Code: Select all
# ping6 2a00:1450:4017:809::2004
ping6: connect: Network is unreachable
I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.
What I've done so far on MikroTik is to enable ipv6 package and reset router settings to default. Then I could make ping to same host (it's IPv6 of www.google.com) from the router itself by configuring ipv6 dhcp-client. But I'm still unable to ping from my Client PC. I tried also setting up a dhcp server but it was not enough.
Here is the general topolgy
Code: Select all
ISP
- ISP modem
- MikroTik router (RouterOS)
- Client PC (Linux, Ubuntu 20.04)
- Other router (OpenWrt)
- Client PC - the same (Linux, Ubuntu 20.04)
My current ipv6 configuration is as follows:
Code: Select all
/ipv6 export verbose
# may/12/2020 21:43:10 by RouterOS 6.46.6
# software id = A2I4-0M2R
#
# model = RB4011iGS+5HacQ2HnD
/ipv6 dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options="" disabled=no interface=ether1 pool-name=my-ipv6-pool-1 \
pool-prefix-length=64 prefix-hint=::/0 request=address,prefix use-peer-dns=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" disabled=no dynamic=no list=bad_ipv6
add address=::1/128 comment="defconf: lo" disabled=no dynamic=no list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" disabled=no dynamic=no list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=no dynamic=no list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" disabled=no dynamic=no list=bad_ipv6
add address=100::/64 comment="defconf: discard only " disabled=no dynamic=no list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" disabled=no dynamic=no list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" disabled=no dynamic=no list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" disabled=no dynamic=no list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes max-neighbor-entries=\
8192