Page 1 of 1

Layer 2 VPN between two IPv6 enabled (dual-stack) networks

Posted: Mon Dec 05, 2016 6:13 pm
by rosch
Hi,
I would like to take full advantage of Layer 2 VPN of SoftetherVPN, especially its ability to transport IPv6 traffic.
Both sites A and B are connected to the Internet with a dual-stack IPv4/IPv6 ISP and receive individual IPv6 prefixes.
I attach a network diagram of this scenario:
[attachment=1]Network layout.jpg[/attachment]
The problem:
All hosts on both sites get assigned the IPv6 prefix of both routers. It is not defined, which IPv6 gateway will be used in each host. Therefore, IPv6 traffic originating from a host in site A might use the IPv6 prefix from site B, which is fine for internal traffic, but not for outgoing internet traffic.
[attachment=0]Packet filtering rule.png[/attachment]
For IPv4, I use a DHCP server on each site with Softether VPN blocking DHCP traffic. This works perfectly fine.
However it is not an option for IPv6, since it is not possible to define a standard gateway for IPv6, even if using an IPv6 DHCP server.

Blocking IPv6 router advertisements in Softether VPN (see attached config), does prevent the assignment of the wrong IPv6 prefix, but also hinders internal IPv6 connectivity.
The reason is that the public IPv6 address will be preferred over other (e.g. site-local) IPv6 addresses and now this kind of traffic does not reach the other site (at least I cannot ping6).

Is there a solution to this problem? I have DHCPv6 servers and DNS servers (Windows Server) on both sites.

One idea would be to block public IPv6 addresses from registering in my private DNS servers, but I have no idea, if and how that would be possible.

Thanks!

Roland

Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networ

Posted: Thu Dec 15, 2016 8:02 am
by thisjun
The both site IPv6 network address are different.
So, communication is impossible naturally.

Re: Layer 2 VPN between two IPv6 enabled (dual-stack) networks

Posted: Thu May 17, 2018 1:00 pm
by sara1112
do you know how to communicate both server.. do you configure previously..??