I recently discovered, that my RB4011 with ROS 7.1.3 doesn't get an IPv6 prefix any more. The setup is the following:
Telekom (Germany) <= Draytek Vigor 167 (does vlan (7) taging) <== RB4011 (PPPoE connection (pppoe-telekom) via eth1)
I read about similar problems with the new RB5009 when the vlan taging is done on the router itself but I don't think they are related as in my setup the modem is doing the vlan taging and in the other thread users report that the setup on the rb4011 works.
I'm trying since some days now with different guides like this one from Germany (https://administrator.de/tutorial/ipv6- ... 32633.html) but without success.
Maybe someone has an idea what is wrong with my config:
Code: Select all
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-telekom pool-name="Pool IPv6 Prefix" request=prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input in-interface-list="!TRUSTED LAN"
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="allow CORE clients to access all other VLANs" in-interface="VLAN 20 - Core" \
out-interface-list=VLANs
add action=accept chain=forward comment="allow internet access for allowed VLANs" dst-port=80,443 in-interface-list=\
"INTERNET ACCESS" out-interface-list=WAN protocol=tcp
add action=drop chain=forward comment="drop all"
/ipv6 nd
set [ find default=yes ] interface=vlan-bridge
/ipv6 settings
set accept-redirects=no max-neighbor-entries=819
Code: Select all
01:00:03 dhcp,debug resending..
01:00:03 dhcp,debug,packet send pppoe-telekom -> ff02::1:2%24
01:00:03 dhcp,debug,packet type: solicit
01:00:03 dhcp,debug,packet transaction-id: 8f8107
01:00:03 dhcp,debug,packet -> clientid: 00030001 2cc81b1b a721
01:00:03 dhcp,debug,packet -> oro: 23
01:00:03 dhcp,debug,packet -> elapsed_time: 0
01:00:03 dhcp,debug,packet -> rapid_commit: [empty]
01:00:03 dhcp,debug,packet -> ia_pd:
01:00:03 dhcp,debug,packet t1: 1800
01:00:03 dhcp,debug,packet t2: 2880
01:00:03 dhcp,debug,packet id: 0x7a