1

I have a Site 2 Site VPN running, based on IPv4. So I have 2 Networks, both connected via a router to the internet. The ISP provides a public IPv4.

The 2 networks have the following IPs A: IPs 192.168.0.0 Subnet 255.255.128.0 B: IPs 192.168.128.1 Subnet 255.255.128.0

Both internet routers (on both sides) are the default gateways to the internet. In the routers I have added static routes to the VPN servers for the other side Networks.

Route in router A: Network: 192.168.128.0 Subnetmask: 255.255.128.0 Gateway: The VPN Server on site A

Route in router B: Network: 192.168.0.0 Subnetmask: 255.255.128.0 Gateway: The VPN Server on site B

The the VPN Servers connect to each other via the internetrouter and the public ips. All clients are routed via the internet router to the vpn servers (via the static routes).

This is working fine.

Now the ISP has activated IPv6 on both sides. Both sides are getting a subnet with a 56 prefix. So via IPv6 I have the problem, that all clients have public IPs.

When a client on site A is trying to reach a client on site B, he is trying to reach it over the internet. But he should go via the VPN servers. But I cannot add a static IPv6 route to the internat routers, pointing to the VPN routers, because then the VPN routers do not reach each other. Because they are in the same 56 subnet. So what do I have to change?

Chris
  • 131
  • 4
  • Are you saying both sides are the same /56 subnet? – Ron Trunk Dec 07 '21 at 19:01
  • No, they are differnt. But the VPN Server on site A is in the same net as the clients in site A and vice versa. So I need to tell my network: "To reach the VPN Server A from VPN Server B => use internet. For all other clients in the same subnet => use VPN tunnel" All clients are blocked from public site by a firewall, except the vpn servers – Chris Dec 07 '21 at 19:08
  • 2
    You do the same thing as you've done for IPv4 -- the gateways have a static route for the other side pointing to the VPN server. – Ron Trunk Dec 07 '21 at 19:11
  • But then, my VPN servers do not connect. So server A tries to connect to server B. The request is send to the internet router, which is pointing the request back to server A, because of the static route for the subnet of net B – Chris Dec 07 '21 at 19:16
  • 1
    Create a static route on gateway A for the IP of VPN server B, pointing to the Internet, and vice versa – Ron Trunk Dec 07 '21 at 19:24

0 Answers0