cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WE Need IPV6 Support in MX

SOLVED
Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

at least some progress at the backend:

Selection_999(3501).png

 

anyway, i request a *much higher* frequency of updates. once every three months, that's way too less!

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

nothing new here:

 

root@www:~# host dashboard.meraki.com
dashboard.meraki.com is an alias for n1.meraki.com.
n1.meraki.com is an alias for sdg333.meraki.com.
sdg333.meraki.com has address 108.161.147.44

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

root@www:~# host dashboard.meraki.com
dashboard.meraki.com has address 108.161.147.44
dashboard.meraki.com has IPv6 address 2620:12f:c000:0:92e2:baff:fecd:3f94
Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

When the time comes, I would be interested in beta testing IPV6 for MX or other hardware.

 

I have Charter as an ISP and when I was using a Soniclwall firewall I had four IPV6 subnets.  The MR33 was able to get an IPV6 address from the Sonic wall, and devices in the WiFi also could get IPV6 addresses.

 

 

- Dave

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

The failure of Meraki to support IPv6 in a timely manner is now really causing me big issues. 
COVID-19 has caused my company to send everyone to work from home and VPN into the office. 
Of course, many of the users who have never had to use our VPN are trying to use it and discovering they can't due to IPv6. 

I've had to bung in a couple of pfSense firewalls in on spare IP addresses (using 2 retired Dell servers) and give these users OpenVPN for connectivity. I'm now wondering when it comes to license renewal time, why I should bother as we now have 2 perfectly serviceable pfSense firewalls in place with auto failover, VPN, Suricata, pfBlockerNg, and fully supporting IPv6. The only downside being that they're far more difficult to manage and configure than our MXs.

 

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

Just for info.  I have been having the same issue.  If users are getting IP v6 addresses, Telstra (Australia)  IPV6 to ipv4 GW does not support L2tp VPN.  What I have found is if I disable the IPV6 protocol on the WIFI or Ethernet adapter that the VPN is running on  then the device gets and IP v4 address and the GW is bypassed and it works.   but we do need IPV6 support and a Better VPN client for windows  ASAP.  it is Meraki biggest short coming.   Need Client VPN to work like SDWAN does.  "It just works"  without me having to team viewer to clients machine to set it up every time.

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

@Meraki-PM-Team, this is a serious situation RIGHT NOW!

 

in the name of all your patient and loyal customers and resellers: PROVIDE A QUICK FIX RIGHT ***NOW***!

 

focus on the client VPN part and LET OUR USERS - WHO *WANT*/*NEED* TO WORK FROM HOME IN THIS DIFFICULT AND URGENT SITUATION - ACCESS OUR INTERNAL NETWORKS!!!

 

i am currently stopping linux updates of libreswan, because DH2/modp1024 is not anymore supported as of v3.30 (February 2020) "pluto: Disable support for DH2/modp1024 at compile time [Paul]", but required by client VPN. ipsec supports more then 1 ike algo in phase1, but support can only *switch* to DH14/modp2048.

 

… and by the way, the docs on https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview#Encryption_Method do still speak about DH5/modp1536 which is not possible to switch to regarding the support team. [Case 04926942].

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

I'm getting ready to pitch the OpenVPN Access Server seriously at work right now due to this. Most people don't have an issue connecting, but when they do I have to rebuild the damn VPN connection every time 😞
Highlighted
Conversationalist

Re: WE Need IPV6 Support in MX

Hopefully some of Meraki’s team will be able to concentrate more on getting this sorted if they are working from home themselves!!!

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

@CharlieCrackle 
"Just for info.  I have been having the same issue.  If users are getting IP v6 addresses, Telstra (Australia)  IPV6 to ipv4 GW does not support L2tp VPN.  What I have found is if I disable the IPV6 protocol on the WIFI or Ethernet adapter that the VPN is running on  then the device gets and IP v4 address and the GW is bypassed and it works.   but we do need IPV6 support and a Better VPN client for windows  ASAP.  it is Meraki biggest short coming.   Need Client VPN to work like SDWAN does.  "It just works"  without me having to team viewer to clients machine to set it up every time."

That works for BT over here in the UK but not for Sky Internet and for some inexplicable reason we have many users on Sky.  

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

Selection_999(3766).png

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

nikiwaibel

 

I agree with your sentiment. But for a VPN to work over IPV6, the MX would need to have have IPV6 address management, subnet management, routing management and perhaps even 6 to 4 and 4 to 6 if your internal network is IPV4 only.

 

The next update from Meraki on IPV6 will come in April.  Perhaps there will be an Alpha or Beta then.

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

We now have half of our employees using my thrown together pfSense/OpenVPN solution due to the IPv6/VPN issues with the Meraki MX. It's not looking good for license renewal for Meraki right now. We may as well just move everyone over and wave Meraki good bye and send the other guys who assist me with infrastructure on pfSense courses. It won't be easy to persuade the boss to pay up after all the grief we've been having. 

 

 

 

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

Personally, to use Meraki MX as my home office firewall, these are the IPv6 features I am using now with "not-an-MX" and am looking for in an MX.

- Prefix Delegation with Prefix Hint
- Dynamic assignment of delegated /64 prefixes from the larger /60 or /56 (see hint) to different interfaces - some physical some VLAN
- DHCPv6-lite to hand out DNS (others, NOT Android)
- RDNSS to hand out DNS (Android, others)
- Option to use either delegated or "system" DNS for DHCPv6-lite / RDNSS

That gets me going as a replica of my current setup. 

Nice to have would be:
DNS64/NAT64 including the ability to have that work from PD-assigned prefixes

And of course v6 firewalling / content inspection / VPN features.

I know the potential list of v6 capabilities is far greater, and Enterprises will have an additional wish list. The above is what I consider "the essentials" for a SOHO setup.

All opinions mine, not speaking as an employee, and so on.

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

I am running out of solution for customers now.   Telstra is Australia is using IPV6 on their  mobile network with a IP6 to IP4 GW  which does not support l2tp VPN

 

Up till now I have been disabling IPV6 on the client to get around this

 

I now have IOS devices with the same issue and you can NOT disable IPV6 on IOS.  so VPN on IOS does not work any more.

 

Need IPV6 support   or anyconnect VPN client support..  URGENTLY  as now supplying non meraki gear to fix these issues.

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

I had to put the Meraki in Pass through mode, and using PFSense on my front end for Router, there I configure VPN. Open VPN etc.  Then use Ipsec as forwards to the Meraki so its still in play.

I have brand new MX100 sitting on rack waiting for iPV6 Options till then pfsense is boss.

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

@Dudleydogg Given the VPN issues we are seeing with our MX64 I am really close to switching to a pfSense box at the office. We are all work from home right now and most people have multiple VPN pauses a day, not working too well for us 😞

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

We've migrated nearly everyone over to the pfSense/OpenVPN I set up on a couple of old Dell servers we had lying around. We're getting much more reliable connections and don't have any IPv6 issues. The number of support calls has really dropped and the pfSense servers are hardly breaking a sweat. 

 

 

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

@AAVH, given how pfSense is currently offering FREE “zero to ping” its really tempting to me.
Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

smccloud1,

Please keep in mind that the specs for a MX64 is a maximum of 50 concurrent VPN users and a total of 100mbps VPN throughput.

- Dave

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

@DHAnderson We have around 36 users and a 50Mbps connection, and problem happens even with a single user on the VPN.
Highlighted
New here

Re: WE Need IPV6 Support in MX

I to have abandoned Meraki and went Fortigate firewall and Ubiquiti switches/wifi.  If anyone needs Fortigate pricing let me know.

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

We have a 100MBit Internet connection and a 20 user maximum at any one time as the company operates in two shifts. We've been peaking at about 15 users and averaging 10 or 11 since the outbreak.  

 

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

Meraki Team, Please show this thread to management. IPv6, IKEv2 and Anyconnect for client VPN are HUGE missing features. You see many customers a jumping ship because they have no choice they are complaining because they WANT to continue to use the product but can't. We know you are working on it but we as customers need/deserve a roadmap and timeline of when these features will be live so we can plan accordingly. Please no more an update in x months.

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

micah-cmedics,

This board is for Community based support for Meraki, not a general product board. Please refrain from trying to sell competing products here.
Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

In their February IPV6 update, Meraki said that if they stay on schedule, there will be "exiting" news in April.  Let's hope they are staying on schedule!

 

 

Highlighted
Here to help

Re: WE Need IPV6 Support in MX

@DHAnderson you mean they will start on it in April?
Highlighted
Here to help

Re: WE Need IPV6 Support in MX

Interesting you mentioned the Fortigate. We just moved most our equipment to them. Couldn't be happier. Full IPv6 support. And the VPN works great. Certainly a larger learning curve but if you already know firewalls this is the way to go.

 

Also, the security is muuuuuch better on the Fortigate. We ran a a test and put a fortigate between our MX our our switches with port mirroring on to see what the MX was missing. In 7 days the MX missed over 34,000 IPS attemps. Pretty sad.

 

I love my Meraki's don't get me wrong... but..... they are way way behind now. Its sad to watch such a great brand die.

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

smccloud1,

No. In the IPv6 @ Meraki they did not mention what the exciting news was, just that there would be some, if schedules go as planned. Given the shift to working at home due to Covid19, I would be surprised if schedules don't slip.

They also stated there could be beta testing over the next couple of months, so the news could be a formal announcement of a beta plan.

We have 30 days to find out

Highlighted
Meraki Employee

Re: WE Need IPV6 Support in MX

Hi Everyone!

 

I am a long time lurker not poster, but here goes since I noticed an update in the IPv6 @ Meraki thread and wanted to get it in front of everyone in this thread as some may not be aware off or following the update thread.


TLDR: Improvements to client VPN functionality to handle IPv6 only clients to connect through a NAT64 from their providers

https://community.meraki.com/t5/Full-Stack-Network-Wide/IPv6-Meraki/m-p/81683/highlight/true#M1465

If you have IPv6 only connectivity and are leveraging NAT64, I urge you to share it with the community your ISP and if your setup works or doesn't.

 

Stay safe & healthy!

 

Cheers,

 

-Raul

Highlighted
New here

Re: WE Need IPV6 Support in MX

Its not too bad, meraki is allow all and block things you dont want, where fortigate is more of granular allow what you want and get very specific, but its not over daunting.

 

i have used all the firewall players over the years and currently very happy.  I would love to see meraki do something, its really is that with current times, to little to late.

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

micah-cmedics
 
The main strength of Meraki is that they are cloud managed from the start.  They did not take a local managed device, slap a dongle on it and make a the same dated interface in the cloud. 

The second strength of Meraki is the Dashboard.  All devices, all clients. The Dashboard benefits goes on and on.

The third strength of Meraki is zero touch deployment.  Configure the device once you get Claim key.  The device lands is some distance city, or state, or country and gets mounted and powered up and is working in minutes.  And there it is, in the Dashboard.

The 4th strength of Meraki is the extras, the API, Insight and Systems Manager.

So while an individual piece of Meraki hardware may be missing a feature, the overall benefit is still tremendous compared to competitors.
Highlighted
Here to help

Re: WE Need IPV6 Support in MX

I totally agree. The remote management and ease of configuration on the Meraki devices is absolutely brilliant. Saves me a world of headaches in that I can delegate management to other guys without needing to send them on courses or hold their hands. And if there is a visit from Captain Cockup you can always fix it remotely. Something no other firewall devices have that I'm aware of. Its a great comfort blanket. 

However, despite all those wonderful features (which is why we all bought Meraki in the first place), if they don't fulfil a fundamental functionality need you have right now then they may as well be paperweights and right now that's what they are for my company with the entire company working from home. We've migrated everyone to pfSense/OpenVPN due to the issues with Meraki client VPN. 

 

Highlighted
New here

Re: WE Need IPV6 Support in MX

Hi Hi together!
Big thanks to you Meraki Guys and that finally started to implement IPv6!
Recognized it round about a week ago, when my switch got an IPv6 addresse after a reboot.

Just Lovely!

 

For your request:

ISP:
1&1 Versatel Germany

Outgoing connections:
All perfect

 

Ingoing:
Client to FW
-not possible-

Highlighted
Conversationalist

Re: WE Need IPV6 Support in MX

What model switch and what version firmware?

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

My switches used to have IPV6 addresses and it went away and the setting is grayed out now.

what did you do to enable this feature?

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

Before I replaced my Sonicwall firewall with a MX65, I had it setup to get an IPV6 /60 subnet from Charter. My MS220-8P and MR33 picked up the correct subnet and IPV6 addresses.  They also passed on Router Announcements to clients who also got IPV6 addresses on the correct subnet.

 

So while there may be more work on the complete product line, the big push is most likely re-architecting the MX to support a new more complex IP protocol, and the work they have done making sure the Meraki site, dashboard and backend support IPV6.

Highlighted
Building a reputation

Re: WE Need IPV6 Support in MX

currently MX seem not yet support IPV6 solution
Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

T-4 Days before time runs out for an IPV6 announcement that was forecast  last February. 

 

Kudos tothe team for testing out the NAT64 VPN! I wonder if  Covid19 has had a negative impact on the development schedule in other ways.

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

The Meraki IPV6 team made their April announcement.

 

Understandably, the schedule has slipped.  In a former life I was a software developer then software development manager, then director of product development.  I am so glad I do not have that responsibility now.  Covid 19 shelter in place will butcher any development schedule.  I cannot imagine trying to write software at home if their are children present!  The power of a team is also broken as communication and commadary is pushed through a tiny set of wires.

 

 

Highlighted
Conversationalist

Re: WE Need IPV6 Support in MX

Where did they make their announcement?

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

@JackTaugher 

 

The made their post in this forum:

 

IPv6 @ Meraki

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

This Reply was 2 Years ago and no closer to IPV6, Many of us still use Meraki Networks but have Alternate Options for Routers. My Entier Network is Meraki but I put MX on the shelf and using another Vender for Router.

WE Hope this year we can go Pure Meraki Some of us are even willing to take whatever Beta is out there.

 

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

@Dudleydogg 

 

The has been forward movement on IPV6.  Making the Dashboard IPV6 compatible is a necessary precursor.

 

I get it that the MX still has no alpha or beta yet and that leaves those who require IPV6 still stuck.

Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

Is Edgar Allan POE lost love Lenore in the following poem, our MX IPV6 support?  Or is this just the ramblings of a Covid19 feverish mind?

 

The Raven

Once upon a midnight dreary, while I pondered, weak and weary,
Over many a quaint and curious volume of forgotten lore—
    While I nodded, nearly napping, suddenly there came a tapping,
As of some one gently rapping, rapping at my chamber door.
“’Tis some visitor,” I muttered, “tapping at my chamber door—
            Only this and nothing more.”
 
    Ah, distinctly I remember it was in the bleak December;
And each separate dying ember wrought its ghost upon the floor.
    Eagerly I wished the morrow;—vainly I had sought to borrow
    From my books surcease of sorrow—sorrow for the lost Lenore—
For the rare and radiant maiden whom the angels name Lenore—
            Nameless here for evermore.
 
    And the silken, sad, uncertain rustling of each purple curtain
Thrilled me—filled me with fantastic terrors never felt before;
    So that now, to still the beating of my heart, I stood repeating
    “’Tis some visitor entreating entrance at my chamber door—
Some late visitor entreating entrance at my chamber door;—
            This it is and nothing more.”
 
    Presently my soul grew stronger; hesitating then no longer,
“Sir,” said I, “or Madam, truly your forgiveness I implore;
    But the fact is I was napping, and so gently you came rapping,
    And so faintly you came tapping, tapping at my chamber door,
That I scarce was sure I heard you”—here I opened wide the door;—
            Darkness there and nothing more.
 
    Deep into that darkness peering, long I stood there wondering, fearing,
Doubting, dreaming dreams no mortal ever dared to dream before;
    But the silence was unbroken, and the stillness gave no token,
    And the only word there spoken was the whispered word, “Lenore?”
This I whispered, and an echo murmured back the word, “Lenore!”—
            Merely this and nothing more.
 
    Back into the chamber turning, all my soul within me burning,
Soon again I heard a tapping somewhat louder than before.
    “Surely,” said I, “surely that is something at my window lattice;
      Let me see, then, what thereat is, and this mystery explore—
Let my heart be still a moment and this mystery explore;—
            ’Tis the wind and nothing more!”
 
    Open here I flung the shutter, when, with many a flirt and flutter,
In there stepped a stately Raven of the saintly days of yore;
    Not the least obeisance made he; not a minute stopped or stayed he;
    But, with mien of lord or lady, perched above my chamber door—
Perched upon a bust of Pallas just above my chamber door—
            Perched, and sat, and nothing more.
 
Then this ebony bird beguiling my sad fancy into smiling,
By the grave and stern decorum of the countenance it wore,
“Though thy crest be shorn and shaven, thou,” I said, “art sure no craven,
Ghastly grim and ancient Raven wandering from the Nightly shore—
Tell me what thy lordly name is on the Night’s Plutonian shore!”
            Quoth the Raven “Nevermore.”
 
    Much I marvelled this ungainly fowl to hear discourse so plainly,
Though its answer little meaning—little relevancy bore;
    For we cannot help agreeing that no living human being
    Ever yet was blessed with seeing bird above his chamber door—
Bird or beast upon the sculptured bust above his chamber door,
            With such name as “Nevermore.”
 
    But the Raven, sitting lonely on the placid bust, spoke only
That one word, as if his soul in that one word he did outpour.
    Nothing farther then he uttered—not a feather then he fluttered—
    Till I scarcely more than muttered “Other friends have flown before—
On the morrow he will leave me, as my Hopes have flown before.”
            Then the bird said “Nevermore.”
 
    Startled at the stillness broken by reply so aptly spoken,
“Doubtless,” said I, “what it utters is its only stock and store
    Caught from some unhappy master whom unmerciful Disaster
    Followed fast and followed faster till his songs one burden bore—
Till the dirges of his Hope that melancholy burden bore
            Of ‘Never—nevermore’.”
 
    But the Raven still beguiling all my fancy into smiling,
Straight I wheeled a cushioned seat in front of bird, and bust and door;
    Then, upon the velvet sinking, I betook myself to linking
    Fancy unto fancy, thinking what this ominous bird of yore—
What this grim, ungainly, ghastly, gaunt, and ominous bird of yore
            Meant in croaking “Nevermore.”
 
    This I sat engaged in guessing, but no syllable expressing
To the fowl whose fiery eyes now burned into my bosom’s core;
    This and more I sat divining, with my head at ease reclining
    On the cushion’s velvet lining that the lamp-light gloated o’er,
But whose velvet-violet lining with the lamp-light gloating o’er,
            She shall press, ah, nevermore!
 
    Then, methought, the air grew denser, perfumed from an unseen censer
Swung by Seraphim whose foot-falls tinkled on the tufted floor.
    “Wretch,” I cried, “thy God hath lent thee—by these angels he hath sent thee
    Respite—respite and nepenthe from thy memories of Lenore;
Quaff, oh quaff this kind nepenthe and forget this lost Lenore!”
            Quoth the Raven “Nevermore.”
 
    “Prophet!” said I, “thing of evil!—prophet still, if bird or devil!—
Whether Tempter sent, or whether tempest tossed thee here ashore,
    Desolate yet all undaunted, on this desert land enchanted—
    On this home by Horror haunted—tell me truly, I implore—
Is there—is there balm in Gilead?—tell me—tell me, I implore!”
            Quoth the Raven “Nevermore.”
 
    “Prophet!” said I, “thing of evil!—prophet still, if bird or devil!
By that Heaven that bends above us—by that God we both adore—
    Tell this soul with sorrow laden if, within the distant Aidenn,
    It shall clasp a sainted maiden whom the angels name Lenore—
Clasp a rare and radiant maiden whom the angels name Lenore.”
            Quoth the Raven “Nevermore.”
 
    “Be that word our sign of parting, bird or fiend!” I shrieked, upstarting—
“Get thee back into the tempest and the Night’s Plutonian shore!
    Leave no black plume as a token of that lie thy soul hath spoken!
    Leave my loneliness unbroken!—quit the bust above my door!
Take thy beak from out my heart, and take thy form from off my door!”
            Quoth the Raven “Nevermore.”
 
    And the Raven, never flitting, still is sitting, still is sitting
On the pallid bust of Pallas just above my chamber door;
    And his eyes have all the seeming of a demon’s that is dreaming,
    And the lamp-light o’er him streaming throws his shadow on the floor;
And my soul from out that shadow that lies floating on the floor
            Shall be lifted—nevermore!
Highlighted
Kind of a big deal

Re: WE Need IPV6 Support in MX

Proctor & Gamble have the solution you seek - https://www.lenor.co.uk/en-gb 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Highlighted
A model citizen

Re: WE Need IPV6 Support in MX

There is a hint of a change coming to the MX line.  Version 15.38 mentions "a new major version evolving through beta...".  Perhaps IPV6 or at least the underpinnings of it are close!

 

-Dave 

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

well, that's there since 15.23:

As a new major version evolving through beta, there are a number of new, uncommon issues that may result in device reboot that we are continuing to investigate and work through. In particular, the Z3(C), MX84, MX100, MX400, MX600, MX250, and MX450 appliances have unresolved issues that we are tracking closely and continuing to investigate and drive towards resolution.

i doubt it is related to IPv6.

Highlighted
Getting noticed

Re: WE Need IPV6 Support in MX

Does anyone know if the MX is capable of tunneling IPv6 over IPv4?

 

Related to GIF (Generic tunnel Interface) / NAT passing IP protocol 41?

 

https://tools.ietf.org/html/rfc2473

Highlighted
Kind of a big deal
Kind of a big deal

Re: WE Need IPV6 Support in MX

@tfriedrich I don't believe so, there is progress on ipv6 for MR that is in closed beta but I don't believe there is an MX ipv6 beta yet available.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.