I have a working remote access VPN that I created using the VPN iOS wizard on the Fortigate 60E version 6.4.
I am trying to add IPv6 support.
The Fortinet is behind a dual-stack Comcast Business connection and has a working IPv6 prefix delegation setup on it. It gets a /56 subnet from Comcast.
Here is the current phase1/phase2 configs:
config vpn ipsec phase1-interface
edit "RA-iOS"
set type dynamic
set interface "wan1"
set ike-version 2
set authmethod signature
set peertype any
set net-device disable
set mode-cfg enable
set ipv4-dns-server1 192.168.223.1
set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
set localid "DOMAINNAME"
set localid-type fqdn
set comments "VPN: RA-iOS [Created by VPN wizard]"
set dhgrp 14 5 2
set cert-id-validation disable
set certificate "1176_2021_req"
set ipv4-start-ip 192.168.222.33
set ipv4-end-ip 192.168.222.38
set ipv4-netmask 255.255.255.248
next
end
config vpn ipsec phase2-interface
edit "RA-iOS"
set phase1name "RA-iOS"
set proposal aes256-sha256 aes256-md5 aes256-sha1
set pfs disable
set keepalive enable
set comments "VPN: RA-iOS [Created by VPN wizard]"
next
I tried adding ipv6-start-ip and ipv6-end-ip using the delegated prefix and host bits of ::200 - ::299. This lets connected devices receive an IPv6 address, but they report no valid IPv6 route. The devices I have tested are an iPhone 8 and a 2015 Macbook Pro both with latest updates, and both using the built-in VPN ipsec clients.
What is the recommended way to do this? I have found no documentation on this kind of scenario anywhere.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This is a two year old question about what should be a very basic feature. I have also not been able to find documentation on how to accomplish a **FUNCTIONING** dual stack IPSec VPN elsewhere. Does anyone at Fortinet know how to do this?? This is embarrassing.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.