I'm having trouble setting up IPv6 on my MikroTik L009UiGS-2HaxD router, which replaced a Ubiquiti AmpliFi that worked out of the box.
Despite multiple configuration attempts, I'm seeing UnSpecFail status errors and can't seem to acquire a stable IPv6 address and prefix.
I'd prefer not to hardcode addresses but am running out of options.
Network Setup
Now:
ISP -> fiber box -> MikroTik L009UiGS-2HaxD (sfp1)
Previously:
ISP -> fiber box -> fiber switch -> Ubiquiti AmpliFi (RJ45)
Routerbord information
Code: Select all
routerboard: yes
model: L009UiGS-2HaxD
serial-number: redacted
firmware-type: ipq5000
factory-firmware: 7.12
current-firmware: 7.16.1
upgrade-firmware: 7.16.1
IPv6 configuration
Code: Select all
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes managed-address-configuration=yes mtu=1500 other-configuration=yes ra-delay=5s ra-interval=5s-30s ra-lifetime=none reachable-time=5m
add advertise-dns=no interface=sfp1 ra-lifetime=none reachable-time=5m
/ipv6 nd prefix default
set preferred-lifetime=20m valid-lifetime=12h
/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes max-neighbor-entries=4096
Findings
I have confirmed with my ISP that they hand out a ::/56 prefix.
Sometimes I receive a link-local address that is added as a gateway in (IPv6 Route List) as DAg with a distance of 1.
dhcp log from when dhcp client runs
Code: Select all
1:34:32 dhcp,debug,packet send sfp1 -> ff02::1:2%13
11:34:32 dhcp,debug,packet type: solicit
11:34:32 dhcp,debug,packet transaction-id: be0318
11:34:32 dhcp,debug,packet -> clientid: 00030001 789a18fc 6dd0
11:34:32 dhcp,debug,packet -> ia_na:
11:34:32 dhcp,debug,packet t1: 0
11:34:32 dhcp,debug,packet t2: 0
11:34:32 dhcp,debug,packet id: 0xa
11:34:32 dhcp,debug,packet -> oro: 23
11:34:32 dhcp,debug,packet -> elapsed_time: 0
11:34:32 dhcp,debug,packet -> ia_pd:
11:34:32 dhcp,debug,packet t1: 0
11:34:32 dhcp,debug,packet t2: 0
11:34:32 dhcp,debug,packet id: 0xa
11:34:32 dhcp,debug,packet recv client: sfp1 fe80::redacted -> fe80::redacted
11:34:32 dhcp,debug,packet type: advertise
11:34:32 dhcp,debug,packet transaction-id: be0318
11:34:32 dhcp,debug,packet -> clientid: 00030001 789a18fc 6dd0
11:34:32 dhcp,debug,packet -> serverid: 00010001 27639377 00505687 fc2c
11:34:32 dhcp,debug,packet -> ia_na:
11:34:32 dhcp,debug,packet t1: 3600
11:34:32 dhcp,debug,packet t2: 7200
11:34:32 dhcp,debug,packet id: 0xa
11:34:32 dhcp,debug,packet -> ia_addr:
11:34:32 dhcp,debug,packet address: 2001:redacted
11:34:32 dhcp,debug,packet valid time: 86400
11:34:32 dhcp,debug,packet pref. time: 54000
11:34:32 dhcp,debug,packet -> status: 1 - failed
11:34:32 dhcp,debug,packet -> dns_servers:
11:34:32 dhcp,debug,packet 2001:redacted
11:34:32 dhcp,debug,packet 2001:redacted
11:34:32 dhcp,debug,packet -> ia_pd:
11:34:32 dhcp,debug,packet t1: 3600
11:34:32 dhcp,debug,packet t2: 7200
11:34:32 dhcp,debug,packet id: 0xa
11:34:32 dhcp,debug,packet -> ia_prefix:
11:34:32 dhcp,debug,packet prefix: 2001:redacted::/56
11:34:32 dhcp,debug,packet valid time: 86400
11:34:32 dhcp,debug,packet pref. time: 54000
Screenshots from dump
Request
Response
UnSpecFail reference (RFC3315)
If a server receives a message that contains options it should not
contain (such as an Information-request message with an IA option),
is missing options that it should contain, or is otherwise not valid,
it MAY send a Reply (or Advertise as appropriate) with a Server
Identifier option, a Client Identifier option if one was included in
the message and a Status Code option with status UnSpecFail.
Reference threads
viewtopic.php?t=177172
viewtopic.php?t=144099
https://forum.opnsense.org/index.php?topic=20369.0
https://michael.stapelberg.ch/posts/202 ... -ipv6-duid
https://community.tp-link.com/en/smart- ... Id=1048964
https://community.ui.com/questions/UDMp ... 3fafa19008
https://www.reddit.com/r/mikrotik/comme ... ipv6_help/