Community discussions

MikroTik App
 
ggutk
just joined
Topic Author
Posts: 1
Joined: Sun Jul 24, 2022 4:59 pm

ipipv6: connection drops

Sun Jul 24, 2022 10:57 pm

Provider recently switched to IPv6. I reconfigured mikrotik router 2011UAS-2HnD for that:
- update ROS to 7.4
- current firmware: 6.49.6
- ether01-gateway: configured with ipv6 through dhcp:
> /ipv6/dhcp-client/print detail
interface=ether01-gateway dhcp-server-v6=fe80::xxxx:xxxx:xxxx:xxxx request=address,prefix add-default-route=no use-peer-dns=yes
      dhcp-options="" pool-name="local-pool" pool-prefix-length=63 prefix-hint=::/0 dhcp-options=""
- added ipipv6 interface plus default route:
 
/interface ipipv6 add name=dslite1 remote-address=<provider AFTR address>
/ip address add address=192.0.0.2/29 interface=dslite1
/ip route add gateway=192.0.0.1
- added ipv6 firewall rules:
> /ipv6/firewall/filter print
0    ;;; ESTABLISHED, RELATED -> accept
      chain=input action=accept connection-state=established log=no log-prefix=""
1    chain=forward action=accept connection-state=established log=no log-prefix=""
2    chain=input action=accept connection-state=related log=no log-prefix=""
3    chain=forward action=accept connection-state=related log=no log-prefix=""
4    ;;; DHCP WAN -> accept
      chain=input action=accept protocol=udp in-interface=ether01-gateway dst-port=546,547 log=no log-prefix=""
5    chain=input action=accept protocol=icmpv6 log=no log-prefix=""
6    chain=forward action=accept protocol=icmpv6 log=no log-prefix=""
7    ;;; ssh from internet
      chain=input action=accept protocol=tcp in-interface=ether01-gateway dst-port=22 log=no log-prefix=""
8    ;;; default rule: drop all
      chain=input action=drop in-interface=ether01-gateway log=no log-prefix=""
 
> /ipv6/firewall/nat/ print
0    chain=srcnat action=masquerade log=no log-prefix="masq6"
Other configuration from ipv4-ipv4 nat, before switching to ipv6, which I kept:
- bridge-local: 192.168.10.0/24 (contains both switches of the router + wlan1 )
- configured a virtual wlan2 (based on wlan1)
- masquerading is configure for bridge-local->ether01-gateway

When I test bandwidth (e.g. speedtest.net) I get a speed of 15Mbps and in 10 seconds connection is lost:
- ping from router to aftr or gw: now response
- Neighbors: status=failed for all of them reached over ether01-gateway

If I let provider router doing DS-lite, I get a speed of 130Mbps (9~10 times faster), with no connection lost

Either I am doing smth wrong with ipv6 and DS configuration of my mikrotik, or 7.4 has a problem?

Who is online

Users browsing this forum: No registered users and 17 guests