IPv6 Tunnelling (solved)

meatball117 · Mon Jul 08, 2013 4:38 am

Hi there, I've been working on this for 2 days now and checked every thread and wiki post that I could possibly find on the subject, but I can't seem to get my clients connecting to the internet through my ipv6 tunnel.

I am able to ping google's ipv6 address from the router, and I'm able to ping both of my interfaces, but I'm a complete newbie and have no idea what to do other than that, I'm sure I'm missing the most basic thing in the world.

IPv6 Tunnel Endpoints
Server IPv4 Address:184.105.253.14
Server IPv6 Address:2001:470:1f10:a2e::1/64
Client IPv4 Address:70.75.xxx.132
Client IPv6 Address:2001:470:1f10:a2e::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:1f11:a2e::/64
Routed /48:Assign /48
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42

[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                          ADVERTISE
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway                                     no       
 1 DL fe80::464b:8884/64                                    sit1                                               no       
 2  G 2001:470:1f10:a2e::2/64                               sit1                                               yes      
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local                                yes

[admin@MikroTik] > /ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  2000::/3                 2001:470:1f10:a2e::1            1
 1 ADC  2001:470:1f10:a2e::/64   sit1                            0
 2 ADC  2001:470:1f11:a2e::/64   ether2-master-local             0

[admin@MikroTik] > /interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE         MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1-gateway                      ether       1500  1520       1520 00:0C:42:BC:FC:93
 1  R  ether2-master-local                 ether       1500  1520       1520 00:0C:42:BC:FC:94
 2   S ether3-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:95
 3  RS ether4-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:96
 4   S ether5-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:97
 5  R  ;;; Hurricane Electric IPv6 Tunnel Broker
       sit1                                sit         1280

admin@MikroTik] > /ipv6 nd print
Flags: X - disabled, I - invalid, * - default 
 0 X* interface=all ra-interval=5s-30s ra-delay=3s mtu=unspecified reachable-time=unspecified 
      retransmit-interval=unspecified ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes 
      advertise-dns=yes managed-address-configuration=no other-configuration=no

I think I've got it all together, but I'm clearly missing one key aspect here. Can anyone give me an idea what the heck I'm doing wrong?? Thanks very much...

StubArea51 · Tue Jul 09, 2013 4:36 am

If you can ping google via IPv6 then your tunnel is working and routing properly. What IPv6 address are you getting on your client - I don't see a LAN side IPv6 address unless you are trying to bridge everything to the WAN interface.

meatball117 · Tue Jul 09, 2013 5:25 am

Hey there,

I am using ether2-master-local as my lan endpoint.. I'm hoping to have something similar for my ipv6 stack as I have running for my ipv4 stack, here's my address listing for my ipv4 stack for reference:

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                       
 0   ;;; default configuration
     192.168.0.1/24     192.168.0.0     ether2-master-local                                                             
 1 D 70.75.xxx.xxx/22   70.75.136.0     ether1-gateway

[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE           
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway      
 1 DL fe80::464b:8884/64                                    sit1                
 2  G 2001:470:1f10:a2e::2/64                               sit1                
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local

basically, I've got my modem connected to port 1 (ether1-gateway) on my router, and my LAN connected to port 2 (ether2-master-local) on my router, and that's it.. I believe the address I've got on the ether2-master-local is an address within the routable /64 subnet they gave me.. Unless I'm completely wrong (entirely possible since I'm an utter newbie to mikrotik and ipv6)

Thanks again for taking a look at this...

meatball117 · Tue Jul 09, 2013 5:44 am

Hmm, My network architecture goes as such:

Modem -> Router Port 1 -> Router port 2 -> LAN

My ipv4 address scheme goes like this:

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                  
 0   ;;; default configuration
     192.168.0.1/24     192.168.0.0     ether2-master-local                                                                        
 1 D 70.75.136.132/22   70.75.136.0     ether1-gateway

I'm not quite sure how ipv6 addressing works, but I thought I had actually put a proper IP onto my port 2 (ether2-master-local):

[admin@MikroTik] > /ipv6 address print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                     ADVERTISE
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway                                                no       
 1 DL fe80::464b:8884/64                                    sit1                                                          no       
 2  G 2001:470:1f10:a2e::2/64                               sit1                                                          yes      
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local                                           yes

to be honest, I'm not sure if ::1 is a proper address within the 2001:470:1f11::/64 range (and it is showing as unreachable on the route list) Anyway, maybe I'm screwed up on some routing rules or something? I'm also noticing that my ether2-master-local interface does not have a local address, I'm assuming that i need one of those?

Thanks again and sorry for my lack of knowledge here.

meatball117 · Tue Jul 09, 2013 11:13 am

Hi again, solved my issue, took a better look at my client's IP addresses and they weren't in the routable network. (I thought they would automatically configure to the /64 on the gateway, I guess not).

Anyway, all is well on my network, thanks for taking a look at my configs (addressing was indeed the issue)

-Wes

Edit: Also, my ether2-master-local didn't have a link-local ipv6 address. A quick reboot solved that issue and my routes suddenly became reachable to it. Educational experience.

urban · Sun Nov 03, 2013 5:10 pm

Hi,

I have similar problem, so I will continue in this thread.

I have been trying to set up local IPv6 network. I did all necessary configuration as is explained at http://wiki.mikrotik.com/wiki/Manual:My ... v6_Network
I set up IPv6 network using IPv6 address pool /64 from my tunnel provider. My ISP also provides IPv6 connectivity but unfortunately I cannot add static IPv6 Neighbor entry in Mikrotik, so I'm staying with only IPv4 and my ISP.

I have the following configuration on Routerboard RB493AH (Router OS v6.4)
I have all internal ports in bridge mode (LAN)

/interface bridge port
add bridge=LAN interface=eth5

I have working tunnel (IPv6 and IPv4) and it's routing properly.
/interface 6to4
add comment="IPv6 tunel" local-address=x.x.x.x name=tunel_Provider \
remote-address=x.x.x.x

/ipv6 nd
add advertise-dns=yes interface=LAN mtu=1280 other-configuration=yes \
reachable-time=2m retransmit-interval=5s

/ipv6 route
add distance=1 dst-address=2000::/3 gateway=2001

x:d750::1 (tunnel server end point IP)

Tunnel provider provides me 2001:x..x:d450::/64 prefix

/ipv6 address
add address=2001

x:d450::/64 comment="Local IPv6 LAN" interface=LAN
add address=2001

x:d750::2 advertise=no comment="IPv6 tunel" \
interface=tunel_Provider

In such configuration PCs are able to configure their interfaces with IPv6 (IP + gateway) and are able to connect to IPv6 internet.

The problem is, if I replace prefix entry in /IPv6 address (2001

x:d450::/64 comment="Local IPv6 LAN" ) with fixed address (e.g.2001

x:d450::1) PCs in network are not able to configure their IPv6 interface and cannot establish IPv6 connectivity.
I also tried to replace in IPv6 address list prefix (2001

x:d450::/64) with ::1/64 and add a IPv6 pool, but it was no difference.
/ipv6 pool
add name=DHCPv6_pool prefix=2001

x:d450::/64 prefix-length=64

I tested above configuration with Mac OS 10.7

Can anyone give me an idea what the heck I'm doing wrong?? Thanks very much...

Urban

IPv6 Tunnelling (solved)

IPv6 Tunnelling (solved)

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling (solved)