Community discussions

MikroTik App
 
User avatar
webasdf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 87
Joined: Mon Jan 26, 2009 6:37 pm

Windows ipv6 with Mikrotik 6to4 tunnel

Wed Nov 03, 2010 5:33 am

I'm attempting to figure out this ipv6 stuff and so far it's over my head. I'm running 4.6 firmware on an RB450. I have a 6to4 tunnel set up on my Tik via Hurricane Electric. I followed the instructions on the Mikrotik Wiki to get the tunnel set up on the Tik. From the Tik it communicates fine across the tunnel. No problems. At the bottom of the Wiki it says to set up an ipv6 address on my internal LAN interface as well. I did that too.

Windows seems to pick up on the ipv6 neighbor discovery and gets an address from my /64 but does not route across it. From windows I am able to ping the ipv6 address on my Tik's local lan interface but not any further. I attempted to manually add a default route to windows and that didn't work either. I'm sure I'm doing something dumb but there is just so much chatter out there I can't sort out all the information.

My general setup (simple home router)
INTERNET -> Tik (ether2) -> NATted LAN via bridged ports (ether3, 4 and 5)

IPV6 config:
/ipv6 address
# Tunnel ipv6 address
add address=2001:470:1f10:777::2/64 advertise=yes comment="" disabled=no eui-64=no interface=sit1
# Local LAN ipv6 address on nat interface (bridged ether3, 4 and 5)
add address=2001:470:1f10:777::3/64 advertise=yes comment="" disabled=no eui-64=no interface=nat
/ipv6 nd
add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
    managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=10m reachable-time=unspecified retransmit-interval=unspecified
add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=nat \
    managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=10m reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2001:470:1f10:777::1 scope=30 target-scope=10
Windows config
C:\>ipv6 rt
::/0 -> 4/fe80::20c:42ff:fe2e:85c5 pref 256 life 3m21s (autoconf)
::/0 -> 4/2001:470:1f10:777::3 pref 0 life infinite (manual)
2001:470:1f10:777::/64 -> 4 pref 8 life 29d23h53m21s (autoconf)

C:\>ipv6 if
Interface 4: Ethernet: Local Area Connection
  Guid {832E8A86-1485-4023-AC32-B92497362871}
  uses Neighbor Discovery
  uses Router Discovery
  link-layer address: 00-0d-61-60-b8-04
    preferred global 2001:470:1f10:777:1557:7841:7073:4fc8, life 6d23h13m57s/23h11m10s (temporary)
    preferred global 2001:470:1f10:777:20d:61ff:fe60:b804, life 29d23h58m37s/6d23h58m37s (public)
    preferred link-local fe80::20d:61ff:fe60:b804, life infinite
    multicast interface-local ff01::1, 1 refs, not reportable
    multicast link-local ff02::1, 1 refs, not reportable
    multicast link-local ff02::1:ff60:b804, 2 refs, last reporter
    multicast link-local ff02::1:ff73:4fc8, 1 refs, last reporter
  link MTU 1500 (true link MTU 1500)
  current hop limit 128
  reachable time 23000ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 1
  default site prefix length 48
Tests
C:\>ping6 2001:470:1f10:777::3

Pinging 2001:470:1f10:777::3
from 2001:470:1f10:777:1557:7841:7073:4fc8 with 32 bytes of data:

Reply from 2001:470:1f10:777::3: bytes=32 time<1ms
Reply from 2001:470:1f10:777::3: bytes=32 time<1ms
Reply from 2001:470:1f10:777::3: bytes=32 time<1ms
Reply from 2001:470:1f10:777::3: bytes=32 time<1ms

Ping statistics for 2001:470:1f10:777::3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping6 2001:470:1f10:777::2

Pinging 2001:470:1f10:777::2
from 2001:470:1f10:777:1557:7841:7073:4fc8 with 32 bytes of data:

Reply from 2001:470:1f10:777:1557:7841:7073:4fc8: Destination address unreachable.
Reply from 2001:470:1f10:777:1557:7841:7073:4fc8: Destination address unreachable.
Reply from 2001:470:1f10:777:1557:7841:7073:4fc8: Destination address unreachable.
Reply from 2001:470:1f10:777:1557:7841:7073:4fc8: Destination address unreachable.

Ping statistics for 2001:470:1f10:777::2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Thanks in advance for any help.
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: Windows ipv6 with Mikrotik 6to4 tunnel

Wed Nov 03, 2010 6:18 am

You've got your SIT and bridge address in the same range

# Tunnel ipv6 address
add address=2001:470:1f10:777::2/64
# Local LAN ipv6 address on nat interface (bridged ether3, 4 and 5)
add address=2001:470:1f10:777::3/64

Are both in the same subnet,

HE would have given you a /48,

On your tunnel details page they would have listed

Server IPv4 address:
2001:470:c:b08::1/64
Client IPv6 address:
2001:470:c:b08::2/64

Which is the SIT IP, then on your lan you add your "Routed /64:" which is something like 2001:470:d:b08::1/64
 
User avatar
webasdf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 87
Joined: Mon Jan 26, 2009 6:37 pm

Re: Windows ipv6 with Mikrotik 6to4 tunnel

Wed Nov 03, 2010 3:43 pm

OH! That makes sense :) I was trying to route on my tunnel subnet instead of my routable subnet. The 2 subnets were so close together I didn't notice the difference between 1f10 and 1f11. Looking at the ipv6 addresses will take some getting used to. Thanks for the tip!

New Tik Config:
/ipv6 address
add address=2001:470:1f10:777::2/64 advertise=yes comment="" disabled=no eui-64=no interface=sit1
add address=2001:470:1f11:777::1/64 advertise=yes comment="" disabled=no eui-64=no interface=nat
/ipv6 nd
add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
    managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=10m reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix
# also added this in for the routable subnet...not sure if it is necessary.
add autonomous=yes disabled=no interface=nat on-link=yes preferred-lifetime=1w prefix=2001:470:1f11:777::/64 \
    valid-lifetime=4w2d
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2001:470:1f10:777::1 scope=30 target-scope=10
Windows now does:
C:\>ping6 ipv6.google.com

Pinging ipv6.l.google.com [2001:4860:800b::93]
from 2001:470:1f11:777:e9ec:5798:8c02:977b with 32 bytes of data:

Reply from 2001:4860:800b::93: bytes=32 time=53ms
Reply from 2001:4860:800b::93: bytes=32 time=55ms
Reply from 2001:4860:800b::93: bytes=32 time=55ms
Reply from 2001:4860:800b::93: bytes=32 time=55ms

Ping statistics for 2001:4860:800b::93:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 55ms, Average = 54ms
YAY! Thanks again Beccara!

Who is online

Users browsing this forum: amt, bschapendonk, Dwemer, lurker888, sirbryan, tangent and 98 guests