6to4 first configuration

Redmor · November 3, 2018, 3:15pm

Hello,

I’m trying to set up 6to4 to have IPv6 connectivity, and I’ve encountered some problems.
I have a public static IPv4 for my home network.

Let’s start with configuration:

IPv4 1.2.3.4 (example)
IPv6 2002:0102:0304::/48
DNSv6 2001:4860:4860::8888 and 2001:4860:4860:8844

/interface 6to4
add disabled=no !keepalive local-address=1.2.3.4 name=6to4-tunnel1 remote-address=192.88.99.1

/ipv6 address
add address=2002:0102:0304::1/64 advertise=yes interface=bridge-LAN disabled=no

Other configurations are default.

Here’s what I can do:

I can ping 2002:0102:0304::1/64 from the outside and open RB with that IP.
I can ping every IPv6 on the Internet. (only with my PC)

Here are the problems:

I’m not able to open IPv6 only sites except for ipv6.google.com (PC)
With Android I cannot even open ipv6.google.com
In IPv6 Neighbors I can see 2002:0102:0304:PCMAC/64 but I can’t see 2002:0102:0304:SMARTPHONEMAC/64, I can see both link-local IPs
With IPv6, my smartphone takes a minute to find that there’s Internet connectivity on my Wi-Fi.
After a short while, I can’t ping anymore IPv6s with my PC.
Why I’m seeing, for each device, two IPv6s with prefix 2002:0102:0304::/64? Is that normal?

Other question:
What I have to do to give IPv6 to another RB with only private IPv4 connected L2 to the one with IPv6? Like DHCP just to say.

Am I doing something wrong? I can’t wait to MK IPv6 next course

xvo · November 3, 2018, 4:15pm

1-5: You need to advertise dns for your deviced:
IPv6 → ND

6: Yes, that is normal.

DHCPv6 is ROS is currently incapable of handing addresses - only prefixes.
All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool.
So you can:

assign the address manually on the interface facing first RB with advertise=no
DHCPv6 server on the first RB to hand out the prefix.
DHCPv6-client on second RB to get the prefix
address from pool on the LAN interface of the second RB with advertise=yes

Clients on the LAN of second RB will get their addresses from the prefix handed by first RB

sutrus · November 3, 2018, 4:59pm

/interface 6to4
add disabled=no !keepalive local-address=1.2.3.4 name=6to4-tunnel1 remote-address=192.88.99.1

local-address = wan IP
remote-address = address of the tunnel end

xvo · November 3, 2018, 5:19pm

That’s right and 192.88.99.1 is the right remote-address for 6to4

Redmor · November 7, 2018, 1:14pm

I’m already advertising DNS and both my devices (non RB) got it, as well as an IPv6 like prefix:subnet:MAC-Address, but I can’t open only IPv6 sites.
I’m also using IPv4 for LAN, maybe that can cause problems?
I read about DHCPv6 but I didn’t use it during my tests.

xvo · November 7, 2018, 2:03pm

1-5: You need to advertise dns for your deviced:
IPv6 → ND

6: Yes, that is normal.

DHCPv6 is ROS is currently incapable of handing addresses - only prefixes.
All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool.
So you can:

assign the address manually on the interface facing first RB with advertise=no

DHCPv6 server on the first RB to hand out the prefix.

DHCPv6-client on second RB to get the prefix

address from pool on the LAN interface of the second RB with advertise=yes

Clients on the LAN of second RB will get their addresses from the prefix handed by first RB

I’m already advertising DNS and both my devices (non RB) got it, as well as an IPv6 like prefix:subnet:MAC-Address, but I can’t open only IPv6 sites.
I’m also using IPv4 for LAN, maybe that can cause problems?
I read about DHCPv6 but I didn’t use it during my tests.

The problem with “native” 6to4 is that you can’t choose which relay to use, and if the one you are connected to is not working properly, there is nothing you can do about it.
You don’t even have a way to figure out whether the problem is on your side or not.

I use HE tunnel and don’t have any issues with it.
You can try it, at least to rule out the possible misconfigurations on your side.