Hi,
I would like to take full advantage of Layer 2 VPN of SoftetherVPN, especially its ability to transport IPv6 traffic.
Both sites A and B are connected to the Internet with a dual-stack IPv4/IPv6 ISP and receive individual IPv6 prefixes.
I attach a network diagram of this scenario:
[attachment=1]Network layout.jpg[/attachment]
The problem:
All hosts on both sites get assigned the IPv6 prefix of both routers. It is not defined, which IPv6 gateway will be used in each host. Therefore, IPv6 traffic originating from a host in site A might use the IPv6 prefix from site B, which is fine for internal traffic, but not for outgoing internet traffic.
[attachment=0]Packet filtering rule.png[/attachment]
For IPv4, I use a DHCP server on each site with Softether VPN blocking DHCP traffic. This works perfectly fine.
However it is not an option for IPv6, since it is not possible to define a standard gateway for IPv6, even if using an IPv6 DHCP server.
Blocking IPv6 router advertisements in Softether VPN (see attached config), does prevent the assignment of the wrong IPv6 prefix, but also hinders internal IPv6 connectivity.
The reason is that the public IPv6 address will be preferred over other (e.g. site-local) IPv6 addresses and now this kind of traffic does not reach the other site (at least I cannot ping6).
Is there a solution to this problem? I have DHCPv6 servers and DNS servers (Windows Server) on both sites.
One idea would be to block public IPv6 addresses from registering in my private DNS servers, but I have no idea, if and how that would be possible.
Thanks!
Roland
Layer 2 VPN between two IPv6 enabled (dual-stack) networks
-
- Posts: 3
- Joined: Thu May 21, 2015 8:39 am
Layer 2 VPN between two IPv6 enabled (dual-stack) networks
You do not have the required permissions to view the files attached to this post.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networ
The both site IPv6 network address are different.
So, communication is impossible naturally.
So, communication is impossible naturally.
-
- Posts: 4
- Joined: Mon May 14, 2018 1:31 pm
Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networks
do you know how to communicate both server.. do you configure previously..??