I am able to ping Google's DNS from RouterOS:
Code: Select all
> ping address=2001:4860:4860::8844 src-address=2a01:zzzz:87bd:9b0d::
SEQ HOST SIZE TTL TIME STATUS
0 2001:4860:4860::8844 56 252 487us echo reply
1 2001:4860:4860::8844 56 252 472us echo reply
2 2001:4860:4860::8844 56 252 469us echo reply
3 2001:4860:4860::8844 56 252 466us echo reply
4 2001:4860:4860::8844 56 252 486us echo reply
5 2001:4860:4860::8844 56 252 464us echo reply
6 2001:4860:4860::8844 56 252 459us echo reply
sent=7 received=7 packet-loss=0% min-rtt=459us avg-rtt=471us max-rtt=487us
But RouterOS DDNS update is only giving me IPv4 address:
(Already tried toggling DDNS off and on then force update, no dice.)
Code: Select all
> /ip/cloud/print
ddns-enabled: yes
ddns-update-interval: 10m
update-time: yes
public-address: 88.zzz.zzz.74
dns-name: zzzzzzzzzzzz.sn.mynetname.net
status: updated
My configuration (as much as comparable) was working ok on RB4011, so I'm a bit lost as to what I'm missing.
The only difference is that CCR2004 is on 7.14, but so far I haven't seen any reports of IPv6 not working on this version, so I believe this is more of a me-problem.
Any idea what I did wrong here? Thanks in advance!
Here are the IPv6 routes currently present:
Code: Select all
/ipv6/route/print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd+ ::/0 fe80::6208:10ff:feb9:ebfb%sfp28-1 1
DAd+ ::/0 fe80::6208:10ff:feb9:ebfb%sfp28-1 1
DAc ::1/128 lo 0
DAd 2a01:zzzz:87bd:9b00::/56 1
DAc 2a01:zzzz:87bd:9b0b::/64 bridge-uk-172 0
DAc 2a01:zzzz:87bd:9b0c::/64 bridge-uk-254 0
DAc 2a01:zzzz:87bd:9b0d::/64 bridge-uk-10 0
DAc 2a01:zzzz:87bd:9b0e::/64 bridge-uk-253 0
DAc 2a01:zzzz:acf8:a67f:f381:787b:643:492b/128 sfp28-1 0
DAc fc00:0:0:216::/64 back-to-home-vpn 0
DAc+ fdfd::/64 bridge-uk-10 0
DAc+ fdfd::/64 bridge-uk-10 0
DAc+ fdfd:0:0:a00::/64 bridge-uk-10 0
DAc+ fdfd:0:0:a00::/64 bridge-uk-10 0
DAc+ fdfd:0:0:ac00::/64 bridge-uk-172 0
DAc+ fdfd:0:0:ac00::/64 bridge-uk-172 0
DAc+ fdfd:0:0:fd00::/64 bridge-uk-253 0
DAc+ fdfd:0:0:fd00::/64 bridge-uk-253 0
DAc+ fdfd:0:0:fe00::/64 bridge-uk-254 0
DAc+ fdfd:0:0:fe00::/64 bridge-uk-254 0
DAc fe80::%sfp28-1/64 sfp28-1 0
DAc fe80::%bridge-uk-10/64 bridge-uk-10 0
DAc fe80::%bridge-uk-172/64 bridge-uk-172 0
DAc fe80::%bridge-uk-253/64 bridge-uk-253 0
DAc fe80::%bridge-uk-254/64 bridge-uk-254 0
DAc fe80::%wg-tunnel/64 wg-tunnel 0
DAc fe80::%wireguard1/64 wireguard1 0
DAc fe80::%back-to-home-vpn/64 back-to-home-vpn 0
And the rest of the IPv6 configuration - I believe the ula addresses shouldn't interfere with DDNS but happy to be proven wrong.
Code: Select all
/ipv6 pool
add name=ula-fdfd-10 prefix=fdfd:0:0:a00::/56 prefix-length=64
add name=ula-fdfd-0 prefix=fdfd::/56 prefix-length=64
add name=ula-fdfd-172 prefix=fdfd:0:0:ac00::/56 prefix-length=64
add name=ula-fdfd-253 prefix=fdfd:0:0:fd00::/56 prefix-length=64
add name=ula-fdfd-254 prefix=fdfd:0:0:fe00::/56 prefix-length=64
/ipv6 address
add from-pool=isp interface=bridge-uk-10
add from-pool=isp interface=bridge-uk-172
add from-pool=isp interface=bridge-uk-254
add from-pool=isp interface=bridge-uk-253
add address=::1 advertise=no from-pool=ula-fdfd-0 interface=bridge-uk-10
add from-pool=ula-fdfd-10 interface=bridge-uk-10
add from-pool=ula-fdfd-172 interface=bridge-uk-172
add from-pool=ula-fdfd-253 interface=bridge-uk-253
add from-pool=ula-fdfd-254 interface=bridge-uk-254
/ipv6 dhcp-client
add add-default-route=yes interface=sfp28-1 pool-name=isp request=\
address,prefix use-interface-duid=yes use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=zzzzzzzzzzzz.sn.mynetname.net list=wan-ip
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"Deny from Untrusted Bridges to Local Bridges" in-interface-list=\
bridges-untrusted out-interface-list=bridges-all
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=input comment=WireGuard dst-port=13231,13232 \
in-interface-list=wan protocol=udp
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!local
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="web ingress" dst-port=80,443 \
in-interface-list=wan protocol=tcp
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!local
/ipv6 firewall nat
add action=dst-nat chain=dstnat comment="Allow GW to front IPv6 Ingress" \
dst-address-list=wan-ip dst-port=80,443 protocol=tcp to-address=\
fdfd::aaaa:bbbb:cccc:dddd/128
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes dns=\
2001:4860:4860::8888,2001:4860:4860::8844
add dns=fdfd::1 hop-limit=64 interface=bridge-uk-10 \
managed-address-configuration=yes ra-interval=20s-10m
add dns=fdfd::1 hop-limit=64 interface=bridge-uk-172 ra-interval=20s-10m
add dns=fdfd::1 hop-limit=64 interface=bridge-uk-253 ra-interval=20s-10m
add dns=fdfd::1 hop-limit=64 interface=bridge-uk-254 ra-interval=20s-10m