I set some IPv6 addresses on some interfaces:
and the problem is I can’t ping any of it’s interfaces (it’s ok via IPv4) nor I can ping a directly connected client!
It’s so frusrating!
Any help?
What does “/ipv6/route/print” say?
I statically placed the routes, even a route to itself for some kind of a loopback (figured this was the problem)
sorry I’m super new to all these stuff
Routes 1 and 2 are duplicates; remove one.
Route 0 says everything other than 2001:ff02 on that subnet is down ether4. Is that correct?
Hi!
Route 0 is supposed to say any destination address from 2001::ff00 to 2001::ffff are suppoed to get routed via ether4.
the funny thing is I can’t ping my ether4 IPv6 address from my ether4 IPv6 address!!
This is the simplest way I can explain my problem!
for example if you have an interface say ens35 with an IPv4 assigned 10.0.0.1, then you are certainly able to successfully ping it!
like with:
ping -I ens35 10.0.0.1
but the same process can’t be done with my Ipv6 assigned interface
Now that you mention it, that first route shadows the other two, preventing either from taking effect.
But let’s stop playing 20 questions, okay? Export your configuration, sanitize it, and post it into a “code” block.
In IPv4 normally routing engine selects route matching destination which has longest subnet mask. That’s how default (0.0.0.0/0) gets overriden by other rules (e.g. attached subnets, default MT config has 192.168.88.0/24 available on bridge). And screenshot shows one IPv6 route with /120 overriden by two /128 routes.
I somehow remember that ROS might have issues with IPv6 subnets with prefix lengths longer than /64 (similar to issues with /31 in IPv4). But this is just a gut feeling and I may be wrong on this.
Ah. I thought they were checked in order — like firewall rules — until one matched.
# aug/28/2023 06:05:36 by RouterOS 7.3.1
# software id = TI09-7WK3
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether2
set [ find default-name=ether2 ] disable-running-check=no name=ether3
set [ find default-name=ether3 ] disable-running-check=no name=ether4
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 interface=ether4 network=192.168.1.0
add address=172.16.1.1/30 interface=ether3 network=172.16.1.0
/ip route
add dst-address=192.168.2.0/24 gateway=172.16.1.2
/ipv6 address
add address=2001:: interface=ether3
add address=2001::1 interface=ether4
On the ether4 interface I’ve set an IPv6 address 2001::1/64 and there is no ping to or from it!
The thing is I cleared the routes of the previous configurations.
Hi!
Considering your reply I deleted the routes and IPv6 addresses assigned and set a new one with the address of 2001::1/64 and the problem appears to remain intact!
There is no ping:
[admin@BlueSoul] > interface print
Flags: R - RUNNING
Columns: NAME, TYPE, ACTUAL-MTU, MAC-ADDRESS
# NAME TYPE ACTUAL-MTU MAC-ADDRESS
0 R ether2 ether 1500 00:0C:29:96:F2:E0
1 R ether3 ether 1500 00:0C:29:96:F2:EA
2 R ether4 ether 1500 00:0C:29:96:F2:F4
[admin@BlueSoul] > ipv6 address print
Flags: I, D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 IG 2001::/64 ether3 yes
1 IG 2001::1/64 ether4 yes
[admin@BlueSoul] > ping src-address=2001::1 address=2001::1 interface=ether4
SEQ HOST SIZE TTL TIME STATUS
0 could not m...
1 could not m...
sent=2 received=0 packet-loss=100%
[admin@BlueSoul] >
0 IG 2001::/64 ether3 yes
1 IG 2001::1/64 ether4 yes
These two IPv6 addresses are from the same /64 prefix. If one writes out the addresses in full (replacing that double colon with necessary number of zeroes), they are:
2001:0000:0000:0000:0000:0000:0000:0000
2001:0000:0000:0000:0000:0000:0000:0001
(parts highlited with green colour are prefixes).
So if you want to use non-clashing IPv6 addresses (and you do want that), you have to assign addresses from different prefixes, e.g.
2001:0000:0000:0000:0000:0000:0000:0000
2001:0000:0000:0001:0000:0000:0000:0000
or, written with double colon notation:
2001:0:0:0::/64 (or 2001::/64)
2001:0:0:1::/64 (or 2001::1:0:0:0:0 … one can not use double colon in same address more than once, this would make it non-deterministic as double colon serves as variable length zeros and it can be used only once)
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
IPv6 is disabled. I suspect that’s why addresses you self-assigned are marked as Invalid.
Thanks mr.mkx while I hadn’t notice these and these are indeed legit notable information, it doesn’t explain why one can’t ping the interface’s IPv6 address from within
until mr.Kentzo correctly mentioned that the
set disable-ipv6=yes
was actually the main cause of the problem
Thank you for your time.
This was the problem which kept me hanged for several days!!!
Thanks a lot
The problem wouldn’t go away if you hadn’t instructed me to export the configurations
Thank you for your time.
@ThomasJefferson you’re welcome and I want to point out adapting to how this forum works is a commendable accomplishment. Thank you for helping us help you. 
ThomasJefferson, usually disable-ipv6=yes is set when dhcp package is disabled when RouterOS is upgraded from v6 to v7.
In that case, you probably don’t have a firewall! So make sure to check that.
The default firewall rules can be saved using /system default-configuration print file=defconf.txt and pasting the appropriate section in CLI ( /ipv6 firewall { … } )
@nescafe2002
Thanks for the heads up!!