Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Not getting IPv6 Prefix via PPPoE  [SOLVED]

Post Reply
 
expresto
just joined
Topic Author
Posts: 3
Joined: Sun Feb 27, 2022 1:33 am

Not getting IPv6 Prefix via PPPoE

Sun Feb 27, 2022 2:06 am

Hello,

I recently discovered, that my RB4011 with ROS 7.1.3 doesn't get an IPv6 prefix any more. The setup is the following:

Telekom (Germany) <= Draytek Vigor 167 (does vlan (7) taging) <== RB4011 (PPPoE connection (pppoe-telekom) via eth1)

I read about similar problems with the new RB5009 when the vlan taging is done on the router itself but I don't think they are related as in my setup the modem is doing the vlan taging and in the other thread users report that the setup on the rb4011 works.

I'm trying since some days now with different guides like this one from Germany (https://administrator.de/tutorial/ipv6- ... 32633.html) but without success.

Maybe someone has an idea what is wrong with my config:
Code: Select all
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-telekom pool-name="Pool IPv6 Prefix" request=prefix

/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input in-interface-list="!TRUSTED LAN"
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="allow CORE clients to access all other VLANs" in-interface="VLAN 20 - Core" \
    out-interface-list=VLANs
add action=accept chain=forward comment="allow internet access for allowed VLANs" dst-port=80,443 in-interface-list=\
    "INTERNET ACCESS" out-interface-list=WAN protocol=tcp
add action=drop chain=forward comment="drop all"

/ipv6 nd
set [ find default=yes ] interface=vlan-bridge

/ipv6 settings
set accept-redirects=no max-neighbor-entries=819
I switched on the dhcp logs and could see that something is happening:
Code: Select all
01:00:03 dhcp,debug resending..
01:00:03 dhcp,debug,packet send pppoe-telekom -> ff02::1:2%24
01:00:03 dhcp,debug,packet type: solicit
01:00:03 dhcp,debug,packet transaction-id: 8f8107
01:00:03 dhcp,debug,packet  -> clientid:   00030001 2cc81b1b a721
01:00:03 dhcp,debug,packet  -> oro: 23 
01:00:03 dhcp,debug,packet  -> elapsed_time: 0
01:00:03 dhcp,debug,packet  -> rapid_commit: [empty]
01:00:03 dhcp,debug,packet  -> ia_pd: 
01:00:03 dhcp,debug,packet    t1: 1800
01:00:03 dhcp,debug,packet    t2: 2880
01:00:03 dhcp,debug,packet    id: 0x7a
Many thanks in advance!
Last edited by expresto on Wed Mar 02, 2022 10:29 am, edited 1 time in total.
Top
 
expresto
just joined
Topic Author
Posts: 3
Joined: Sun Feb 27, 2022 1:33 am

Re: Not getting IPv6 Prefix via PPPoE

Wed Mar 02, 2022 10:17 am

I gave it another try yesterday, resetting the IPv6 firewall and setting the default route only on the pppoe interface. Unfortunately w/o any success.
Code: Select all
/ipv6 pool
add name="Pool IPv6 Link Local Address" prefix=fe80::/56 prefix-length=64
add name="Pool IPv6 Unique Local Address" prefix=fd00::/64 prefix-length=64

/ipv6 dhcp-client
add interface=pppoe-telekom pool-name="Pool IPv6 Global Unique Address" rapid-commit=no request=prefix use-peer-dns=no

/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6

/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANs
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="allow CORE clients to access all other VLANs" in-interface="VLAN 20 - Core" out-interface-list=LANs
add action=accept chain=forward comment="allow internet access for allowed VLANs" dst-port=80,443 in-interface-list="INTERNET ACCESS" out-interface-list=WAN protocol=tcp
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN"

/ipv6 nd
set [ find default=yes ] interface=vlan-bridge

/ipv6 settings
set max-neighbor-entries=8192
This is the pppoe definition:
Code: Select all
/ppp profile
add comment="Telekom VDSL profile" name=VDSL-Telekom only-one=yes
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 dial-on-demand=yes disabled=no interface=ether1 max-mru=1492 max-mtu=1492 name=pppoe-telekom profile=VDSL-Telekom user=***0001@t-online.de
Maybe an observation: There doesn't seem to be any route which is related to the pppoe interface:
Code: Select all
     DST-ADDRESS                               GATEWAY                         DISTANCE
DAc  fe80::%ether1/64                          ether1                                 0
DAc  fe80::%vlan-bridge/64                     vlan-bridge                            0
DAc  fe80::%VLAN 1 - Transport/64              VLAN 1 - Transport                     0
DAc  fe80::%VLAN 20 - Core/64                  VLAN 20 - Core                         0
...
I already tried to add a static route for fe80::%pppoe-telekom/64 with gw pppoe-telekom and also a default route ::/0 with gw pppoe-telekom.

I also used the packet sniffer on pppoe interface but there doesn't seem to be any ipv6 traffic :/

Any suggestion how I could tackle this? Could anyone confirm this is working with ros 7.1.3? I also tried temporarily with 7.1 and 7.2rc4...
Top
 
q3k
just joined
Posts: 2
Joined: Mon Nov 08, 2021 3:51 pm

Re: Not getting IPv6 Prefix via PPPoE

Sun Mar 06, 2022 9:04 pm

I also noticed this issue recently, similar setup (V167, DTAG VDSL).

To me this happened when I upgraded the V167 from FW 5.0 (with some modifications [1] applied) to FW 5.0.1 (with the same modifications applied). I have no idea how it's possible for the firmware of the modem to be involved in any way here. I'll look into it and see if I can figure out what's up.

[1] - https://github.com/q3k/vraytekdigor
Top
 
lfoerster
newbie
Posts: 36
Joined: Mon Mar 07, 2022 1:29 pm

Re: Not getting IPv6 Prefix via PPPoE  [SOLVED]

Mon Mar 07, 2022 1:37 pm

This is definitely a bug with the actual ARM 32Bit version of RouterOS 7.1.3 and can easily be reproduced on a PPPoE xDSL connection with dual stack.
Using this version on an RB model like 4011 it did not work cause RouterOS sends DHCPv6 solicit frames but never reacts on the replies.
Same config, same provider connection but CHR plattform works fine. Downgrading the RB to the latest 6.49 RouterOS version works also fine.
So definitely a bug and a ticket should be opened with Mikrotik !
Top
 
expresto
just joined
Topic Author
Posts: 3
Joined: Sun Feb 27, 2022 1:33 am

Re: Not getting IPv6 Prefix via PPPoE

Tue Apr 19, 2022 11:39 pm

Right, I just wanted to confirm, that after updating to ROS 7.2 it works fine :)
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot] and 30 guests
  4. RouterOS
  5. Beginner Basics