Hi,
I have a RB5009 router configured with IPv6: see here.
While upgrading from RouterOS version 7.14.3 to 7.17.2, IPv6 had stopped working.
After trying different versions, I found out that IPv6 is working fine with version 7.16.2 and that it stops working from the next version 7.17.
Strange is that when I say that IPv6 is no longer working, my devices receive a dynamic IPv6 which seems to be correct and when I ping6 a domain or an IPv6 domain it doesn’t reply. I have tried disabling firewall, etc. I don’t know where to start.
Are you aware of such issue ? Or are there some settings to adapt, starting from version 7,17 ?
Thanks
Did you try turning off “add-default-route” on the /ipv6 dhcp-client entry? People on this forum have repeatedly said that that setting is a MikroTik’s hack and should not be enabled (except for very rare cases). You already have accept-router-advertisements=yes under /ipv6 settings and should rely on that instead.
Also not related to your issue, but what’s the reason for the extra bridge-wan bridge? It’s totally unnecessary and goes against the recommendations. You should remove it and just use vlan832-orange-internet in the places where that bridge is currently referenced instead.
Hi,
Thank you for your messages.
Indeed CGGXANNX you are right, turning off “add-default-route” was useless in version 7.16.2 and IPv6 was working correctly.
After upgrading to version 7.17.2, IPv6 was working fine. So I have re-enabled “add-default-route” checkbox to confirm that it was the issue. Indeed, IPv6 issue was back !
Disabling was not enough to fix the issue. After a reboot AND a few minutes IPv6 was working fine again with version 7.17.2
Regarding the extra bridge-wan bridge, I didn’t remember, so I have tried - as you said - to replace it by vlan832-orange-internet. When I do this it still works but I have the following error in the configuration:
in/out-bridge-port matcher not possible when interface (vlan832-orange-internet) is not slave
Here is the context in the configuration:
/interface bridge filter
# in/out-bridge-port matcher not possible when interface (vlan832-orange-internet) is not slave
add action=set-priority chain=output dst-port=547 ip-protocol=udp mac-protocol=ipv6 new-priority=6 out-interface=vlan832-orange-internet
# in/out-bridge-port matcher not possible when interface (vlan832-orange-internet) is not slave
add action=set-priority chain=output dst-port=67 ip-protocol=udp mac-protocol=ip new-priority=6 out-interface=vlan832-orange-internet
According all forum messages & articles I have seen on the internet, they all say it’s necessary to set the priority to 6. For example here:
DHCP packets MUST be flagged COS/PCP
DHCPv4 clients use RAW SOCKETS for DISCOVER/REQUEST (init) requests and BSD/UDP SOCKETS for RENEW requests.
In consequence, you CANNOT use netfilter mangle rules to change COS/PCP and DSCP. You MUST use L2 filtering.
On Mikrotik router there switch rules or bridge filters.
I had tried to create a switch rule as described here (in french) but it fails when setting a “New VLAN Priority” value to 6 in the New Switch Rule window in the Action tab:
Couln’t add New Switch Rule - new-vlan-priority not supported for this switch (6)
Seems to be related to the switch model (Marvell 88E6393X)
Marking this discussion as solved
And again thank you for your precious help
In the post above you mentioned that bridge filter set-priority rules are needed because, supposedly, RouterOS’ ip firewall won’t work on these packets. Did you verify that?
