Hi,
Just migrated to Zen FTTP - does any one have an example how to setup IPv6 on a mikrotik device.
Currently uses PPPoE connection to get IPv4 address. Zen have supplied a /64 ND Prefix and a /48 PD Prefix.
Thx
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1_Internet name=Internet-Zen password=XXXXXX user=XXXXXXX@zen
/ppp profile
set *0 use-ipv6=required
/ipv6 pool
add name=poolipv6 prefix=xxxx:xxxx:xxxx::/48 prefix-length=64
/ipv6 address
add address=::XXXX:XXXX:XXXX:XXXX eui-64=yes from-pool=poolipv6 interface=Internet
/ipv6 dhcp-client
add add-default-route=yes interface=Internet-Zen pool-name=poolipv6 pool-prefix-length=48 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=xxxx:xxxx:xxxx::/48 list=allowed
add address=ff02::/16 comment=multicast list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input in-interface=Internet-Zen log=yes log-prefix=dropLL_from_public src-address=fe80::/16
add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed
add action=drop chain=input
add action=accept chain=forward comment=established,related connection-state=established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalid
add action=accept chain=forward comment=icmpv6 in-interface=!Internet-Zen protocol=icmpv6
add action=accept chain=forward comment="local network" in-interface=!Internet-Zen src-address-list=allowed
add action=drop chain=forward log-prefix=IPV6
add action=accept chain=forward dst-port=8123 in-interface=Internet protocol=tcp
/ipv6 firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" disabled=yes src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=bad_dst_ipv6
add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" disabled=yes jump-target=icmp6 protocol=icmpv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" disabled=yes dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" disabled=yes dst-address=ff00::/8
add action=drop chain=prerouting comment="defconf: drop the rest" disabled=yes
/ipv6 nd
set [ find default=yes ] interface=Internet managed-address-configuration=yes mtu=1480
Hi,Hi
Firstly you need to speak with Zen and ask for an IPv6 address
Since Zen uses PPPoE you will need to enable IPv6 in your PPPoE profile
You need to create a pool from the delegated /48 prefix for /64 addresses
Then you need to setup your Network Discovery so other devices may get stateless addresses
Most important you need to have a firewall or else all your devices with IPv6 will be accessible
Here is a working config:
Code: Select all/interface pppoe-client add add-default-route=yes disabled=no interface=ether1_Internet name=Internet-Zen password=XXXXXX user=XXXXXXX@zen /ppp profile set *0 use-ipv6=required /ipv6 pool add name=poolipv6 prefix=xxxx:xxxx:xxxx::/48 prefix-length=64 /ipv6 address add address=::XXXX:XXXX:XXXX:XXXX eui-64=yes from-pool=poolipv6 interface=Internet /ipv6 dhcp-client add add-default-route=yes interface=Internet-Zen pool-name=poolipv6 pool-prefix-length=48 request=prefix use-peer-dns=no /ipv6 firewall address-list add address=fe80::/16 list=allowed add address=xxxx:xxxx:xxxx::/48 list=allowed add address=ff02::/16 comment=multicast list=allowed /ipv6 firewall filter add action=accept chain=input comment="allow established and related" connection-state=established,related add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6 add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16 add action=drop chain=input in-interface=Internet-Zen log=yes log-prefix=dropLL_from_public src-address=fe80::/16 add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed add action=drop chain=input add action=accept chain=forward comment=established,related connection-state=established,related add action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalid add action=accept chain=forward comment=icmpv6 in-interface=!Internet-Zen protocol=icmpv6 add action=accept chain=forward comment="local network" in-interface=!Internet-Zen src-address-list=allowed add action=drop chain=forward log-prefix=IPV6 add action=accept chain=forward dst-port=8123 in-interface=Internet protocol=tcp /ipv6 firewall raw add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes src-address-list=bad_ipv6 add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes dst-address-list=bad_ipv6 add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" disabled=yes src-address-list=bad_src_ipv6 add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=bad_dst_ipv6 add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" disabled=yes jump-target=icmp6 protocol=icmpv6 add action=accept chain=prerouting comment="defconf: accept local multicast scope" disabled=yes dst-address=ff02::/16 add action=drop chain=prerouting comment="defconf: drop other multicast destinations" disabled=yes dst-address=ff00::/8 add action=drop chain=prerouting comment="defconf: drop the rest" disabled=yes /ipv6 nd set [ find default=yes ] interface=Internet managed-address-configuration=yes mtu=1480