Community discussions

MikroTik App
 
chrisbond
newbie
Topic Author
Posts: 49
Joined: Fri Apr 25, 2008 9:38 am

Zen Internet IPv6 example?

Thu May 30, 2019 5:22 pm

Hi,

Just migrated to Zen FTTP - does any one have an example how to setup IPv6 on a mikrotik device.

Currently uses PPPoE connection to get IPv4 address. Zen have supplied a /64 ND Prefix and a /48 PD Prefix.

Thx
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Zen Internet IPv6 example?

Thu May 30, 2019 5:39 pm

Hey. Have you seen info on Mikrotik wiki?
 
saburtwo
just joined
Posts: 17
Joined: Sun Aug 05, 2018 11:55 pm

Re: Zen Internet IPv6 example?

Fri Jan 21, 2022 6:28 pm

Hi
Firstly you need to speak with Zen and ask for an IPv6 address
Since Zen uses PPPoE you will need to enable IPv6 in your PPPoE profile
You need to create a pool from the delegated /48 prefix for /64 addresses
Then you need to setup your Network Discovery so other devices may get stateless addresses
Most important you need to have a firewall or else all your devices with IPv6 will be accessible

Here is a working config:

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1_Internet name=Internet-Zen password=XXXXXX user=XXXXXXX@zen

/ppp profile
set *0 use-ipv6=required

/ipv6 pool
add name=poolipv6 prefix=xxxx:xxxx:xxxx::/48 prefix-length=64
/ipv6 address
add address=::XXXX:XXXX:XXXX:XXXX eui-64=yes from-pool=poolipv6 interface=Internet
/ipv6 dhcp-client
add add-default-route=yes interface=Internet-Zen pool-name=poolipv6 pool-prefix-length=48 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=xxxx:xxxx:xxxx::/48 list=allowed
add address=ff02::/16 comment=multicast list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input in-interface=Internet-Zen log=yes log-prefix=dropLL_from_public src-address=fe80::/16
add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed
add action=drop chain=input
add action=accept chain=forward comment=established,related connection-state=established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalid
add action=accept chain=forward comment=icmpv6 in-interface=!Internet-Zen protocol=icmpv6
add action=accept chain=forward comment="local network" in-interface=!Internet-Zen src-address-list=allowed
add action=drop chain=forward log-prefix=IPV6
add action=accept chain=forward dst-port=8123 in-interface=Internet protocol=tcp
/ipv6 firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" disabled=yes src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=bad_dst_ipv6
add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" disabled=yes jump-target=icmp6 protocol=icmpv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" disabled=yes dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" disabled=yes dst-address=ff00::/8
add action=drop chain=prerouting comment="defconf: drop the rest" disabled=yes
/ipv6 nd
set [ find default=yes ] interface=Internet managed-address-configuration=yes mtu=1480
 
V4mpire
just joined
Posts: 1
Joined: Thu Mar 16, 2023 6:36 pm

Re: Zen Internet IPv6 example?

Thu Mar 16, 2023 7:03 pm

Hi
Firstly you need to speak with Zen and ask for an IPv6 address
Since Zen uses PPPoE you will need to enable IPv6 in your PPPoE profile
You need to create a pool from the delegated /48 prefix for /64 addresses
Then you need to setup your Network Discovery so other devices may get stateless addresses
Most important you need to have a firewall or else all your devices with IPv6 will be accessible

Here is a working config:

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1_Internet name=Internet-Zen password=XXXXXX user=XXXXXXX@zen

/ppp profile
set *0 use-ipv6=required

/ipv6 pool
add name=poolipv6 prefix=xxxx:xxxx:xxxx::/48 prefix-length=64
/ipv6 address
add address=::XXXX:XXXX:XXXX:XXXX eui-64=yes from-pool=poolipv6 interface=Internet
/ipv6 dhcp-client
add add-default-route=yes interface=Internet-Zen pool-name=poolipv6 pool-prefix-length=48 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=xxxx:xxxx:xxxx::/48 list=allowed
add address=ff02::/16 comment=multicast list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input in-interface=Internet-Zen log=yes log-prefix=dropLL_from_public src-address=fe80::/16
add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed
add action=drop chain=input
add action=accept chain=forward comment=established,related connection-state=established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalid
add action=accept chain=forward comment=icmpv6 in-interface=!Internet-Zen protocol=icmpv6
add action=accept chain=forward comment="local network" in-interface=!Internet-Zen src-address-list=allowed
add action=drop chain=forward log-prefix=IPV6
add action=accept chain=forward dst-port=8123 in-interface=Internet protocol=tcp
/ipv6 firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" disabled=yes dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" disabled=yes src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=bad_dst_ipv6
add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" disabled=yes jump-target=icmp6 protocol=icmpv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" disabled=yes dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" disabled=yes dst-address=ff00::/8
add action=drop chain=prerouting comment="defconf: drop the rest" disabled=yes
/ipv6 nd
set [ find default=yes ] interface=Internet managed-address-configuration=yes mtu=1480
Hi,

I know this is an old thread, but upon searching I've not found anything newer in regard to Zen, as my understanding is their IPv6 setup is slightly different from the standard setup.

Is there a more detailed guide or would you be able to help a little on this as i'm a little lost on it and not sure which interfaces would quite line up with my confiration, also "add address=::XXXX:XXXX:XXXX:XXXX eui-64=yes from-pool=poolipv6 interface=Internet" if i would just put the "ND WAN" here which has :: at the end as labeled by my connection information from Zen, I had previously only used the Fritzbox, so I've not had to delve into detail like this before

Hopfully get this all setup so can properly test the connection with this device over the Fritz
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Zen Internet IPv6 example?

Sat Mar 18, 2023 8:15 pm

Their setup is pretty standard for a PPPoE connection, it is different to IPoE. That example is less than optimal, it should certainly have /ipv6 dhcp-client add add-default-route=yesno ... as the default route is via the PPPoE interface.

You don't have to add an ND prefix address to the WAN interface, if there is none outgoing traffic from the router will use any of the PD addresses assigned to other local interfaces. If you specifically want a public address on the WAN interface you can either use router advertisements with
/ipv6 settings
accept-router-advertisements=yes


or set one manually. I use the following
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=ether1 name=pppoe-zen password=XXXXXXXX use-peer-dns=yes user=zenNNNNNN@zen
/ipv6 address
add address=2a02:XXXX:XXXX:XXXX::1/64 advertise=no interface=pppoe-zen # 2a02:XXXX:XXXX:XXXX::/64 is the ND prefix


but you could also use
/ipv6 address
add address=2a02:XXXX:XXXX:XXXX::/64 eui-64=yes advertise=no interface=pppoe-zen


It isn't clear if Zen only route the PD prefix if you make a request for it, so I request it but assign static addresses on the various LANs as Mikrotik doesn't support hints as to which /64 to assign from the /48.
/ipv6 dhcp-client
add interface=pppoe-zen pool-name=pool-zen-pd request=prefix
/ipv6 address
add address=2a02:YYYY:YYYY:LLLL::1/64 interface=bridge # 2a02:YYYY:YYYY::/48 is the PD prefix, LLLL is my local subnet choice

you could also use
/ipv6 address
add address=2a02:YYYY:YYYY:LLLL::/64 eui-64=yes interface=bridge

or
/ipv6 address
add address=::1/64 from-pool=pool-zen-pd interface=bridge

or
/ipv6 address
add eui-64=yes from-pool=pool-zen-pd interface=bridge

depending on your requirements.

Who is online

Users browsing this forum: CGGXANNX, patrikg and 73 guests