Lots of difficulty configuring IPV6 and IPV4 in dualstack

RouterOS Beginner Basics
1

Hello everyone,

I’ve spent several hours and conducted hundreds of tests, but I’m still struggling to get IPv4 and IPv6 working in dual stack mode on my Mikrotik router. I’m really at a loss about where the problem lies and am hoping someone here can offer some assistance. I’ve gone through countless tutorials and YouTube videos, but nothing has worked so far.

My ISP provides me with an IPv6 block: 2001:41d0:fc0c:7c00::/56, as well as an IPv4 address 109.190.112.84.

Here’s what I’ve done so far:

Set up a DHCPv6 Client: The status goes to “bound”. Although the ISP’s prefix is /56, I used a /64 prefix pool.

Configured a new IPv6 address on my PPPoE interface: I used a /64 subnet from my /56 block and set advertisement to ‘yes’.

Despite these steps, the dual stack is not functioning correctly. Oddly, my Windows PC connected via Ethernet obtains a local IPv6 address and can ping Google using both IPv4 and IPv6. However, about two-thirds of websites fail to load, suggesting some sort of issue. Here are the results from a remote IPv6 test:

I’m really hoping for some guidance or suggestions on what might be going wrong and how to fix it. Any help would be greatly appreciated.

Full router config :

# jan/09/2024 20:09:20 by RouterOS 7.7
# software id = ZHQH-GNJ2
#
# model = CCR2116-12G-4S+
/interface bridge
add name=LAN
/interface pppoe-client
add add-default-route=yes disabled=no interface=sfp-sfpplus1 name=OVH-WAN use-peer-dns=yes user=***********
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.1.0.2-10.1.15.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN name=dhcp1
/ipv6 dhcp-server
add address-pool=PPPoE interface=LAN name=server1
/port
set 0 name=serial0
/interface bridge port
add bridge=LAN interface=ether1
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
add bridge=LAN interface=ether11
add bridge=LAN interface=ether12
add bridge=LAN interface=sfp-sfpplus2
add bridge=LAN interface=sfp-sfpplus3
add bridge=LAN interface=sfp-sfpplus4
/ipv6 settings
set accept-router-advertisements=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether13 network=192.168.88.0
add address=10.1.0.1/20 interface=LAN network=10.1.0.0
add address=109.190.102.72/29 interface=OVH-WAN network=109.190.102.72
/ip dhcp-server network
add address=10.1.0.0/20 dns-server=91.121.61.147,87.98.149.171,8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1,208.67.222.222,208.67.220.220 gateway=10.1.0.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=OVH-WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.1.0.0/20
set ssh disabled=yes
set api address=10.1.0.0/20
set winbox address=10.1.0.0/20
set api-ssl address=10.1.0.0/20 disabled=yes
/ipv6 address
add from-pool=PPPoE interface=LAN
/ipv6 dhcp-client
add interface=OVH-WAN pool-name=PPPoE request=prefix
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/system clock
set time-zone-name=Europe/Paris
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.fr.pool.ntp.org
add address=1.fr.pool.ntp.org
add address=2.fr.pool.ntp.org
add address=3.fr.pool.ntp.org
/system routerboard settings
set enter-setup-on=delete-key
/tool graphing interface
add
/user settings
set minimum-password-length=16

Thank you so much in advance!

IPV6 macos intermittent packet loss
2

First of all: IPv6 firewall is non-existant, so your router and LAN are wide open to attacks via IPv6. Strictly speaking IPv4 firewall is non-existing as well, the difference is that only router is wide open to attacks while LAN is slightly shielded behind NAT (which will mean nothing if/when your router gets hacked).

Next: upgrade router to more recent ROS. Version 7.12.1 seems to be a good one (pretty stable and quite recent; newer ones got some major changes and quite a few new bugs).

Next: I’d disable “accept-router-advertisements”, it’s not needed when internet service is over PPPoE. But some rogue router may mislead your router to use that one as upstream gateway.

Check ipv6 routes … my list includes (a dynamically created) default (destination ::/0) route with gateway set to PPPoE interface name.

Also check MTU settings, PPPoE has, due to additional headers, smaller MTU than underlying ethernet interface. IPv6 doesn’t allow fragmentation but PMTUD sometimes doesn’t work (some ISPs learned that ICMP is a bad thing and block it extensively … while in IPv4 ICMP was not so crucial, in IPv6 it is). There’s a firewall filter rule “hack” which makes MTU issue less problematic. Ideally you would increase MTU on PPPoE interface (but only few ISPs support that), default is set lower than 1500 so it can work with standard ethernet MTU.