Site 2 Site VPN with ipv6

Chris

4/7/23, 6:46 PM

I have a Site 2 Site VPN running, based on IPv4. So I have 2 Networks, both connected via a router to the internet. The ISP provides a public IPv4.

The 2 networks have the following IPs A: IPs 192.168.0.0 Subnet 255.255.128.0 B: IPs 192.168.128.1 Subnet 255.255.128.0

Both internet routers (on both sides) are the default gateways to the internet. In the routers I have added static routes to the VPN servers for the other side Networks.

Route in router A: Network: 192.168.128.0 Subnetmask: 255.255.128.0 Gateway: The VPN Server on site A

Route in router B: Network: 192.168.0.0 Subnetmask: 255.255.128.0 Gateway: The VPN Server on site B

The the VPN Servers connect to each other via the internetrouter and the public ips. All clients are routed via the internet router to the vpn servers (via the static routes).

This is working fine.

Now the ISP has activated IPv6 on both sides. Both sides are getting a subnet with a 56 prefix. So via IPv6 I have the problem, that all clients have public IPs.

When a client on site A is trying to reach a client on site B, he is trying to reach it over the internet. But he should go via the VPN servers. But I cannot add a static IPv6 route to the internat routers, pointing to the VPN routers, because then the VPN routers do not reach each other. Because they are in the same 56 subnet. So what do I have to change?

0 + 0

vpn

ipv6

site-to-site-vpn

Ron Trunk

4/7/23, 7:01 PM

Are you saying both sides are the same /56 subnet?

Chris

4/7/23, 7:08 PM

No, they are differnt. But the VPN Server on site A is in the same net as the clients in site A and vice versa. So I need to tell my network: "To reach the VPN Server A from VPN Server B => use internet. For all other clients in the same subnet => use VPN tunnel" All clients are blocked from public site by a firewall, except the vpn servers

Ron Trunk

4/7/23, 7:11 PM

You do the same thing as you've done for IPv4 -- the gateways have a static route for the other side pointing to the VPN server.

Chris

4/7/23, 7:16 PM

But then, my VPN servers do not connect. So server A tries to connect to server B. The request is send to the internet router, which is pointing the request back to server A, because of the static route for the subnet of net B

Ron Trunk

4/7/23, 7:24 PM

Create a static route on gateway A for the IP of VPN server B, pointing to the Internet, and vice versa

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Site 2 Site VPN with ipv6

TH: ไซต์ 2 ไซต์ VPN พร้อม ipv6

RO: Site 2 Site VPN cu ipv6

RU: Сайт 2 Сайт VPN с ipv6

VI: Trang web 2 Trang web VPN với ipv6

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.