Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 IPsec site to site VPN with unnumbered WAN interface on one side

    IPv6
    2
    3
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rdrcrmatt
      last edited by

      I just can't think of how this tunnel should look.

      my WAN interface has 2602:xxxx:xxx:xxxx:: for it's IP, and my internal interfaces are using track interface in order to get 3 /64's on the inside of my network, one per vlan.  The internal interfaces actually have IPs on them.  In fact, my first VLAN is actually on the same subnet as the WAN interface unnumbered / network address.  I'm getting these IPs from my ISP.

      WAN 2602:xxxx:xxxx:1000::
      LAN1 2602:xxxx:xxxx:1000::1  - Track Interface WAN Index 0
      LAN2 2602:xxxx:xxxx:1001::1 - Track Interface WAN Index 1
      LAN3 2602:xxxx:xxxx:1002::1 - Track Interface WAN Index 2

      Not sure if "un-tracking" LAN1 or, adjusting the indexes would help.  I'm not entirely sure how the whole track interface thing works, that's still a little voodoo in my mind.

      The remote side of my VPN is setup with a HE IPv6 tunnel with an IP on the actual WAN interface.

      Is it possible to setup this site to site VPN?  I would just prefer to not put any site to site traffic unencrypted on the public network.

      1 Reply Last reply Reply Quote 0
      • MikeV7896M
        MikeV7896
        last edited by

        @rdrcrmatt:

        WAN 2602:xxxx:xxxx:1000::
        LAN1 2602:xxxx:xxxx:1000::1  - Track Interface WAN Index 0
        LAN2 2602:xxxx:xxxx:1001::1 - Track Interface WAN Index 1
        LAN3 2602:xxxx:xxxx:1002::1 - Track Interface WAN Index 2

        Not sure if "un-tracking" LAN1 or, adjusting the indexes would help.  I'm not entirely sure how the whole track interface thing works, that's still a little voodoo in my mind.

        The two items I bolded in your original post are why you will need to adjust the indexes. LAN1 and WAN are currently set to use the same /64 address range (assuming the xxxx:xxxx is the same in both, since you didn't use different letters), which won't work. Fix the index used for LAN 1.

        The S in IOT stands for Security

        1 Reply Last reply Reply Quote 0
        • R
          rdrcrmatt
          last edited by

          @virgiliomi:

          The two items I bolded in your original post are why you will need to adjust the indexes. LAN1 and WAN are currently set to use the same /64 address range (assuming the xxxx:xxxx is the same in both, since you didn't use different letters), which won't work. Fix the index used for LAN 1.

          That's what I figured.  Thanks, I appreciate the confirmation.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.