After a few weeks of working on getting IPv6 working, I'm still not up despite other success stories.
ISP: Comcast in Colorado.
I am doing the following steps with ROS 6.2:
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-WAN pool-name=IPv6 use-peer-dns=yes
It binds and shows a prefix consistent with Comcasts IPs. Then I modify ND:
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-dns=yes hop-limit=64 interface=ether2-master-WachsNet other-configuration=yes
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
Then I set the firewall filter rules:
/ipv6 firewall filter
add chain=input connection-state=established
add chain=input connection-state=related
add chain=input dst-port=546 in-interface=ether1-WAN protocol=udp src-port=547
add action=drop chain=input connection-state=invalid
add action=drop chain=input connection-state=new in-interface=ether1-WAN
add chain=forward protocol=icmpv6
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=forward connection-state=new in-interface=!ether1-WAN
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-state=new in-interface=ether1-WAN
Lastly:
/ipv6 address
add address=::/64 from-pool=IPv6 interface=ether2-master-WachsNet
When I print my routes:
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 DS ::/0 fe80::201:5cff:fe65:5... 1
1 ADC 2601:1:9700:16ea::/64 ether2-master-WachsNet 0
2 DSU 2601:1:9700:16ea::/64 1
Two of those are unreachable. If I try to add a static route (below), it is also unreachable:
add distance=1 gateway=ether1-WAN
# DST-ADDRESS GATEWAY DISTANCE
0 DS ::/0 fe80::201:5cff:fe65:5... 1
1 S ::/0 ether1-WAN 1
2 ADC 2601:1:9700:16ea::/64 ether2-master-WachsNet 0
3 DSU 2601:1:9700:16ea::/64 1
I'm doing my best to educate myself on IPv6 but am clearly missing a key point...