Hello,
My company is setting up a routeros VPN gateway, our ambision is to serve Roadwarrior-client via both openvpn, wireguard and IPSec, IKEv2 via Radius/EAP. We need truly universal conectivity via both IPv4 and IPv6. That means that the clients can connect via a pure IPv6 connection or a pure IPv4 connection, snd access both IPv4 and IPv6 servers on the internal network.
Wireguard is already testet thorughly and work like a charm on both IP-stacks.
Ipsec+IKEv2 however is mostly working, we are using letsencrypt certifcates and are able to tunnel clients both via both the IPv4-Internet and the IPV6-internet, but we are struggeling with providing IPv6-connectivity to the internal IPv6-resources.
IPv4-addresses are being provided via modeconfig and a IPv4-pool, or via the Framed IPv4-radius attribute, but we have not found a way to give internal IPv6 addresses to our clients. It doesen’t seem like it is possible to create a IPv6 address pool, only prefix pools are configurable, but if there are other workarounds like specify IPv6 addresses manually, we are interested.
I find these post on the topic:
viewtopic.php?p=1024350
viewtopic.php?t=196141
Openvpn, have not yet been testet, so I was hoping the fourm could share some experiences there, we want to use both UDP and TCP on the server/vpn-gateway, to get through more firewalls. But is there any limitations we should be aware of?
Thank you in advance
My company is setting up a routeros VPN gateway, our ambision is to serve Roadwarrior-client via both openvpn, wireguard and IPSec, IKEv2 via Radius/EAP. We need truly universal conectivity via both IPv4 and IPv6. That means that the clients can connect via a pure IPv6 connection or a pure IPv4 connection, snd access both IPv4 and IPv6 servers on the internal network.
Wireguard is already testet thorughly and work like a charm on both IP-stacks.
Ipsec+IKEv2 however is mostly working, we are using letsencrypt certifcates and are able to tunnel clients both via both the IPv4-Internet and the IPV6-internet, but we are struggeling with providing IPv6-connectivity to the internal IPv6-resources.
IPv4-addresses are being provided via modeconfig and a IPv4-pool, or via the Framed IPv4-radius attribute, but we have not found a way to give internal IPv6 addresses to our clients. It doesen’t seem like it is possible to create a IPv6 address pool, only prefix pools are configurable, but if there are other workarounds like specify IPv6 addresses manually, we are interested.
I find these post on the topic:
viewtopic.php?p=1024350
viewtopic.php?t=196141
Openvpn, have not yet been testet, so I was hoping the fourm could share some experiences there, we want to use both UDP and TCP on the server/vpn-gateway, to get through more firewalls. But is there any limitations we should be aware of?
Thank you in advance
Statistics: Posted by Nightowl82 — Fri Feb 09, 2024 10:25 pm