Dear all,
I woudl be grateful if some kind sould could give me a hint what might be the problem here: My ISP delivers v6, if I connect a Windows 10 laptop to the “LAN” interface, it gets an address, but claims there is no Internet connection:
The DHCPv6 client add-default-route=yes is a hacky bodge. There is no default gateway information provided by DHCPv6, the client uses the address of the DHCPv6 server from which the address/prefix/other information was received - this works if the DHCPv6 server and the default gateway are the same host, but otherwise fails.
The correct method is to set add-default-route=no and use received router advertisments (RA). On v6 the default IPv6 settings include forward=yes and accept-router-advertisements=yes-if-forwarding-disabled, as you need forwarding set accept-router-advertisements=yes. I’ve not looked to see if v7 behaves in the same way, and I recall there may have been / are issues with RA in v7.
Ideally Mikrotik should implement accepting RAs per-interface rather than globally, plus other features as described in RFC7084.
Thanks to all, I am, getting closer but not yet there . @tdw: I am not using the Mikrotik DHCPv6 server and DHCPv6 client “add-default-route” yes or no does not seem to make a difference.
The configuration below works in the sense that the attached Windows machine connects via v6 to the Internet. However, the router itself still as a problem: ping to the DNS server times out from the router. ::2 is the LAN interface, so the packet seems to go into the wrong direction.
[admin@MikroTik] > tool/traceroute 2a02:ca00:dc:101::51
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 2a02:ca00:cc00:302::2 0% 1 1.1ms 1.1 1.1 1.1 0
2 100% 1 timeout
3 100% 1 timeout
Here’s the config that connects the attached PC:
# mar/17/2022 09:11:08 by RouterOS 7.1.3
# software id = 5KFC-ED20
# model = 450G
/interface ethernet
set [ find default-name=ether3 ] name=LAN
set [ find default-name=ether5 ] name=WAN
/ipv6 settings
set accept-router-advertisements=yes
/ipv6 address
add address=::2 from-pool=TPP-v6 interface=LAN
/ipv6 dhcp-client
add interface=WAN pool-name=TPP-v6 request=address,prefix
/ipv6 nd
set [ find default=yes ] managed-address-configuration=yes other-configuration=yes
The accept-router-advertisements=yes is currently broken in all v7 versions (up to and including 7.1.3 and 7.2rc4) and only works with disabled forwarding (/ipv6/settings/set forward=no), but that’s not good if you want IPv6 not only for router, but also for connected devices.
As a temporary solution, you should be able to find gateway if you ping multicast address of all routers on WAN interface:
/ping interface=WAN address=ff02::2
either there will be response(s), or (I tried two routers with 50% success) at least gateway’s link-local address should appear in /ipv6/neighbor. Pick the right one from (if there are more, trial & error is your friend):
Thanks for the hint. I tried this and identified fe80::6e6c:d3ff:fe6e:20c9 as the likely gateway. But are already two such dynamic entries in my routing table (added by dhcp client):
[admin@MikroTik] > ipv6/route/print
Flags: D - DYNAMIC; I, A - ACTIVE; c, d, y - COPY; H - HW-OFFLOADED; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd + ::/0 fe80::6e6c:d3ff:fe6e:20c9%WAN 1
DAd + ::/0 fe80::6e6c:d3ff:fe6e:20c9%WAN 1
DAc 2a02:ca00:cc00:302::/64 WAN 0
DAd 2a02:ca01:200:f00::/56 1
DIcH 2a02:ca01:200:f00::/64 LAN 0
DAc fe80::%ether1/64 ether1 0
DAc fe80::%WAN/64 WAN 0
I added another static route just to make sure, but the icmp packet to the nameserver 2a02:ca00:dc:101::51 still goes to the LAN interface… it seems like the route is not active or something…?
If you look at whole address, not just at ::2 at the end, you’ll see that it’s not going to LAN, that first hop is from /64 that you have on WAN. I’d expect that this address could also work as gateway. Look in /ipv6/neighbour if it has same MAC address as that link-local fe80::6e6c… you found.
Another thing you could try is to use some online ping to get incoming packets to either the address on WAN or anything from LAN prefix. You can log them with:
If you look at whole address, not just at ::2 at the end, you’ll see that it’s not going to LAN
You’re right … I still have to get used to v6 addresses, my bad.
I did a traceroute from the succussfully connected PC and used the first hop as a gateway, which works.I am just somewhat surprised by the packet loss.
Thanks a bunch!
One problem I see with this explanation is that you cracked the chicken and egg problem, you couldn’t have it working from PC behind router, if router itself didn’t have working default route.
Good point, I don’t understand it either . The router behaves strange in several ways, see e.g below. Both pings work perfect on the PC it copnnects via v6, and both the PC and the router use the same DNS server. The router configuration is as simple as it can be, so I cannot see what could be wrong.
[admin@MikroTik] > ping ipv6.google.com
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
failure: dns name exists, but no appropriate record
[admin@MikroTik] > ping google.com
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
3 no route to host
sent=4 received=0 packet-loss=100%
Thanks sigh.
It seems like :resolve does not return a v6 address for hosts with both v4 and v6. This is probably the reason for problems like
[admin@MikroTik] > system/package/update/check-for-updates
channel: stable
installed-version: 7.1.3
status: ERROR: no internet connection
[admin@MikroTik] > ping [:resolve www.google.com]
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
sent=3 received=0 packet-loss=100%
.