Page 1 of 1

L2TP/IPSec with IPv6 Connection?

Posted: Sun Jun 18, 2017 1:39 am
by blackmesawireless
We have a VPN that works fine for Windows and Android on IPv4, but I can't seem to get it to work on IPv6.

Initially I had trouble with ph2 packets in the log, but I fixed that by creating an IPv6 specific policy in /ip ipsec policy:
 2 T   ;;; ipv6
       group=default src-address=::/0 dst-address=::/0 protocol=all proposal=l2tp-proposal template=yes
Here's the /ip ipsec proposal:
 1    name="l2tp-proposal" auth-algorithms=sha256,sha1,md5 enc-algorithms=aes-256-cbc,aes-128-cbc,3des lifetime=30m pfs-group=modp1024
Here's /interface l2tp-server server
enabled: yes
max-mtu: 1450
max-mru: 1450
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
max-sessions: unlimited
default-profile: l2tp-profile
use-ipsec: yes
ipsec-secret: hunter2
allow-fast-path: no
Here's the ppp profile:
 1   name="l2tp-profile" local-address=xxx.xxx.xxx.254 remote-address=internal-pool remote-ipv6-prefix-pool=office-internal-new use-ipv6=yes use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default
     address-list="" dns-server=xxx.xxx.xxx.xxx on-up="" on-down=""
I don't get any errors in the logs, it just repeatedly tries to initiate the session. Any guidance or configs I can cargo cult are welcome!

Re: L2TP/IPSec with IPv6 Connection?

Posted: Sun Jun 18, 2017 3:43 am
by idlemind
Same here ... In MIkroTik you are given the option for a remote-ipv6-prefix-pool and use-ipv6 toggle option in the PPP profile. This implies I want to assign an entire /64 to my VPN user. I don't, I want them to get a single address like IPv4 with a "local-address" option for the IPv6 side of that connection.

Just for clarity this doesn't make IPv6 on my Android through VPN work. It simply consumes an IPv6 prefix from my ISP issued pool.

/frustrating, MikroTik, IPv6 is real. I promise you.

Re: L2TP/IPSec with IPv6 Connection?

Posted: Mon Aug 07, 2017 3:00 pm
by davidhen
What VPN service are you using ?

Re: L2TP/IPSec with IPv6 Connection?

Posted: Thu Nov 30, 2017 11:34 am
by buckett
Did you ever manage to get this working correctly?