IPV6 configuration form HE tunnel broker

aplsms · March 13, 2020, 5:56am

Hello,
I have some problem setup ipv6 on my Mikrotik

What I have from HE:

Server IPv4 Address:64.62.134.130
Server IPv6 Address:2001:470:66:c15::1/64

Client IPv4 Address:198.27.150.230
Client IPv6 Address:2001:470:66:c15::2/64

Routed IPv6 Prefixes
Routed /64:2001:470:67:c15::/64
Routed /48:2001:470:4ba7::/48 

/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=198.27.150.230 mtu=1280 name=sit1 remote-address=64.62.134.130
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:66:c15::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:66:c15::2/64 advertise=no disabled=no eui-64=no interface=sit1

so I able to ping my Mikrotik from outside:

$ ping6 2001:470:66:c15::2
PING 2001:470:66:c15::2(2001:470:66:c15::2) 56 data bytes
64 bytes from 2001:470:66:c15::2: icmp_seq=1 ttl=58 time=8.61 ms
64 bytes from 2001:470:66:c15::2: icmp_seq=2 ttl=58 time=9.10 ms
^C
--- 2001:470:66:c15::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 8.612/8.857/9.102/0.245 ms

Now I need setup Ipv6 on my lan:
I have few VLAN. so my setup looks like:

> 
/ipv6 export
# mar/12/2020 22:40:06 by RouterOS 6.46.4
# software id = N28H-BXPP
#
# model = RouterBOARD 750G r2
# serial number = 64FC059EB6A6
/ipv6 dhcp-server
add address-pool=IPv6-pool-20 interface=bridge-v-20 name=IPv6-DHCP-20
add address-pool=IPv6-pool-25 interface=bridge-v-25 name=IPv6-DHCP-25
/ipv6 pool
add name=IPv6-pool-20 prefix=2001:470:4ba7:20::/64 prefix-length=64
add name=IPv6-pool-25 prefix=2001:470:4ba7:25::/64 prefix-length=64
/ipv6 address
add address=2001:470:66:c15::2 advertise=no interface=sit1
add address=2001:470:4ba7:20::1 interface=bridge-v-20
add address=2001:470:4ba7:25::1 interface=bridge-v-25
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=2001:470:67:c15::/64 list=allowed
add address=ff02::/16 comment=multicast list=allowed
add address=2001:470:67:c15:14c0:4961:5ccd:f80d/128 list=allowed-ssh
add address=2001:470:4ba7::/48 list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="Allow established connections" connection-state=established
add action=accept chain=input comment="Allow related connections" connection-state=related
add action=accept chain=input comment="Allow limited ICMP" limit=50/5s,5 protocol=icmpv6
add action=accept chain=forward comment="Allow UDP" protocol=udp
add action=accept chain=input comment="Allow ssh to this host" dst-address-list=allowed-ssh dst-port=22 protocol=tcp
add action=drop chain=input in-interface=sit1 log=yes log-prefix=dropLL_from_public src-address=fe80::/16
add action=drop chain=input
add action=accept chain=forward comment="Allow any to internet" out-interface=sit1
add action=accept chain=forward comment="Allow established connections" connection-state=established
add action=accept chain=forward comment="allow ssh to this hosts" dst-address-list=allowed-ssh dst-port=22 protocol=tcp
add action=accept chain=forward comment="Allow related connections" connection-state=related
add action=drop chain=forward
/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=bridge1
add advertise-dns=no ra-lifetime=none
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=2001:470:66:c15::1

Hosts from my LAN are receiving IP from proper IPv6 subnet, but router is looks like not correct.

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether a0:99:9b:06:8f:45
	inet6 fe80::cea:8bb0:5cd6:b4ee%en0 prefixlen 64 secured scopeid 0x4
	inet6 2001:470:4ba7:20:1007:3fb8:5178:41fe prefixlen 64 autoconf secured
	inet6 2001:470:4ba7:20:d103:2f3c:5880:7dc prefixlen 64 autoconf temporary
	inet 10.10.20.119 netmask 0xfffffc00 broadcast 10.10.23.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active

and router fe80::e68d:8cff:fee8:f62e – internal default address on microbic interface

[apl@router.petrenko.me] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     FROM-POOL INTERFACE                                                                                               ADVERTISE
 0 DL fe80::3:c61b:a0eb/64                      sit1                         no
 1 DL fe80::e68d:8cff:fee8:f62e/64              bridge1                      no
 2 DL fe80::e68d:8cff:fee8:f62e/64              vlan1                        no
 3 DL fe80::e68d:8cff:fee8:f62d/64              [0] WAN Uplink               no
 4 DL fe80::e68d:8cff:fee8:f62e/64              bridge-v-20                  no
 5 DL fe80::e68d:8cff:fee8:f62e/64              bridge-v-25                  no
 6  G 2001:470:66:c15::2/64                     sit1                         no
 7  G 2001:470:4ba7:20::1/64                    bridge-v-20                  yes
 8  G 2001:470:4ba7:25::1/64                    bridge-v-25                  yes

on any LAN client any access by ipV6 I have

$ ping6 www.google.com     
ping6: UDP connect: No route to host

Please help me fix this error.

pe1chl · March 13, 2020, 2:00pm

Remember that DHCPv6 server is not going to work to assign addresses.
It is probably best to remove DHVPv6 server config, at least until you fully understand what that means.
Addresses are to be assigned using SLAAC and will obtain the router address from that.
You should have a default route “via fe80::…” (the local link address) on your clients.

aplsms · March 13, 2020, 11:22pm

I did it. nothing changed on client side:
details pointed ro utun*, not to en0

$ netstat -rn -f inet6
Routing tables

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 fe80::%utun0                    UGcI          utun0
default                                 fe80::%utun1                    UGcI          utun1
default                                 fe80::%utun2                    UGcI          utun2
default                                 fe80::%utun3                    UGcI          utun3
default                                 fe80::%utun4                    UGcI          utun4
default                                 fe80::%utun5                    UGcI          utun5
default                                 fe80::%utun6                    UGcI          utun6
default                                 fe80::%utun7                    UGcI          utun7
default                                 fe80::%utun8                    UGcI          utun8
default                                 fe80::%utun9                    UGcI          utun9
default                                 fe80::%utun10                   UGcI         utun10
::1                                     ::1                             UHL             lo0
2001:470:4ba7:20:1007:3fb8:5178:41fe    a0:99:9b:6:8f:45                UHL             lo0
2001:470:4ba7:20:1cea:e7d4:318b:2e3f    a8:60:b6:2a:a7:d                UHLI            en0
2001:470:4ba7:20:342a:debb:795e:258f    a8:60:b6:2a:a7:d                UHLI            en0
2001:470:4ba7:20:41a0:6aea:d252:c931    a8:60:b6:2a:a7:d                UHLI            en0
2001:470:4ba7:20:a17e:7872:27a0:8ada    a8:60:b6:2a:a7:d                UHLI            en0
2001:470:4ba7:20:fd3f:6ef4:626a:5acd    a0:99:9b:6:8f:45                UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::851:53b9:5342:c458%en0            a8:60:b6:2a:a7:d                UHLWI           en0
fe80::cea:8bb0:5cd6:b4ee%en0            a0:99:9b:6:8f:45                UHLI            lo0
fe80::e68d:8cff:fee8:f62e%en0           e4:8d:8c:e8:f6:2e               UHLWIr          en0
fe80::%awdl0/64                         link#9                          UCI           awdl0
fe80::109c:e6ff:fe3c:1ac2%awdl0         12:9c:e6:3c:1a:c2               UHLI            lo0
fe80::%llw0/64                          link#10                         UCI            llw0
fe80::109c:e6ff:fe3c:1ac2%llw0          12:9c:e6:3c:1a:c2               UHLI            lo0
fe80::%utun0/64                         fe80::b416:625:4dce:a410%utun0  UcI           utun0
fe80::b416:625:4dce:a410%utun0          link#11                         UHLI            lo0
fe80::%utun1/64                         fe80::e0e2:d0c2:5506:bf87%utun1 UcI           utun1
fe80::e0e2:d0c2:5506:bf87%utun1         link#12                         UHLI            lo0
fe80::%utun2/64                         fe80::4dce:96a3:1c17:e387%utun2 UcI           utun2
fe80::4dce:96a3:1c17:e387%utun2         link#13                         UHLI            lo0
fe80::%utun3/64                         fe80::a9ef:664b:3d36:244f%utun3 UcI           utun3
fe80::a9ef:664b:3d36:244f%utun3         link#14                         UHLI            lo0
fe80::%utun4/64                         fe80::53cf:3a05:f50a:6ada%utun4 UcI           utun4
fe80::53cf:3a05:f50a:6ada%utun4         link#15                         UHLI            lo0
fe80::%utun5/64                         fe80::658f:6f9:141b:db9e%utun5  UcI           utun5
fe80::658f:6f9:141b:db9e%utun5          link#16                         UHLI            lo0
fe80::%utun6/64                         fe80::d87b:84ca:9604:44c4%utun6 UcI           utun6
fe80::d87b:84ca:9604:44c4%utun6         link#17                         UHLI            lo0
fe80::%utun7/64                         fe80::5446:fd1:1811:534e%utun7  UcI           utun7
fe80::5446:fd1:1811:534e%utun7          link#18                         UHLI            lo0
fe80::%utun8/64                         fe80::42f1:185d:ebae:80f7%utun8 UcI           utun8
fe80::42f1:185d:ebae:80f7%utun8         link#19                         UHLI            lo0
fe80::%utun9/64                         fe80::c554:8c3d:8106:bce8%utun9 UcI           utun9
fe80::c554:8c3d:8106:bce8%utun9         link#20                         UHLI            lo0
fe80::%utun10/64                        fe80::c925:c583:648c:e684%utun10 UcI          utun10
fe80::c925:c583:648c:e684%utun10        link#21                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%awdl0/32                         link#9                          UmCI          awdl0
ff01::%llw0/32                          link#10                         UmCI           llw0
ff01::%utun0/32                         fe80::b416:625:4dce:a410%utun0  UmCI          utun0
ff01::%utun1/32                         fe80::e0e2:d0c2:5506:bf87%utun1 UmCI          utun1
ff01::%utun2/32                         fe80::4dce:96a3:1c17:e387%utun2 UmCI          utun2
ff01::%utun3/32                         fe80::a9ef:664b:3d36:244f%utun3 UmCI          utun3
ff01::%utun4/32                         fe80::53cf:3a05:f50a:6ada%utun4 UmCI          utun4
ff01::%utun5/32                         fe80::658f:6f9:141b:db9e%utun5  UmCI          utun5
ff01::%utun6/32                         fe80::d87b:84ca:9604:44c4%utun6 UmCI          utun6
ff01::%utun7/32                         fe80::5446:fd1:1811:534e%utun7  UmCI          utun7
ff01::%utun8/32                         fe80::42f1:185d:ebae:80f7%utun8 UmCI          utun8
ff01::%utun9/32                         fe80::c554:8c3d:8106:bce8%utun9 UmCI          utun9
ff01::%utun10/32                        fe80::c925:c583:648c:e684%utun10 UmCI         utun10
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%awdl0/32                         link#9                          UmCI          awdl0
ff02::%llw0/32                          link#10                         UmCI           llw0
ff02::%utun0/32                         fe80::b416:625:4dce:a410%utun0  UmCI          utun0
ff02::%utun1/32                         fe80::e0e2:d0c2:5506:bf87%utun1 UmCI          utun1
ff02::%utun2/32                         fe80::4dce:96a3:1c17:e387%utun2 UmCI          utun2
ff02::%utun3/32                         fe80::a9ef:664b:3d36:244f%utun3 UmCI          utun3
ff02::%utun4/32                         fe80::53cf:3a05:f50a:6ada%utun4 UmCI          utun4
ff02::%utun5/32                         fe80::658f:6f9:141b:db9e%utun5  UmCI          utun5
ff02::%utun6/32                         fe80::d87b:84ca:9604:44c4%utun6 UmCI          utun6
ff02::%utun7/32                         fe80::5446:fd1:1811:534e%utun7  UmCI          utun7
ff02::%utun8/32                         fe80::42f1:185d:ebae:80f7%utun8 UmCI          utun8
ff02::%utun9/32                         fe80::c554:8c3d:8106:bce8%utun9 UmCI          utun9
ff02::%utun10/32                        fe80::c925:c583:648c:e684%utun10 UmCI         utun10

interface:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether a0:99:9b:06:8f:45
	inet6 fe80::cea:8bb0:5cd6:b4ee%en0 prefixlen 64 secured scopeid 0x4
	inet 10.10.20.119 netmask 0xfffffc00 broadcast 10.10.23.255
	inet6 2001:470:4ba7:20:1007:3fb8:5178:41fe prefixlen 64 autoconf secured
	inet6 2001:470:4ba7:20:fd3f:6ef4:626a:5acd prefixlen 64 autoconf temporary
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active

aplsms · March 14, 2020, 3:56am

Issue fixed. thank you for help.
after set ra-interval=3m20s-10m ra-delay=3s ra-lifetime=30m it’s working fine.