Community discussions

MikroTik App
 
portmorgan
just joined
Topic Author
Posts: 4
Joined: Sun Oct 17, 2010 6:28 pm

IPv6 configuration questions

Fri Jun 09, 2023 6:57 am

IPv6 configuration using Starlink

I don't think this is a Starlink issue, I think this is a user (me) issue.

I have configured IPv6 as shown in the following 'export' script. Below are the results of various print statements showing the actual results (two octets have been replaced for safety)

I am able to ping6 the IPv6 address assigned to the Starlink (WAN) interface from a server on the Internet. I am NOT able to ping6 the IPv6 address assigned to the LocalLAN (bridge) interface nor systems on my local LAN. Systems on my local network receive IPv6 addresses via SLAAC and can ping6 each other as well as the LocalLAN address. They cannot ping6 the Starlink interface nor my server on the Internet.

This appears to me to be a routing/gateway issue, but I have no idea what I've failed to do and/or done wrong. Can someone take pity on me and point out my errors?
/ipv6 export
# jun/08/2023 21:24:42 by RouterOS 7.9.2
# software id = 2CK0-7VW7
#
# model = RBD53iG-5HacD2HnD
# serial number = HDJ08K493X6
/ipv6 pool
add name=IPv6Pool prefix=::/64 prefix-length=64
/ipv6 dhcp-client
add interface=Starlink pool-name=IPv6Pool prefix-hint=::/64 request=prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept neighbor discovery" dst-port=5678 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation" dst-port=546 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
add advertise-dns=no advertise-mac-address=no interface=Starlink ra-lifetime=none
add advertise-mac-address=no dns=2606:4700:4700::1112,2606:4700:4700::1002 interface=LocalLAN ra-interval=20s-1m
/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes


/ipv6 dhcp-client print
Columns: INTERFACE, STATUS, REQUEST, PREFIX
# INTERFACE  STATUS  REQUEST  PREFIX                          
0 Starlink   bound   prefix   2605:XXXx:YYYf:8100::/56, 15m17s


/ipv6 address print
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
#    ADDRESS                                     INTERFACE  ADVERTISE
0 DL fe80::4aa9:8aff:fe19:f9e2/64                LocalLAN   no       
1 DL fe80::4aa9:8aff:fe19:f9e1/64                Starlink   no       
2 DG 2605:XXXx:YYY0:8389:4aa9:8aff:fe19:f9e1/64  Starlink   no       
3 DG 2605:XXXx:YYYf:8100:4aa9:8aff:fe19:f9e2/64  LocalLAN   no       
4 DG ::4aa9:8aff:fe19:f9e2/64                    LocalLAN   no       


/ipv6 route print
Flags: D - DYNAMIC; A - ACTIVE; c, d, g, y - BGP-MPLS-VPN; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS               GATEWAY                             DISTANCE
DAg+ ::/0                      fe80::c2c1:c0ff:fe2f:beb1%LocalLAN         1
DAd+ ::/0                      2605:XXXx:YYY0:8389::1                     1
DAg+ ::/0                      fe80::200:5eff:fe00:101%Starlink           1
DAc  ::/64                     LocalLAN                                   0
DAc  2605:XXXx:YYY0:8389::/64  Starlink                                   0
DAd  2605:XXXx:YYYf:8100::/56                                             1
DAc  2605:XXXx:YYYf:8100::/64  LocalLAN                                   0
DAc  fe80::%Starlink/64        Starlink                                   0
DAc  fe80::%LocalLAN/64        LocalLAN                                   0


/ipv6 nd print
Flags: X - disabled, I - invalid; * - default 
 0  * interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium 
      hop-limit=unspecified advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no dns="" pref64="" 

 1    interface=Starlink ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=none ra-preference=medium 
      hop-limit=unspecified advertise-mac-address=no advertise-dns=no managed-address-configuration=no other-configuration=no dns="" pref64="" 

 2    interface=LocalLAN ra-interval=20s-1m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium 
      hop-limit=unspecified advertise-mac-address=no advertise-dns=yes managed-address-configuration=no other-configuration=no dns=2606:4700:4700::1112,2606:4700:4700::1002 pref64="" 
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 516
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPv6 configuration questions

Fri Jun 09, 2023 8:51 am

I see that you're using ND to advertise DNS in your LAN. One thing I noticed is that my clients (macOS and Windows) sometimes failed to extract that information from RAs sent by RouterOS and I had to set up a DHCPv6 server just to advertise DNS.

You should delete static pool you added. A dynamic one will be added by the DHCPv6 client.

Any reason to advertise-mac-address=no on LocalLAN?

These routes seem wrong:
- ::/0 via fe80::c2c1:c0ff:fe2f:beb1%LocalLAN
- ::/0 via 2605:XXXx:YYY0:8389::1
- ::/64 LocalLAN

I would disable the default ND record.

This is an interesting IPv6 address. DG ::4aa9:8aff:fe19:f9e2/64

Do you have other routers sending RAs on LAN?

Note that you might need to reboot the router after changing certain IPv6 settings. I don't know the exact criteria, but if the setting affects how router obtains its IPv6 then you should reboot.

Who is online

Users browsing this forum: 0xAA55, EmuAGR and 56 guests