Layer 2 VPN between two IPv6 enabled (dual-stack) networks

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
rosch
Posts: 3
Joined: Thu May 21, 2015 8:39 am

Layer 2 VPN between two IPv6 enabled (dual-stack) networks

Post by rosch » Mon Dec 05, 2016 6:13 pm

Hi,
I would like to take full advantage of Layer 2 VPN of SoftetherVPN, especially its ability to transport IPv6 traffic.
Both sites A and B are connected to the Internet with a dual-stack IPv4/IPv6 ISP and receive individual IPv6 prefixes.
I attach a network diagram of this scenario:
[attachment=1]Network layout.jpg[/attachment]
The problem:
All hosts on both sites get assigned the IPv6 prefix of both routers. It is not defined, which IPv6 gateway will be used in each host. Therefore, IPv6 traffic originating from a host in site A might use the IPv6 prefix from site B, which is fine for internal traffic, but not for outgoing internet traffic.
[attachment=0]Packet filtering rule.png[/attachment]
For IPv4, I use a DHCP server on each site with Softether VPN blocking DHCP traffic. This works perfectly fine.
However it is not an option for IPv6, since it is not possible to define a standard gateway for IPv6, even if using an IPv6 DHCP server.

Blocking IPv6 router advertisements in Softether VPN (see attached config), does prevent the assignment of the wrong IPv6 prefix, but also hinders internal IPv6 connectivity.
The reason is that the public IPv6 address will be preferred over other (e.g. site-local) IPv6 addresses and now this kind of traffic does not reach the other site (at least I cannot ping6).

Is there a solution to this problem? I have DHCPv6 servers and DNS servers (Windows Server) on both sites.

One idea would be to block public IPv6 addresses from registering in my private DNS servers, but I have no idea, if and how that would be possible.

Thanks!

Roland
You do not have the required permissions to view the files attached to this post.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networ

Post by thisjun » Thu Dec 15, 2016 8:02 am

The both site IPv6 network address are different.
So, communication is impossible naturally.

sara1112
Posts: 4
Joined: Mon May 14, 2018 1:31 pm

Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networks

Post by sara1112 » Thu May 17, 2018 1:00 pm

do you know how to communicate both server.. do you configure previously..??

Post Reply