I'm setting up Server 2012 R2 RRAS to be a SSTP VPN. I've got IPv4 working perfectly. My environment is dual stack (v4 and v6). When I enable IPv6 on the VPN my client gets a valid address but is unable to communicate to anything over the VPN using IPv6. If I ping a computer name it gets the ipv6 address but times out where if I ping it with -4 it gets the v4 address and pings perfectly fine. I've been banging my head on this for a few days now and nothings I've tried or any web searches have pointed me to a solution. I'm starting to wonder if maybe the VPN needs another port open for the IPv6 to tunnel through?
I've got the IPv6 Router (LAN and demand-dial) and IPv6 Remove access server options enabled on the general tab in RRAS as well as specified a prefix on the IPv6 tab. I've tried the prefix being it's own private prefix and using the same prefix as is in use on the network.
Does anyone else have this working? I have a feeling that it's probably a little thing somewhere that I've missed. Or does it not send the ipv6 traffic over the ipv4 vpn and you need to be on a client machine that has both ipv4 and ipv6 for ipv6 to work over the vpn?
Best Answer
I thought I'd provide a more generic Linux router scenario for users not using pfSense but a Linux based router (in my case DD-WRT).
br0is LAN interface of your router is. This is usually the default on DD-WRT, for other routers it could be another interface likeeth0The only problem I've discovered is while this static route allows IPv6 traffic to flow through to the outside, it doesn't provide access to other LAN IPv6 addresses within the IPv6 subnet of the LAN IP address of the server. Likely because the subnet is a different /64. To solve this, you need to add IPv6 static routes on the RRAS box itself to allow this connectivity.