IPv6 with OpenConnect and L2TP server

Forestarean · August 5, 2022, 8:18pm

Is it possible to use IPv6 addressing with OpenConnect and L2TP/IPsec VPNs? As far as I know, VyOS utilizes ocserv to provide OpenConnect and it supports IPv6 in OpenWRT.

c-po · August 6, 2022, 5:48am

Hi @Forestarean,

set vpn openconnect network-settings client-ipv6-pool should be available in VyOS 1.4

RyVolodya · August 6, 2022, 8:52am

Hello @Forestarean,

IPv6 addressing is also available in l2tp:

vyos@vyos# set vpn l2tp remote-access client-ipv6-pool 
Possible completions:
+> delegate             Subnet used to delegate prefix through DHCPv6-PD (RFC3633)
+> prefix               Pool of addresses used to assign to clients

Forestarean · August 6, 2022, 11:41am

Many thanks to both. I will try what @RyVolodya suggested on my VyOS 1.3.1.

Forestarean · August 15, 2022, 4:30pm

Perhaps a working example? I tried with ULA addresses:

vyos@vyos# set vpn l2tp remote-access client-ipv6-pool prefix fc00:0:1:0::/64
[edit]
vyos@vyos# set vpn l2tp remote-access client-ipv6-pool delegate  fc00:0:1:0::/64
[edit]
vyos@vyos# commit

Delegation-prefix required for individual delegated networks

[[vpn]] failed
Commit failed

Thanks in advance.

RyVolodya · August 29, 2022, 4:31pm

Hello @Forestarean,
If you want to configured only the ipv6 address pool (without prefix delegation), use the command:
vyos@vyos# set vpn l2tp remote-access client-ipv6-pool prefix fc00:0:1:0::/64

Forestarean · August 30, 2022, 12:53pm

Thank you @RyVolodya .

system · September 1, 2022, 12:54pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.