6to4 - cannot set default GW

ZeroByte · February 2, 2016, 4:30pm

I’ve been playing around with 6to4 in GNS3 on Cisco and decided to try it on Mikrotik, but with the real Internet.

I set up my 6to4 tunnel interface, and chose the appropriate 6to4 prefix for the public IP I’m using.

Tunnel interface and routes are set as follows:

/interface 6to4
add !keepalive local-address=aaa.bbb.ccc.205 mtu=1280 name=v6

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ipv6 address
add address=2002:aabb:cccd:1000::1 interface=ether3

/ipv6 route
add distance=1 gateway=v6,2002:c058:6301::1
add distance=1 dst-address=2002::/16 gateway=v6 scope=10

The 2002::/16 route works, and I can ping 2002:c058:6301::1 (which is the well-known anycast-v6 address for public 6-to-4 relay routers)
However, the default GW remains “unreachable”

This looks like the ol’ recursive next-hop thing, so I set the scope of the 2002::/16 route to be 10, but that didn’t clear it up.
I remember something about recursive next hop lookups having issues in IPv6 for Mikrotik - is this my problem or am I missing a step?

I’m going to try a different setup and post back here, but in the mean time, if anyone has any insights as to what I’ve done wrong here, I’d like to know what my mistake was.

Sob · February 2, 2016, 6:50pm

AFAIK 6to4 gateways in IPv6 format (2002:c058:6301::1) never worked in RouterOS, only in IPv4 format ::192.88.99.1%<interface_name>. And that’s broken since “6to4 mayhem” in RouterOS 6.20. At least access to 2002::/16 was fixed in some later 6.2x, but no luck with gateway elsewhere.

The workaround I got from support is to use dedicated interface for gateway:

/interface 6to4
add !keepalive local-address=1.2.3.4 mtu=1480 name=6to4
add !keepalive local-address=1.2.3.4 mtu=1480 name=6to4-gateway remote-address=192.88.99.1
/ipv6 address
add address=2002:102:304::1/16 advertise=no interface=6to4
/ipv6 route
add distance=1 gateway=6to4-gateway

They did not say when or if they intend to fix it and make it work again with just one 6to4 interface.

wimpy · February 3, 2016, 6:08am

My setup for IPv6 tunnel is as follows (in fact it is for 6in4 tunnel, not 6to4, but MikroTik uses 6to4 interface for both).

/interface 6to4
add !keepalive local-address=a.b.c.d mtu=1480 name=v6_tunnel remote-address=e.f.g.h

/ipv6 address
add address=2001:xxx:yyy:zzz::2 advertise=no interface=v6_tunnel

/ipv6 route
add check-gateway=ping distance=1 dst-address=2000::/3 gateway=2001:xxx:yyy:zzz::1

Setting of gateway as IPv6 address works fine for me.

Sob · February 3, 2016, 11:17am

There’s no problem if you have tunnel with remote-address set (setup used with tunnel brokers).

It’s broken for 6to4 where you have unspecified remote-address and you get 2002:xxxx:xxxx::/48 based on your public IPv4 adddress.