I have one HAP AC3 router and recently changed internet provider (Germany) that offers only DS Lite/IPV6. Looks like the DHCP V6 client is properly configured and the WAN interface gets the proper IPV6 address.
Here is the configuration based on the default one.
Code: Select all
admin@MikroTik] > export compact
# jun/24/2022 00:22:35 by RouterOS 7.2rc4
# software id = G22P-GRK6
#
# model = RBD53iG-5HacD2HnD
/interface bridge
add admin-mac=2C:C8:1B:BD:2B:63 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1_wan
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-BD2B67 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-BD2B68 wireless-protocol=802.11
/interface ipipv6
add local-address=2600::2 name=ipipv6-tunnel remote-address=2600::1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1_wan list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.88.2 interface=ipipv6-tunnel network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1_wan
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ipipv6-tunnel
/ip service
set ssh address=0.0.0.0/0
/ipv6 address
add address=::1 from-pool=ipv6-pool interface=ipipv6-tunnel
/ipv6 dhcp-client
add add-default-route=yes interface=ether1_wan pool-name=ipv6-pool rapid-commit=no request=address,prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system routerboard settings
set cpu-frequency=auto
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] /tool> ping
address: 2a02:3040:0:200::b
SEQ HOST SIZE TTL TIME STATUS
0 2a02:3040:0:200::b 56 58 8ms32us echo reply
1 2a02:3040:0:200::b 56 58 10ms89us echo reply
2 2a02:3040:0:200::b 56 58 10ms155us echo reply
3 2a02:3040:0:200::b 56 58 8ms897us echo reply
4 2a02:3040:0:200::b 56 58 10ms606us echo reply
5 2a02:3040:0:200::b 56 58 8ms864us echo reply
Code: Select all
[admin@MikroTik] /tool> ping
address: 2001:4860:4860::8888
SEQ HOST SIZE TTL TIME STATUS
0 2001:4860:4860::8888 56 112 20ms551us echo reply
1 2001:4860:4860::8888 56 112 20ms6us echo reply
2 2001:4860:4860::8888 56 112 20ms724us echo reply
3 2001:4860:4860::8888 56 112 18ms308us echo reply
Code: Select all
[admin@MikroTik] /ip/route> print
Flags: D - DYNAMIC; I, A - ACTIVE; c, y - COPY; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAc 192.168.88.0/24 bridge 0
DIcH 192.168.88.0/32 ipipv6-tunnel 0
[admin@MikroTik] /ip/address> print
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
;;; defconf
0 192.168.88.1/24 192.168.88.0 bridge
1 192.168.88.2/32 192.168.88.0 ipipv6-tunnel
[admin@MikroTik] /ipv6/address> print
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::2ec8:1bff:febd:2b62/64 ether1_wan no
1 DL fe80::2ec8:1bff:febd:2b63/64 bridge no
2 DG 2a02:3102:4c00:6c:902d:c067:7bc3:65ad/64 ether1_wan no
3 G 2a02:3102:4db1:fff2::1/64 ipv6-pool ipipv6-tunnel yes
[admin@MikroTik] /ipv6/pool> print
Flags: D - DYNAMIC
Columns: NAME, PREFIX, PREFIX-LENGTH, EXPIRES-AFTER
# NAME PREFIX PREFIX-LENGTH EXPIRES-AFTER
0 D ipv6-pool 2a02:3102:4db1:fff2::/64 64 23h51m21s
[admin@MikroTik] /ipv6/route> print
Flags: D - DYNAMIC; I, A - ACTIVE; c, d, y - COPY; H - HW-OFFLOADED; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd + ::/0 fe80::1%ether1_wan 1
DAd + ::/0 fe80::1%ether1_wan 1
DAc 2a02:3102:4c00:6c::/64 ether1_wan 0
DIcH 2a02:3102:4db1:fff2::/64 ipipv6-tunnel 0
DAd 2a02:3102:4db1:fff2::/64 1
DAc fe80::%ether1_wan/64 ether1_wan 0
DAc fe80::%bridge/64 bridge 0