Community discussions

MikroTik App
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 10:15 am

Mikrotik team, i need your assistance.
Starlink is connected via adapter directly to mikrotik. Bypass mode enabled. IPv4 woks fine, but i have problems with ipv6.

Starlink give ipv6 from dhcp with 56 prefix.
prefix is 2a0d:3344:1490:1700::/56
default gateway received via dhcp is 2a0d:3344:1400:baee::1, but when i set address 2a0d:3344:1490:1700::2/56 to starlink interface, gatevay is not reachable, no ping there, so i have no ipv6 connectivity.

But if i manually set address from the received gateway range, for example 2a0d:3344:1400:baee::22, ipv6 works, ping is ok. But starlink change ipv addreses and prefixes every day, so this is wrong way to solve the problem.
When starlink connected with stock router - everything works fine, ipv6 too.

Anybody can help me to setup this? im runing ccr2004 with ros 7.7
You do not have the required permissions to view the files attached to this post.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 4:14 pm

In IPv6 the roles and capabilities of a router and host are separated much more strictly than in IPv4, and also DHCP works slightly differently.

You can only acquire an address with the DHCPv6 client if the provider supports it. DHCPv6 has no concept of a default gateway, the Add Default Route option is a bodge - it uses the address of the DHCPv6 server reply as the gateway which is often, but not always, correct depending on the providers network topology.

The most common mechanism is to use received router advertisments (RA), which unfortunately are not displayed by RouterOS (as discussed in other forum posts, and was completely broken in earler releases of RouterOS v7), to obtain the WAN prefix and gateway information, plus SLAAC for the address.

You can then use the DHCPv6 client to acquire a prefix, and assign IP addresses from that prefix to your LAN(s).

The default IPv6 settings include forward=yes and accept-router-advertisements=yes-if-forwarding-disabled, so as the router will be forwarding you need to set accept-router-advertisements=yes.

The pool prefix length should be the default of 64, not 48.
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 5:20 pm

I tried different pool prefixes, but no result.
And logically, server address (gateway) cannot be accessible from provided prefix pool, because gateway must be somewhere in a provided prefix, usually this is 1st host.
Starlink dhcp doesnt send address for the interface, prefix only.

And this isue i see not only with starlink, our LTE providers also giving IPv6 for clients in this way, in the phones and tables its works fine, but with mikrotik - not working.

So, i dont understand, where is the problem?Mikrotik DHCP client dont receiving full info from starlink dhcp server? Or what?
Why mt dont fix this yet?
Last edited by MikroUser on Sun Jan 29, 2023 11:28 pm, edited 1 time in total.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 5:45 pm

And logically, server address (gateway) cannot be accessible from provided prefix pool, because gateway must be somewhere in a provided prefix, usually this is 1st host.
No. The prefix is a completely separate block of addresses to the 'WAN' connection from the provider. Some providers do steal the first or last /64 of the prefix block for the WAN connection, but it is discouraged. See https://www.ripe.net/publications/docs/ripe-690 section 4.1.4

Starlink dhcp doesnt send address for the interface, prefix only.
As I said the most common method of assigning the WAN subnet and gateway address is with Router Advertisments and SLAAC, not DHCPv6 requesting an address.

And this isue i see not only with starlink, our LTE providers also giving IPv6 for clients in this way, in the phones and tables its works fine, but with mikrotik - not working.
A phone ot tablet will have a host role, the Mikrotik will typically have a router role. There are significant differences.

So, i dont understand, where is the problem?Mikrotik DHCP client dont receiving full info from starlink dhcp server? Or what?
Why mt dont fix this yet?
The Mikrotik implementation has lots of features so it can be used in many scenarios, not arbitrarily limited by the manufacturer. It is a configuration issue.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 7:36 pm

Change your pool prefix length to /64 on the DHCPv6-PD client

Then add an address on the LAN bridge or interface like this:

ipv6/address/add from-pool=StarLink-V6 advertise=yes interface=LAN
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 7:54 pm

Change your pool prefix length to /64 on the DHCPv6-PD client
Then add an address on the LAN bridge or interface like this:
ipv6/address/add from-pool=StarLink-V6 advertise=yes interface=LAN
Not working. Till gateway is unknown or not reachable - any configuration will fail.
The Mikrotik implementation has lots of features so it can be used in many scenarios, not arbitrarily limited by the manufacturer. It is a configuration issue.
If i give you access to the mt, can u pelp me with configuration?
Also if configuration will be successful, this will be a good example for other users.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 8:07 pm

Also if configuration will be successful, this will be a good example for other users.

Reddit already has a validated base config:

https://www.reddit.com/r/Starlink/comme ... k_routers/

It seems that IPv6 connectivity is still very much a regional thing as some have it working and some don't. So depending on where you are, the prefix may be available for DHCPv6-PD client but not actually work.

Try the config referenced above and if that doesn't work, you prob don't have a complete IPv6 implementation yet from Starlink. Which means you'll have to wait until they fix it.
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 9:08 pm

Also if configuration will be successful, this will be a good example for other users.
Reddit already has a validated base config:

https://www.reddit.com/r/Starlink/comme ... k_routers/

It seems that IPv6 connectivity is still very much a regional thing as some have it working and some don't. So depending on where you are, the prefix may be available for DHCPv6-PD client but not actually work.
I dont know why reddit validated that topic or config, but i dont found there any userful info. Tried copy config - nothig good happened.

Configs posted there dont have dhcp client and gateway settings. No info what ip6 address was set for starlink interface.
Without gateway i have no route to host error.
Try the config referenced above and if that doesn't work, you prob don't have a complete IPv6 implementation yet from Starlink. Which means you'll have to wait until they fix it.
IPv6 works fine with stock starlink router, so i dont se a reasons why it will not work with others.
But i cant find the way, how to make it worked with mikrotik.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 9:41 pm

What are the outputs of?

 ipv6/address/print
 
 ipv6/route/print
 
 ipv6/neighbor/print
 
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 9:45 pm

Configs posted there dont have dhcp client and gateway settings. No info what ip6 address was set for starlink interface.
As said before the WAN address and default gateway are obtained from Router Advertisments and the Mikrotik does not display these. Post your IPv6 configuration.
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 10:04 pm

/ipv6 dhcp-server
add address-pool=StarLink-IPv6 disabled=yes interface=StarLink name=server1
/ipv6 address
add address=::7 from-pool=StarLink-IPv6 interface=LAN
add address=2a0d:3344:1e00:2749::fff1 advertise=no interface=StarLink
/ipv6 dhcp-client
add add-default-route=yes interface=StarLink pool-name=StarLink-IPv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=fe80::/10 list=prefix_delegation
add address=2a0d:3344:1e00:2749::1/128 list=prefix_delegation
/ipv6 firewall filter
add action=accept chain=input dst-port=5678 protocol=udp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address-list=prefix_delegation
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface=!LAN
/ipv6 nd
set [ find default=yes ] advertise-mac-address=no dns=2606:4700:4700::1111 hop-limit=64 interface=LAN mtu=1280 other-configuration=yes ra-interval=3m20s-8m20s
/ipv6 nd prefix default
set preferred-lifetime=10m valid-lifetime=15m
/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes max-neighbor-entries=8192
This config if working for me now, but there is need manually set ip address for starlink interface, from dhcp client info.
If dhcp server addr is 2a0d:3344:1e00:2749::1, we need set to starlink interface address from this same network, for example 2a0d:3344:1e00:2749::fff2. Only after that everything works as needed.
But if starlink will change server address or prefix, this config will stop working, and we will need setup this manually again.

I see there 2 ways to solve that problem.
1. Write own script and insert it to the DHCP client > advanced. Theoretically this scipt will take dhcp server ip from dhcp client info, and set ip from same range for starlink interface. Then, even if Starlink will change server or prefix - we will got worked ipv6 automatically.
2. Mikrotik team realise that same way, but without script, via RouterOS functionality.
 
MikroUser
newbie
Topic Author
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Jan 29, 2023 11:06 pm

update.
everything works now as needed.
i have just reboot Mikrotik, after that for Starlink interface was assigned dynamic addres via RA.

This is 100% tested and working config for IPv6 & Starlink! Tested on CCR2004, ROS 7.7
/ipv6 address
add address=::5 from-pool=StarLink-IPv6 interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=StarLink pool-name=StarLink-IPv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input dst-port=5678 protocol=udp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface=!LAN
/ipv6 nd
set [ find default=yes ] advertise-mac-address=no dns=2606:4700:4700::1111 hop-limit=64 interface=LAN mtu=1280 other-configuration=yes ra-interval=3m20s-8m20s
/ipv6 nd prefix default
set preferred-lifetime=10m valid-lifetime=15m
/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes max-neighbor-entries=8192
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to run IPv6 from starlink on a mikrotik?

Mon Jan 30, 2023 5:24 pm

Awesome, me thinks this will be a useful thread when many ISPs finally change to IPV6.......
However, you never really stated, what you were doing wrong and what you changed to fix it, or what advice given was the key ????????????



By the way I thought the title when I first read it said. HOW TO RUN FROM STARLINK................. answer: as fast as you can!
 
t4thfavor
just joined
Posts: 18
Joined: Tue Apr 13, 2021 4:40 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sun Feb 05, 2023 7:55 pm

I just setup my starlink yesterday. My IPV4 speeds are atrocious. Actually worse than my LTE connection prior, so much so that I am contemplating just putting the starlink stuff back in the box and cancelling the service.

That said, I'm trying to get my ipv6 stuff working so I can forward some external ports for vpn and stuff. After reading the whole thread, I now have an IPV6 address, and a somewhat populated firewall, but I still have no idea how to actually put it to any use :)
 
Bcmalloy
just joined
Posts: 4
Joined: Sun Jul 30, 2023 12:08 pm

Re: How to run IPv6 from starlink on a mikrotik?

Fri Aug 11, 2023 6:41 pm

Have a script I'm trying to get working with the star link config above so the ipv6 firewall will only allow the ipv6 dhcp client server to send through prefix delegation data
by switching on a firewall rule that allows any address until the dhcpv6 client is bound then it puts that address in a list, disables that rule and turning on a rule that only allows the listed addresses.
but just can't work out the syntax for the DHCPv6 client script box, any help would be appreciated to complete the star link config (measured 320 Megabit throughput a few days ago) getting crazy download speeds. (Thanks Elon)
# updatefirewall
:log info "script ok";
:if ($leaseBound = 0) do={
:log info "no lease";
:/ipv6/firewall/filter/ enable [ find where comment="defconf: accept DHCPv6-Client prefix delegation open."];
:/ipv6/firewall/filter/ disable [ find where comment="defconf: accept DHCPv6-Client prefix delegation srcaddress."];
}
:else={
:log info "we have lease";
:/ipv6/firewall/address-list/ add address=[/ipv6/dhcp-client get value-name=dhcp-server-v6 number=0] disabled=no dynamic=no list=prefix_delegation comment="dhcp6 client server value";
:/ipv6/firewall/filter/ disable [ find where comment="defconf: accept DHCPv6-Client prefix delegation open."];
:/ipv6/firewall/filter/ enable [ find where comment="defconf: accept DHCPv6-Client prefix delegation srcaddress."];
}
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: How to run IPv6 from starlink on a mikrotik?

Fri Aug 11, 2023 8:57 pm

At the very least you need to change `$leaseBound` -> `$"pd-valid"`. Also you can change `[/ipv6/dhcp-client get value-name=dhcp-server-v6 number=0]` -> `$"pd-prefix"`

See the DHCPv6 Script section.
 
Bcmalloy
just joined
Posts: 4
Joined: Sun Jul 30, 2023 12:08 pm

Re: How to run IPv6 from starlink on a mikrotik?

Sat Aug 12, 2023 9:13 am

Thanks for the info, found the built in variable problematic so here is my working script just just manually fetches valuesif anyone needs it.
Note:if the ipv6 address already exists in firewall address list "prefix_delegation" the script will bomb out that's why this command must be last
# updatefirewall;
:local fred [/ipv6/dhcp-client get value-name=status number=0];
:log info "script ok fred value is $fred";
:log info "script ok";
:if ($fred != "bound") do={
:log info "no ipv6 client lease";
:execute [/ipv6/firewall/filter/ enable [find where comment="defconf: accept DHCPv6-Client prefix delegation open."]];
:execute [/ipv6/firewall/filter/ disable [find where comment="defconf: accept DHCPv6-Client prefix delegation srcaddress."]];
}
:if ($fred = "bound") do={
:log info "we have ipv6 client lease";
:execute [/ipv6/firewall/filter/ enable [find where comment="defconf: accept DHCPv6-Client prefix delegation srcaddress."]];
:execute [/ipv6/firewall/filter/ disable [find where comment="defconf: accept DHCPv6-Client prefix delegation open."]];
:execute [/ipv6/firewall/address-list/ add address=[/ipv6/dhcp-client get value-name=dhcp-server-v6 number=0] disabled=no dynamic=no list=prefix_delegation comment="dhcp6 client server value"];
}

Who is online

Users browsing this forum: devnull0, normis and 51 guests