Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IPV6 setup  [SOLVED]

Post Reply
 
javornik
just joined
Topic Author
Posts: 11
Joined: Mon May 11, 2020 3:42 pm

IPV6 setup

Tue May 12, 2020 10:22 pm

Hi, I have a challenge setting up IPv6 on my MikroTik router. I cannot figure out how to make it route IPv6 traffic. E.g. I have this error on my client machine:
Code: Select all
# ping6 2a00:1450:4017:809::2004
ping6: connect: Network is unreachable
Using another router (based on latest OpenWrt) things work fine out of the box with automatic configuration. The client automatically configures some routing table on

I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.

What I've done so far on MikroTik is to enable ipv6 package and reset router settings to default. Then I could make ping to same host (it's IPv6 of www.google.com) from the router itself by configuring ipv6 dhcp-client. But I'm still unable to ping from my Client PC. I tried also setting up a dhcp server but it was not enough.

Here is the general topolgy
Code: Select all
ISP
  - ISP modem
      - MikroTik router (RouterOS)
          - Client PC (Linux, Ubuntu 20.04)
      - Other router (OpenWrt)
          - Client PC - the same (Linux, Ubuntu 20.04)
Usually I connect the client to just one of the two routers.

My current ipv6 configuration is as follows:
Code: Select all
/ipv6  export verbose                    
# may/12/2020 21:43:10 by RouterOS 6.46.6
# software id = A2I4-0M2R
#
# model = RB4011iGS+5HacQ2HnD
/ipv6 dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options="" disabled=no interface=ether1 pool-name=my-ipv6-pool-1 \
    pool-prefix-length=64 prefix-hint=::/0 request=address,prefix use-peer-dns=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" disabled=no dynamic=no list=bad_ipv6
add address=::1/128 comment="defconf: lo" disabled=no dynamic=no list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" disabled=no dynamic=no list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=no dynamic=no list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" disabled=no dynamic=no list=bad_ipv6
add address=100::/64 comment="defconf: discard only " disabled=no dynamic=no list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" disabled=no dynamic=no list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" disabled=no dynamic=no list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" disabled=no dynamic=no list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
    managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
    reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes max-neighbor-entries=\
    8192
Last edited by javornik on Tue May 12, 2020 11:13 pm, edited 2 times in total.
Top
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPV6 setup  [SOLVED]

Tue May 12, 2020 10:36 pm

I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.
You need to give your router's bridge interface an IP from the prefix pool:
Code: Select all
/ipv6 address
add address=::1 from-pool=my-ipv6-pool-1 interface=bridge
Top
 
javornik
just joined
Topic Author
Posts: 11
Joined: Mon May 11, 2020 3:42 pm

Re: IPV6 setup

Wed May 13, 2020 12:16 am

Thank you, I just added IP address from the pool as suggested. Now I have a pair of addresses on my pool and another pair (which already existed) - from my ISP-modem-range. It is still not enough.

The routing table on client side didn't change. I manually tweaked it a bit which allowed me to at least ping the pool address which I've just added.

In general my observations are:
* The client routing table didn't change.
* I have a routing rule generated which seems to be within my ISP modem ones. (That used to be there before adding the pool address)
* I didn't have a rule for the MikroTik pool. This is what I tweaked on my Client PC to allow me to ping it:
Code: Select all
ip -6 route add <mypool-addr>::/64 dev enp0s10 metric 1
*
Code: Select all
ping6 2a00:1450:4017:809::2004
still says "Network is unreachable"
* When I manually add a default route on my Client PC:
Code: Select all
ip -6 route add default via <mpool-addr>::1 dev enp0s10 metric 0
Then I get another error:
Code: Select all
PING 2a00:1450:4017:809::2004(2a00:1450:4017:809::2004) 56 data bytes
From <the ISP-modem-range address of my router>%enp0s10 icmp_seq=1 Destination unreachable: Beyond scope of source address
Top
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPV6 setup

Wed May 13, 2020 4:33 am

Can your MikroTik itself ping to the Internet via IPv6? If it can, try pinging to the Internet from the MikroTik itself with src-address set to the ipv6 address that you have on bridge.

If both work, the problem is that the workstation is not properly set up for IPv6 address auto configuration (SLAAC). Your router will be sending router advertisements (RA's) via ICMPv6 that your computer should be receiving and using to autoconfigure an IPv6 address and also receiving a router IP to send packets to. You shouldn't have to be manually configuring routes etc. Windows is set up for IPv6 auto configuration by default - not sure what you have to do in this case.
Top
 
javornik
just joined
Topic Author
Posts: 11
Joined: Mon May 11, 2020 3:42 pm

Re: IPV6 setup

Thu May 14, 2020 12:18 am

It got working fine :-) ping6 to Internet sites works OK from my Client PC.

The key was tweaking ND: either disabling interface=all; or disabling all and adding a new on interface=bridge worked OK for me. I followed the following article: https://www.medo64.com/2018/03/setting- ... -mikrotik/

Once I do that things work OK after removing and re-adding dhcp-client and the pool, even without touching ND settings. After resetting to factory defaults I need the ND tweak again. In the article the ra-interval is more frequent but it also seems to work with default now.
Top
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPV6 setup

Thu May 14, 2020 1:25 am

It got working fine :-) ping6 to Internet sites works OK from my Client PC.

The key was tweaking ND: either disabling interface=all; or disabling all and adding a new on interface=bridge worked OK for me. I followed the following article: https://www.medo64.com/2018/03/setting- ... -mikrotik/

Once I do that things work OK after removing and re-adding dhcp-client and the pool, even without touching ND settings. After resetting to factory defaults I need the ND tweak again. In the article the ra-interval is more frequent but it also seems to work with default now.
This doesn't make sense. I have hundreds of routers out in the field working with IPv6 with basically the default settings. At home I am running exact same ND config you originally had and it works perfectly for everything. Something else must be different.
Top
 
javornik
just joined
Topic Author
Posts: 11
Joined: Mon May 11, 2020 3:42 pm

Re: IPV6 setup

Thu May 14, 2020 7:30 pm

I am also puzzled, since it's not even a different ND configuration that works but just a different sequence of setting things up. I did a bit more investigation and so far I managed to narrow it down to following. The configuration with dhcp-client and an addres in its pool is enough and works OK for me, I'll refer to it as *the ipv6 configuration*:
Code: Select all
/ipv6 dhcp-client add interface=ether1 request=prefix pool-name=my-ipv6-pool-1 add-default-route=yes
/ipv6 address add interface=bridge from-pool=my-ipv6-pool-1 advertise=yes address=::1
However there is something different with the initial boot after resetting config to default
Code: Select all
/system reset-configuration
. Just applying above config on the 1st-after-reset-boot didn't work for me. Following alternative ways can make it working: reboot the router (/system/reboot) before or after the ipv6 configuration. Or disable and enable the nd config - either before or after theipv6 configuration.


I guess something is not quite initialized with ND on the 1st run after reset so it needs a slight "kick" to get it running properly.
Top
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPV6 setup

Thu May 14, 2020 11:19 pm

I guess something is not quite initialized with ND on the 1st run after reset so it needs a slight "kick" to get it running properly.
That makes more sense - I have periodically encountered neighbor discovery issues that a reboot fixes. I never traced them to the first boot after reset though, that is interesting.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 63 guests
  4. RouterOS
  5. Beginner Basics