IPv6: OpenVPN Simple

From OnnoWiki
Revision as of 10:28, 5 December 2022 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Sumber: https://forum.mikrotik.com/viewtopic.php?f=13&t=38026#p187333

No simple 4/6 NAT is possible. There are some attempts, but mostly to allow IPv6 only hosts to access old IPv4 internet. Not your thing and not available in RoS.

If you have IPv6 connectivity at another location and can create OpenVPN tunnel, then it's your best option. Of course, native connectivity would be better, but this is something you can have in ten minutes from now. Following is simplified (important parameters only) example of working setup:


NAT 4/6 sederhana tampaknya tidak mungkin. Ada beberapa upaya, tetapi sebagian besar hanya mengizinkan host IPv6 untuk mengakses internet IPv4 lama.

Jika Anda memiliki konektivitas IPv6 di lokasi lain dan dapat membuat terowongan OpenVPN, maka itu pilihan terbaik Anda. Tentu saja, konektivitas asli akan lebih baik, tetapi ini adalah sesuatu yang dapat Anda miliki dalam sepuluh menit dari sekarang. Berikut adalah contoh penyetelan kerja yang disederhanakan (parameter penting saja):


Basic server settings:

/interface bridge add name=ovpn6
/ppp profile add bridge=ovpn6 name=ovpn6srv
/interface ovpn-server server default-profile=ovpn6srv enabled=yes mode=ethernet
/ipv6 address add address=2001:aabb:ccdd:1::1/64 advertise=yes eui-64=no interface=ovpn6
/ipv6 route add dst-address=2001:aabb:ccdd:2::/64 gateway=2001:aabb:ccdd:1::2

Basic client settings:

/interface ovpn-client add mac-address=00:AA:BB:CC:DD:EE mode=ethernet name=ovpn6cli
/ipv6 address add address=2002:aabb:ccdd:1::2/64 advertise=no eui-64=no interface=ovpn6cli
/ipv6 route add dst-address=2000::/3 gateway=2001:aabb:ccdd:1::1
/ipv6 address add address=2002:aabb:ccdd:2::1/64 advertise=yes eui-64=no interface=internal

MAC address in ovpn-client seems to default to all zeros and it doesn't work. Put there something unique. In theory it should work even without adding route on client, but it seems that RoS does not pick up router advertisements.


Referensi