd-pool - creates dynamic DHCPv6 PD server on client's interface and assigns prefix from pool, if client asks for it
- remote-ipv6-prefix-pool - takes prefix from pool and enables RA on client's interface; client can get address using SLAAC

I did quick test with both and they work. But I have no idea what Mac supports (I used another RouterOS as client).
 
User avatar
acruhl
Member
Member
Topic Author
Posts: 371
Joined: Fri Jul 03, 2015 7:22 pm

Re: How to get IPv6 address over NAT friendly VPN?

Mon Nov 14, 2022 1:01 am

Thanks for the reply.

My question really is:

1. How do I get an IPv6 address from my prefix delegation from home over a NAT friendly VPN without needing to do anything special on the Mac

or

2. If I need to install something what is it? I'm guessing some OpenVPN client. This is a question to anyone.

You said:

"takes prefix from pool and enables RA on client's interface; client can get address using SLAAC"

Is that RA on the client's (really clent router's) downstream interface then? I'm not doing anything like that with a laptop. If you're thinking upstream interface maybe you mean neighbor discovery or router solicitation?

Anyway, doesn't surprise me that MikroTik works with MikroTik, they have that pretty well figured out...
 
User avatar
acruhl
Member
Member
Topic Author
Posts: 371
Joined: Fri Jul 03, 2015 7:22 pm

Re: How to get IPv6 address over NAT friendly VPN?

Mon Nov 14, 2022 1:45 am

Ok with much messing around, I think I found something. Maybe. It pings stuff over IPv6. And then it stopped working after some time.

MikroTik router side:
/ipv6 address add interface=<l2tp-vpn> address=<ipv6 prefix>::1/64
Mac side:
sudo route add -inet6 default -interface ppp0
sudo ifconfig ppp0 inet6 <ipv6-prefix>::2/64

Where <ipv6-prefix> is some available /64 I picked out of the /56 that my ISP gives me.

It seems like it's not working right when it is working. There has to be a better way of doing this.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to get IPv6 address over NAT friendly VPN?

Mon Nov 14, 2022 12:58 pm

You mentioned L2TP, so I tested L2TP. On server (router), go in "/ppp profile" and focus on remote-ipv6-prefix-pool option. Give it a pool (possily set by DHCPv6 client on server, or static, depending on how you get it) with prefix-length set to 64 (default you'd use also for LAN). And when L2TP client connects, server will automatically start sending RAs on dynamic interface created for client. And it's up to client (Mac) to accept it. I don't have any Mac, so I can't test this part, I just checked if server offers something.
 
User avatar
acruhl
Member
Member
Topic Author
Posts: 371
Joined: Fri Jul 03, 2015 7:22 pm

Re: How to get IPv6 address over NAT friendly VPN?

Tue Nov 15, 2022 4:52 am

Ok, thanks. That is getting somewhere but it doesn't work.

The Mac never tries to autoconfig an address from the pool into the ppp0 interface. The configuration GUI does include the ability to configure IPv6 on the L2TP interface, and I have it set to "Automatic". No attempts to get an address and I see no RA coming through in Wireshark. Also, if I choose "Manually" as the method to setup IPv6, it never applies a global address (that I'm getting from the prefix that is being set on the MikroTik) to the ppp0 interface.

Something is broken, probably on the Mac, and I'm kinda done trying to make it work. At least I know I can set it up manually (meaning CLI) and it somewhat works.

Suck.

Who is online

Users browsing this forum: johnson73, miks and 82 guests