Tuesday, November 23, 2021

Microsoft RAS VPN will not work connecting from a IPv6 endpoint

I have setup a new Microsoft RAS VPN with user certificate authentication. It works great on IPv4. I have setup IPv6 in our DMZ because our phone carrier (for staff hot-spotting) is now IPv6.

The problem is that after successfully establishing a connection on a IPv6 client, traffic is sent on the connection (which is all IPv4) but nothing is ever received. Our internal servers also never receive the traffic from the RAS server. I used our Fortigate sniffer to confirm this.

Oddly, I can connect from a IPv4 network (client-side), then change to a IPv6 network, allow IKE connection to re-connect and it works fine! But if I manually disconnect and connect again traffic fails.

It is possible that this is nothing to do with IPv6. I only have one ISP with IPv6 that I can test.

$5 worth of Bitcoin Cash to anyone that can solve this for me.



No comments:

Post a Comment