Community discussions

MikroTik App
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

IPv6 is not advertising (over PPPoE)

Mon Feb 19, 2018 8:58 pm

Hi guys,

I'm trying to setup my Mikrotik the best way, and I'm satisfied with it... Unless by the fact IPv6 doesn't work properly.
I already setup, and Mikrotik sees my IPv6, I can ping out from mikrotik, etc. My devices connected also gets his IPv6... Until my session PPPoE renew itself (my ISP force the session to renew automatically every 48h), in this case, Mikrotik gets a new Prefix, but it is NOT advertising to my network (until I force it releasing and renewing on device).

When it happens, if I try to ping out (an IPv6 adress) from Mikrotik, it replies perfectly. If I try on my wired computer, it doesn't! (as I said, unless if I reboot the computer, or disable my ethernet, and re-enabling later).

I really don't know what can I do to fix this. It's the only problem I didn't fix yet.

P.S.: if I turn off my Mikrotik and create same scenario in my Archer C7, everything works FLAWLESSLY. Even if the PPPoE renews, devices automatically gets new IPv6, everything works.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 is not advertising (over PPPoE)

Mon Feb 19, 2018 9:26 pm

You forgot to include your configuration export.
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Mon Feb 19, 2018 9:55 pm

You forgot to include your configuration export.
I'm sorry.
# feb/19/2018 16:54:18 by RouterOS 6.41.2
# model = 951G-2HnD

/interface bridge
add admin-mac=D4:CA:6D:0D:B4:AB auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] mac-address=30:B5:C2:FB:B5:A3
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-0DB4AF \
    wireless-protocol=802.11
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1 password=xxxx user=\
    xxxx
add disabled=no interface=ether2 name=pppoe-out2 password=xxxx user=\
    xxxx
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/ipv6 dhcp-server
add address-pool=vivo-pool interface=bridge name=server1
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=pppoe-out2 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.10 mac-address=70:85:C2:51:21:03 server=defconf
add address=192.168.88.20 mac-address=C8:9C:DC:CE:01:DF server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=\
    189.38.95.95,189.38.95.96,2804:10:10::10,2804:10:10::20
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Policy for gaming" \
    new-routing-mark=GAMES passthrough=no protocol=udp src-address=\
    192.168.88.10
add action=mark-routing chain=prerouting comment="Policy for gaming" \
    new-routing-mark=GAMES passthrough=no protocol=udp src-address=\
    192.168.88.20
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=4 gateway=pppoe-out2 routing-mark=GAMES
add distance=5 gateway=pppoe-out1 routing-mark=GAMES
add comment=WAN1 distance=1 gateway=pppoe-out1
add comment=WAN2 distance=2 gateway=pppoe-out2
add comment="TESTE NETWATCH" distance=1 dst-address=4.2.2.4/32 gateway=\
    pppoe-out1
add comment="TESTE NETWATCH" distance=20 dst-address=4.2.2.4/32 type=\
    blackhole
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 address
add from-pool=vivo-pool interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-out1 pool-name=vivo-pool request=\
    prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes managed-address-configuration=yes \
    other-configuration=yes
add advertise-dns=yes disabled=yes hop-limit=64 interface=bridge
/system clock
set time-zone-name=America/Recife
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script="/ip route set [/ip route find  comment=WAN1] disabled=yes" \
    host=4.2.2.4 interval=10s up-script=\
    "/ip route set [/ip route find  comment=WAN1] disabled=no"
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: IPv6 is not advertising (over PPPoE)

Mon Feb 19, 2018 10:37 pm

Your IPv6 ND Prefix lifetime are with default values (valid-lifetime and preferred-lifetime).
The answer: viewtopic.php?f=13&t=131058#p643525
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Tue Feb 20, 2018 8:37 pm

Your IPv6 ND Prefix lifetime are with default values (valid-lifetime and preferred-lifetime).
The answer: viewtopic.php?f=13&t=131058#p643525
As I said there, it didn't fix. :(
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 is not advertising (over PPPoE)

Tue Feb 20, 2018 8:58 pm

Ir will take some time before a changed address is noticed.
The address can be "dynamic", but really it isn't supposed to change every day or two days.
When you cannot convince the ISP that this is unreasonable to do, try to disconnect your line (using schedule and script)
in the middle of the night so you won't have the interruption during the day.
After the mentioned validity times have elapsed the new address should work OK.
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Tue Feb 20, 2018 10:52 pm

Ir will take some time before a changed address is noticed.
The address can be "dynamic", but really it isn't supposed to change every day or two days.
When you cannot convince the ISP that this is unreasonable to do, try to disconnect your line (using schedule and script)
in the middle of the night so you won't have the interruption during the day.
After the mentioned validity times have elapsed the new address should work OK.
I got what you said. I could do what you say, but I'd like to see mikrotik working as it's supposed to do. :/
As I said before, when I'm using OpenWRT, if the connection automatically renews, it leases automatically the new IPv6 to my network.
If I force it to renew, it also leases equaly said above.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 is not advertising (over PPPoE)

Tue Feb 20, 2018 11:58 pm

You have to keep in mind that for MikroTik IPv6 is the stepchild that receives very little attention.
A lot of features are lacking in MikroTIk IPv6 and it may well be that this is one of them or that it has bugs, and that OpenWRT works better.
At my ISP I have a "fixed" address (it can change only when required for network management reasons) and it works sort of OK.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 2:56 am

You have to keep in mind that for MikroTik IPv6 is the stepchild that receives very little attention.
A lot of features are lacking in MikroTIk IPv6 and it may well be that this is one of them or that it has bugs, and that OpenWRT works better.
At my ISP I have a "fixed" address (it can change only when required for network management reasons) and it works sort of OK.
I was thinking about all this stepchild problem. I believe some problems will not be solved until V7. Not because of lack of interest from Mikrotik, but because their kernel is ancient. The IPv6 support on Linux kernel improved quite a lot in recent years. We may be seeing just this...
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 3:50 am

You have to keep in mind that for MikroTik IPv6 is the stepchild that receives very little attention.
A lot of features are lacking in MikroTIk IPv6 and it may well be that this is one of them or that it has bugs, and that OpenWRT works better.
At my ISP I have a "fixed" address (it can change only when required for network management reasons) and it works sort of OK.
I understand you, I really understand.
But, as a new user, I tried to discover the mikrotik-world. I've been studying the RouterOS by the 3 last weeks... I had Archer C7 with OpenWRT and everything was alright, I just tried to take this on mikrotik, my willing is to buy the hAP AC².

In my case, if my connection do not drop by whatever reason, everything will work... I'll stuck with it, let's see if in the future it'll change.

Thanks for your advices.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 11:08 am

I was thinking about all this stepchild problem. I believe some problems will not be solved until V7. Not because of lack of interest from Mikrotik, but because their kernel is ancient. The IPv6 support on Linux kernel improved quite a lot in recent years. We may be seeing just this...
The kernel in v6 is perfectly able to perform features like requested in the wellknown thread, like policy routing, 1:1 (netmap) NAT, etc.
However there is apparently less interest in making IPv6 full-featured.

I can't tell about the problem of this topic, it may be a kernel bug that is fixed in a later kernel and I could understand they would not want
to backport that now.
However, when by now there is not yet a completed "forward port" of all RouterIOS-specific patches in the current kernel to the new kernel
planned to be used on v7, we can surely call it will never be delivered. In the meantime of course the kernel development continues
as well, so by the time v7 is released there again will be features missing.
Besides that there of course will be lots of other work, like making this completely-from-scratch BGP and OSPF implementation that will
solve all problems in that area.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 2:49 pm

The kernel in v6 is perfectly able to perform features like requested in the wellknown thread, like policy routing, 1:1 (netmap) NAT, etc.
However there is apparently less interest in making IPv6 full-featured.
Can it? If I remember correctly, ROS6.x uses a 3.6 kernel. It is REALLY old. Although Linux had IPv6 support from 2.4 (I think) onward, only in the 4.x series it really took off.

If I'm not mistaken, that's it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 3:05 pm

You are mistaken. You forget that in the old days the Linux version number was increasing slowly, and now
it has adopted the common policy of increasing the version number for publicity reasons rather than architectural changes.
Also, 3.6 is not really old, most of my production systems run 3.2 kernels (+ security patches), some 2.6.32 as well.
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 4:36 pm

I got back to my Archer C7 with LEDE, setup everything as it was on Mikrotik (RB951G-2hND) e everything works like a charm.
I still have the will to buy the hAP AC², but I'm kinda insecure about this IPv6 "issue", it's my only trouble with the architecture.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 8:11 pm

You are mistaken. You forget that in the old days the Linux version number was increasing slowly, and now
it has adopted the common policy of increasing the version number for publicity reasons rather than architectural changes.
Also, 3.6 is not really old, most of my production systems run 3.2 kernels (+ security patches), some 2.6.32 as well.
3.6 is from 30 September 2012. 5 and half years old is ancient when we talk about the IPv6 and Linux kernel. The 4.x series started 12 April 2015. Already old hat - and we are past 4.10 now.

Nothing wrong with running a system with good old 3.x - just remember the patches.
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: IPv6 is not advertising (over PPPoE)

Wed Feb 21, 2018 11:55 pm

ROS6 uses kernel 3.3.5.
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: IPv6 is not advertising (over PPPoE)

Thu Feb 22, 2018 3:05 am

I still have the will to buy the hAP AC², but I'm kinda insecure about this IPv6 "issue", it's my only trouble with the architecture.
I found a thread of one year ago.
viewtopic.php?f=2&t=119901#p593106
Is the same subject of before about lifetime, but uses 90 seconds, supposedly works.

The 4.x series started 12 April 2015. Already old hat - and we are past 4.10 now.
The actual version of Linux is 4.15.4 (today).
You see that CentOS 7.4 uses Linux 3.10.
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Thu Feb 22, 2018 3:31 am

I still have the will to buy the hAP AC², but I'm kinda insecure about this IPv6 "issue", it's my only trouble with the architecture.
I found a thread of one year ago.
viewtopic.php?f=2&t=119901#p593106
Is the same subject of before about lifetime, but uses 90 seconds, supposedly works.

The 4.x series started 12 April 2015. Already old hat - and we are past 4.10 now.
The actual version of Linux is 4.15.4 (today).
You see that CentOS 7.4 uses Linux 3.10.
Omg, I used to try some things before switch my device, and was trying something like what you post, but your link is optimized. I can't do the test for now, but I guess it will work. Thanks again!!!

I'll repost if it works.

The next step is to find some (basic) rules and policies for ipv4 (and ipv6) firewal.

Best regards.
 
thiagohfl
newbie
Topic Author
Posts: 27
Joined: Thu Feb 15, 2018 4:46 pm

Re: IPv6 is not advertising (over PPPoE)

Thu Feb 22, 2018 7:41 pm

I still have the will to buy the hAP AC², but I'm kinda insecure about this IPv6 "issue", it's my only trouble with the architecture.
I found a thread of one year ago.
viewtopic.php?f=2&t=119901#p593106
Is the same subject of before about lifetime, but uses 90 seconds, supposedly works.

The 4.x series started 12 April 2015. Already old hat - and we are past 4.10 now.
The actual version of Linux is 4.15.4 (today).
You see that CentOS 7.4 uses Linux 3.10.
Omg, I used to try some things before switch my device, and was trying something like what you post, but your link is optimized. I can't do the test for now, but I guess it will work. Thanks again!!!

I'll repost if it works.

The next step is to find some (basic) rules and policies for ipv4 (and ipv6) firewal.

Best regards.
Posting to say it worked!
Thanks for the whole help.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], Google [Bot], korg, KylieTox, slimmerwifi and 81 guests