Community discussions

MikroTik App
 
liteforce
newbie
Topic Author
Posts: 44
Joined: Sun Aug 16, 2009 8:06 pm

Framed-IPv6-Prefix

Fri Dec 23, 2011 2:12 am

Hi folks,

We are having mega fun trying to get RouterOS/PPC 5.11 to do anything with a statically-configured Framed-IPv6-Prefix: attribute.

Just in case it makes any difference, this is L2TP/PPP rather than PPPoE/PPP but the basic concepts are the same.

This is the base PPP profile:
/ppp profile
set default change-tcp-mss=yes name=default only-one=default remote-ipv6-prefix-pool=none \
    use-compression=default use-encryption=default use-ipv6=yes use-mpls=default \
    use-vj-compression=default
add change-tcp-mss=yes dhcpv6-pd-pool=adsl-dhcpv6-test dns-server=192.0.2.1,192.0.2.2 \
    local-address=192.0.2.254 name=default-l2tp only-one=default remote-ipv6-prefix-pool=\
    adsl-prefix-test use-compression=no use-encryption=no use-ipv6=yes use-mpls=no \
    use-vj-compression=no
set default-encryption change-tcp-mss=yes name=default-encryption only-one=default \
    remote-ipv6-prefix-pool=none use-compression=default use-encryption=yes use-ipv6=yes use-mpls=\
    default use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=1m use-radius=yes
Using the above with a remote-ipv6-prefix-pool: attribute, whenever a user connects and successfully negotiates IPv6CP with our router, they receive a dynamically allocated prefix from that pool and it is routed over that users' PPP interface from our side.

The interesting part is that if we statically set a remote-ipv6-prefix: for a user:
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=sampleuser@ourrealm.net.uk \
    password=blah profile=default-l2tp remote-address=192.0.2.10 remote-ipv6-prefix=\
    2001:db8:1000:2::/64 routes="" service=l2tp
... it doesn't have any effect whatsoever - they still continue to receive a prefix from the pool.

Now, as we want to statically assign prefixes to users anyway, we remove the pool from the PPP profile and as a result of that, the user now receives no prefix whatsoever.

I have also tested this with FreeRADIUS 2.1.12 (but tried it with local user config in case it was a RADIUS issue on our part) and radcheck/radreply tables are below:
mysql> SELECT * FROM radcheck WHERE username = 'sampleuser@ourrealm.net.uk';
+-----+----------------------------+--------------------+----+----------+
| id  | username                   | attribute          | op | value    |
+-----+----------------------------+--------------------+----+----------+
| 164 | sampleuser@ourrealm.net.uk | Cleartext-Password | := | blah     | 
+-----+----------------------------+--------------------+----+----------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radreply WHERE username = 'sampleuser@ourrealm.net.uk';
+------+----------------------------+------------------------------+----+----------------------+------+
| id   | username                   | attribute                    | op | value                | type |
+------+----------------------------+------------------------------+----+----------------------+------+
| 1986 | sampleuser@ourrealm.net.uk | Mikrotik-Delegated-IPv6-Pool | := | 2001:db8:1002::/48   | l2tp | 
| 1984 | sampleuser@ourrealm.net.uk | Framed-IP-Address            | := | 192.0.2.10           | l2tp | 
| 1988 | sampleuser@ourrealm.net.uk | Framed-IPv6-Prefix           | := | 2001:db8:1000:2::/64 | l2tp | 
+------+----------------------------+------------------------------+----+----------------------+------+
3 rows in set (0.00 sec)
Our RADIUS returns all three attributes and while the Mikrotik-Delegated-IPv6-Pool one is handled properly by RouterOS as in it is visible when doing a '/ipv6 dhcp-server print', the Framed-IPv6-Prefix: attribute is *not* handled even though debug logs from our end show the prefix being returned by our RADIUS and it is a valid prefix (not one which is hex-mangled as mentioned by earlier posters).

The NAS (mpd5 on FreeBSD) which we are currently using handles Framed-IPv6-Prefix attributes from our RADIUS with no problems.

If we are doing something wrong, I am happy to hold my hands up and apologize to the lads in Latvia for complaining unnecessarily but as it stands, I think there is definitely something amiss with Framed-IPv6-Prefix handling in RouterOS 5.x.

I'm happy to send a supout or provide further information where required.

Regards,
Terry Froy
Spilsby Internet Solutions
http://www.spilsby.net/
 
liteforce
newbie
Topic Author
Posts: 44
Joined: Sun Aug 16, 2009 8:06 pm

Re: Framed-IPv6-Prefix

Fri Dec 23, 2011 3:16 am

I have now verified that this exact behaviour is replicated in 5.9 and 5.12rc1 (didn't try 5.10 as this router requires EoIP).

We are leaving this device at 5.12rc1 until we find a good reason to downgrade it back to 5.11.

Regards,
Terry Froy
Spilsby Internet Solutions
http://www.spilsby.net/
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Framed-IPv6-Prefix

Thu Dec 29, 2011 8:30 am

check in next RouterOS release.
 
liteforce
newbie
Topic Author
Posts: 44
Joined: Sun Aug 16, 2009 8:06 pm

Re: Framed-IPv6-Prefix

Mon Jan 02, 2012 11:11 am

Hi Janis,

Framed-IPv6-Prefix now works fine in 5.12rc1 (Build Timestamp: Dec/29/2011 13:35:29)

Thanks very much for that!

Are there any plans to add support for Framed-IPv6-Route in the near future ?

(route a v6 prefix but *not* advertise to the remote PPP endpoint)

Regards,
Terry Froy
Spilsby Internet Solutions
http://www.spilsby.net/
 
liteforce
newbie
Topic Author
Posts: 44
Joined: Sun Aug 16, 2009 8:06 pm

Re: Framed-IPv6-Prefix

Sat Jan 21, 2012 9:04 pm

Confirmed fixed in 5.12 (as per the changelog).

Regards,
Terry Froy
Spilsby Internet Solutions
http://www.spilsby.net/
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Framed-IPv6-Prefix

Mon Jan 23, 2012 12:11 pm

thanks for confirming that it is fixed
 
User avatar
Jeeves
just joined
Posts: 22
Joined: Mon Aug 16, 2010 2:55 pm
Contact:

Re: Framed-IPv6-Prefix

Wed Feb 15, 2012 2:12 pm

Hmm. I must be doing something wrong then.

My Mikrotik still hands out prefixes of its own pool instead of what Radius tells it. See debuglogging and configuration below. If someone can enlighten me, please do. :)

Thanks.

Radius reply:
13:08:57 radius,debug,packet received Access-Accept with id 18 from 31.3.104.47:1812 
13:08:57 radius,debug,packet     Signature = 0xb336a4431e29721eb3d6a52530d6fabb 
13:08:57 radius,debug,packet     Service-Type = 2 
13:08:57 radius,debug,packet     Framed-Protocol = 1 
13:08:57 radius,debug,packet     Framed-IP-Address = 192.168.210.192 
13:08:57 radius,debug,packet     Framed-IP-Netmask = 255.255.255.0 
13:08:57 radius,debug,packet     MT-Wireless-PSK = "2a03:7900:201:e00::/56" 
13:08:57 radius,debug,packet     Framed-IPv6-Prefix = 2a03:7900:202::/64 
DHCPv6:
13:09:06 dhcp,debug,packet recv <pppoe-tuxis> fe80::dcf6:5009:adfc:cf12 -> ff02::1:2 
13:09:06 dhcp,debug,packet solicit 
13:09:06 dhcp,debug,packet transaction-id: aa93ad 
13:09:06 dhcp,debug,packet  -> clientid:  00030001 586d8f15 547b 
13:09:06 dhcp,debug,packet  -> ia_na:  00000000 00000e10 00001518 
13:09:06 dhcp,debug,packet  -> oro:  00170018 001f 
13:09:06 dhcp,debug,packet  -> elapsed_time: 0 
13:09:06 dhcp,debug,packet  -> ia_pd:  
13:09:06 dhcp,debug,packet    t1: 3600 
13:09:06 dhcp,debug,packet    t2: 5400 
13:09:06 dhcp,debug,packet    id: 0x0 
13:09:06 dhcp,debug processing iapd: 0x0 
13:09:06 dhcp,debug acquired dynamic binding 
13:09:06 dhcp,debug,packet send <pppoe-tuxis> -> fe80::dcf6:5009:adfc:cf12%18 
13:09:06 dhcp,debug,packet advertise 
13:09:06 dhcp,debug,packet transaction-id: aa93ad 
13:09:06 dhcp,debug,packet  -> clientid:  00030001 586d8f15 547b 
13:09:06 dhcp,debug,packet  -> serverid:  00030001 000c4299 113b 
13:09:06 dhcp,debug,packet  -> ia_pd:  
13:09:06 dhcp,debug,packet    t1: 129600 
13:09:06 dhcp,debug,packet    t2: 207360 
13:09:06 dhcp,debug,packet    id: 0x0 
13:09:06 dhcp,debug,packet   -> ia_prefix:  
13:09:06 dhcp,debug,packet     preferred: 233280 
13:09:06 dhcp,debug,packet     valid: 259200 
13:09:06 dhcp,debug,packet     prefix: 2a03:7900:201::/56 
So that's odd.

Configuration:
/ppp profile print
1   name="profile1" local-address=192.168.200.1 remote-ipv6-prefix-pool=pool2 dhcpv6-pd-pool=pool1 use-ipv6=yes use-mpls=no use-compression=no use-vj-compression=no use-encryption=no only-one=yes change-tcp-mss=yes 
/ipv6 pool print
Flags: D - dynamic 
 #   NAME                                                                                                                     PREFIX                                      PREFIX-LENGTH
 0   pool1                                                                                                                    2a03:7900:201::/48                                     56
 1   pool2                                                                                                                    2a03:7900:202::/48                                     64
 
User avatar
Jeeves
just joined
Posts: 22
Joined: Mon Aug 16, 2010 2:55 pm
Contact:

Re: Framed-IPv6-Prefix

Wed Feb 15, 2012 3:46 pm

Ok, so I found out that MT-Delegated-IPv6-Pool shouldn't be a prefix, but a poolname. Correct?

That would be a shame, because you cannot statically define a prefix for a client. But Delegated-IPv6-Prefix isn't supported. Will it be supported?
 
User avatar
omidkosari
Trainer
Trainer
Posts: 634
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: Framed-IPv6-Prefix

Sat Mar 31, 2012 4:05 pm

Strange problem in using remote-ipv6-prefix-pool . with the following configs when i connect via VPN connection to router , the ipv6 assignment works fine but when i connect via pppoe connection with same username , it does not have any effect and user does not receive ipv6 prefix . ros v5.14
/ppp profile
add change-tcp-mss=no dns-server=208.67.222.222 local-address=10.11.174.1 name=temp only-one=default remote-address=\
    10.11.174.253 remote-ipv6-prefix-pool=adsl use-compression=no use-encryption=no use-ipv6=yes use-mpls=default use-vj-compression=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=test password=test profile=temp routes="" service=any
/ipv6 pool
add name=adsl prefix=2a00:1ce0:fe00::/40 prefix-length=64
MTCNA , MTCRE, MTCWE, Mikrotik Certified Trainer

Who is online

Users browsing this forum: cedie, jspool and 84 guests