for quite a while now I've been trying to set up ipv6 on my router. I tried a lot of stuff, even tried to resolve it with my ISP, but they were only able to get me so far.
I'm running RouterOS v6.34.2 on RB951G-2HnD (it has 5 gigabit LAN ports and wifi). I have been given this ipv6 prefix from my ISP: 2a00:ca8:a14:15e0::/62 and their gateway is apparently 2a00:ca8:a14:15e0::1.
What works (in terms of ipv6)
- Connecting from the router to the outside world
- Connecting from outside to the router's WAN-facing IP
- Autoconfiguration of clients connecting to the LAN bridge
- Connecting from the router to LAN clients
- Connecting from LAN clients to any IP assigned to the router
Essentially the only thing that does not work is connecting from the LAN clients to the outside world and vice versa.
The RouterBoard is pretty much in default configuration. I'm using port1 as the WAN port (interface ether1-gateway), the rest is in a switch master-slave relationship with port2 being the master. That interface is then in a bridge with my two wlan interfaces (one of those - the one my testing client is connecting to - is virtual) called bridge-local.
Firewall has no rules (for now) except for a few Log targets just so that I can see if the packets reach anything.
Neighbour Discovery uses defaults and is enabled.
I have configured the addresses as advised by the ISP like this: 2a00:ca8:a14:15e0::2/64 for ether1-gateway and 2a00:ca8:a14:15e1::1/64, 2a00:ca8:a14:15e2::1/64 and 2a00:ca8:a14:15e3::1/64 for bridge-local. Default route (::/0) has gateway set to 2a00:ca8:a14:15e0::1. I have not touched link-local addresses or the automatic route configuration.
This is my current ipv6 configuration export:
[admin@core] > /ipv6 export # feb/25/2016 04:38:58 by RouterOS 6.34.2 # software id = 68P0-ZF39 # /ipv6 address add address=2a00:ca8:a14:15e0::2 interface=ether1-gateway add address=2a00:ca8:a14:15e1::1 interface=bridge-local add address=2a00:ca8:a14:15e2::1 interface=bridge-local add address=2a00:ca8:a14:15e3::1 interface=bridge-local /ipv6 firewall filter add action=log chain=forward in-interface=ether1-gateway add action=log chain=input in-interface=ether1-gateway add action=log chain=forward in-interface=bridge-local /ipv6 route add distance=1 gateway=2a00:ca8:a14:15e0::1
[admin@core] /ipv6> address print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 G 2a00:ca8:a14:15e0::2/64 ether1-gateway yes 1 G 2a00:ca8:a14:15e1::1/64 bridge-local yes 2 G 2a00:ca8:a14:15e2::1/64 bridge-local yes 3 G 2a00:ca8:a14:15e3::1/64 bridge-local yes 4 DL fe80::4e5e:cff:fef2:8e6f/64 bridge-local no 5 DL fe80::4e5e:cff:fef2:8e6e/64 ether1-gateway no [admin@core] /ipv6> route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable # DST-ADDRESS GATEWAY DISTANCE 0 A S ::/0 2a00:ca8:a14:15e0::1 1 1 ADC 2a00:ca8:a14:15e0::/64 ether1-gateway 0 2 ADC 2a00:ca8:a14:15e1::/64 bridge-local 0 3 ADC 2a00:ca8:a14:15e2::/64 bridge-local 0 4 ADC 2a00:ca8:a14:15e3::/64 bridge-local 0