I have a hosted (VPS) mikrotik. I have an IPv6 address and gateway also, that I have received from the hosting provider.
I would like to use that IPv6 address also next to the IPv4.
I have assigned the IPv6 address to the ether1 (WAN) interface, added the IPv6 gateway to routing. Also set up a IPv6 firewall rule:
/ipv6 firewall add action=passthrough chain=input in-interface=ether1 log=yes
Now I can see the incoming icmp packets when I try to ping my IPv6 address, but there’s no response going out. Can you help me what I have missed?
And I can ping the gateway: /ping 2a01:4a0:4a::1
SEQ HOST SIZE TTL TIME STATUS
0 2a01:4a0:4a::1 56 64 2ms echo reply
1 2a01:4a0:4a::1 56 64 1ms echo reply
2 2a01:4a0:4a::1 56 64 1ms echo reply
sent=3 received=3 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms
But can’t ping from router to internet: /ping 2001:4860:4860::8888
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
sent=3 received=0 packet-loss=100%
This is the output:
_ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
DST-ADDRESS GATEWAY DISTANCE
0 S 2000::/3 2a01:4a0:4a::1 1
1 A S 2a01:4a0:4a::1/128 ether1 1
2 ADC 2a01:4a0:4a:3c::/64 ether1 0_
You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active.
_/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 ether1 1
1 S 2000::/3 2a01:4a0:4a::1 1
2 ADC 2a01:4a0:4a:3c::/64 ether1 0_
Edited: deleted the 0 line and without that I couldn't even ping the gateway.
Maybe I should delete every IPv6 related setting and start over? (I don't think that would solve the problem as I would do it the same way...) It looks like it cannot reach the gateway, altough it pings. :S
Still unreachable… Now I have also asked the provider to confirm my ip settings.
I decided I won’t sleep until it won’t work. Or at least until I’ll find out why it doesen’t work.
The service provider confirmed the settings should work.
Subnet Details
Subnet 2a01:4a0:4a:3c::/64
Gateway 2a01:4a0:4a::1
Nameserver 2001:4860:4860::8888
Nameserver 2001:4860:4860::8844
Address to use:
IP Addresses
2a01:4a0:4a:3c::35a4/64
The static global address (fe80::216:3cff:feab:137d/64) has changed to dynamic local automaticaly and there's a new global address (2a01:4a0:4a:3c:216:3cff:feab:137d/64) added:
/ipv6 address>> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::216:3cff:feab:137d/64 ether1 no
1 DL fe80::2/64 xxxxxxx no
2 DL fe80::f0:12b/64 xxxxxx... no
3 DL fe80::3/64 xxxxxxx no
4 G 2a01:4a0:4a:3c:216:3cff:feab:137d/64 ether1 yes
Still not working, I can ping the gateway, but in the routing it shows it as unreachable...
/ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2a01:4a0:4a:3c::35a4/64 ether1 yes
1 DL fe80::216:3cff:feab:137d/64 ether1 no
/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 S 2000::/3 2a01:4a0:4a::1 0
1 X S 2a01:4a0:4a::/64 ether1 0
2 A S 2a01:4a0:4a::1/128 ether1 0
3 ADC 2a01:4a0:4a:3c::/64 ether1 0
I can see the incoming ipv6 traffic when i try to ping 2a01:4a0:4a:3c::35a4/64 from outside. It also tries to respond, but as there’s no route to host it fails.
I can ping the 2a01:4a0:4a::1 gateway from the router, but in the routing it says it’s unreachable. And of course if I wan’t to ping any ipv6 address outside, it says no route to host.
