Dear All,
I have a hosted (VPS) mikrotik. I have an IPv6 address and gateway also, that I have received from the hosting provider.
I would like to use that IPv6 address also next to the IPv4.
I have assigned the IPv6 address to the ether1 (WAN) interface, added the IPv6 gateway to routing. Also set up a IPv6 firewall rule:
/ipv6 firewall add action=passthrough chain=input in-interface=ether1 log=yes
Now I can see the incoming icmp packets when I try to ping my IPv6 address, but there's no response going out. Can you help me what I have missed?
Thanks!
Re: IPv6 on WAN no cimp
Did you add a default route ? Maybe if you show us an export of your /ipv6 that will help
Re: IPv6 on WAN no icmp
Yes, of course, here are my ipv6:Did you add a default route ? Maybe if you show us an export of your /ipv6 that will help
/ipv6 address
add address=2a01:4a0:4a:3c::35a4 interface=ether1
/ipv6 dhcp-client
add disabled=yes interface=ether1 pool-name=pool request=prefix
/ipv6 firewall filter
add action=passthrough chain=input in-interface=ether1 log=yes
add action=passthrough chain=forward in-interface=ether1
add action=passthrough chain=forward out-interface=ether1
add action=accept chain=input in-interface=ether1 protocol=icmpv6
/ipv6 nd
set [ find default=yes ] interface=ether1
/ipv6 route
add dst-address=2000::/3 gateway=2a01:4a0:4a::1
add check-gateway=ping distance=1 dst-address=2000::/3 gateway=ether1
add distance=1 dst-address=2a01:4a0:4a::1/128 gateway=ether1
And my ISP gave me these:
Subnet 2a01:4a0:4a:3c::/64
Gateway 2a01:4a0:4a::1
Nameserver 2001:4860:4860::8888
Nameserver 2001:4860:4860::8844
IP: 2a01:4a0:4a:3c::35a4/64
And I can ping the gateway:
/ping 2a01:4a0:4a::1
SEQ HOST SIZE TTL TIME STATUS
0 2a01:4a0:4a::1 56 64 2ms echo reply
1 2a01:4a0:4a::1 56 64 1ms echo reply
2 2a01:4a0:4a::1 56 64 1ms echo reply
sent=3 received=3 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms
But can't ping from router to internet:
/ping 2001:4860:4860::8888
SEQ HOST SIZE TTL TIME STATUS
0 no route to host
1 no route to host
2 no route to host
sent=3 received=0 packet-loss=100%
Thanks for your help!
-
-
StubArea51
Trainer
- Posts: 1742
- Joined:
- Location: stubarea51.net
- Contact:
Re: IPv6 on WAN no cimp
what is the output of /ipv6 route print ?
Re: IPv6 on WAN no cimp
This is the output:what is the output of /ipv6 route print ?
ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 S 2000::/3 2a01:4a0:4a::1 1
1 A S 2a01:4a0:4a::1/128 ether1 1
2 ADC 2a01:4a0:4a:3c::/64 ether1 0
-
-
StubArea51
Trainer
- Posts: 1742
- Joined:
- Location: stubarea51.net
- Contact:
Re: IPv6 on WAN no cimp
For some reason, the route you have for 2000::/3 isn't active. Is the next hop reachable?
Re: IPv6 on WAN no cimp
This is the traceroute output:For some reason, the route you have for 2000::/3 isn't active. Is the next hop reachable?
tool traceroute address=2001:4860:4860::8888
# ADDRESS LOSS SENT LAST AVG BEST WORST
1 100% 2 timeout
2 100% 2 timeout
3 100% 1 timeout
4 100% 1 timeout
5 100% 1 timeout
But I can ping the gateway:
/ping 2a01:4a0:4a::1
SEQ HOST SIZE TTL TIME STATUS
0 2a01:4a0:4a::1 56 64 3ms echo reply
1 2a01:4a0:4a::1 56 64 1ms echo reply
2 2a01:4a0:4a::1 56 64 1ms echo reply
3 2a01:4a0:4a::1 56 64 1ms echo reply
sent=4 received=4 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=3ms
So it's really strange to me...
-
-
StubArea51
Trainer
- Posts: 1742
- Joined:
- Location: stubarea51.net
- Contact:
Re: IPv6 on WAN no cimp
You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active.
Re: IPv6 on WAN no cimp
Still nothing.You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active.
/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 ether1 1
1 S 2000::/3 2a01:4a0:4a::1 1
2 ADC 2a01:4a0:4a:3c::/64 ether1 0
Edited: deleted the 0 line and without that I couldn't even ping the gateway.
Maybe I should delete every IPv6 related setting and start over? (I don't think that would solve the problem as I would do it the same way...) It looks like it cannot reach the gateway, altough it pings. :S
-
-
StubArea51
Trainer
- Posts: 1742
- Joined:
- Location: stubarea51.net
- Contact:
Re: IPv6 on WAN no cimp
Try disabling the gateway check on the static default route
Re: IPv6 on WAN no cimp
Still unreachable... Now I have also asked the provider to confirm my ip settings.Try disabling the gateway check on the static default route
I decided I won't sleep until it won't work. Or at least until I'll find out why it doesen't work.
Re: IPv6 on WAN no cimp
Could be that the problem is that I have IPv4 address (with ipv4 gateway) also configured on that ether1 interface?
Re: IPv6 on WAN no cimp
The service provider confirmed the settings should work.
Subnet Details
Subnet 2a01:4a0:4a:3c::/64
Gateway 2a01:4a0:4a::1
Nameserver 2001:4860:4860::8888
Nameserver 2001:4860:4860::8844
Address to use:
IP Addresses
2a01:4a0:4a:3c::35a4/64
Still investigating...
Subnet Details
Subnet 2a01:4a0:4a:3c::/64
Gateway 2a01:4a0:4a::1
Nameserver 2001:4860:4860::8888
Nameserver 2001:4860:4860::8844
Address to use:
IP Addresses
2a01:4a0:4a:3c::35a4/64
Still investigating...
Re: IPv6 on WAN no cimp
The static global address (fe80::216:3cff:feab:137d/64) has changed to dynamic local automaticaly and there's a new global address (2a01:4a0:4a:3c:216:3cff:feab:137d/64) added:
/ipv6 address>> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::216:3cff:feab:137d/64 ether1 no
1 DL fe80::2/64 xxxxxxx no
2 DL fe80::f0:12b/64 xxxxxx... no
3 DL fe80::3/64 xxxxxxx no
4 G 2a01:4a0:4a:3c:216:3cff:feab:137d/64 ether1 yes
Still not working, I can ping the gateway, but in the routing it shows it as unreachable...
/ipv6 address>> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::216:3cff:feab:137d/64 ether1 no
1 DL fe80::2/64 xxxxxxx no
2 DL fe80::f0:12b/64 xxxxxx... no
3 DL fe80::3/64 xxxxxxx no
4 G 2a01:4a0:4a:3c:216:3cff:feab:137d/64 ether1 yes
Still not working, I can ping the gateway, but in the routing it shows it as unreachable...
Re: IPv6 on WAN no cimp
OK, stuck with this:
I can see the incoming ipv6 traffic when i try to ping 2a01:4a0:4a:3c::35a4/64 from outside. It also tries to respond, but as there's no route to host it fails.
I can ping the 2a01:4a0:4a::1 gateway from the router, but in the routing it says it's unreachable. And of course if I wan't to ping any ipv6 address outside, it says no route to host.
Is it a possible bug?
Code: Select all
/ipv6 address
add address=2a01:4a0:4a:3c::35a4 interface=ether1
/ipv6 nd
set [ find default=yes ] interface=ether1 mtu=1280
/ipv6 nd prefix
add interface=ether1 prefix=2a01:4a0:4a::1/128
/ipv6 route
add distance=0 dst-address=2000::/3 gateway=2a01:4a0:4a::1
add disabled=yes distance=0 dst-address=2a01:4a0:4a::/64 gateway=ether1
add distance=0 dst-address=2a01:4a0:4a::1/128 gateway=ether1
/ipv6 settings
set accept-router-advertisements=yesCode: Select all
/ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2a01:4a0:4a:3c::35a4/64 ether1 yes
1 DL fe80::216:3cff:feab:137d/64 ether1 no
Code: Select all
/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 S 2000::/3 2a01:4a0:4a::1 0
1 X S 2a01:4a0:4a::/64 ether1 0
2 A S 2a01:4a0:4a::1/128 ether1 0
3 ADC 2a01:4a0:4a:3c::/64 ether1 0I can see the incoming ipv6 traffic when i try to ping 2a01:4a0:4a:3c::35a4/64 from outside. It also tries to respond, but as there's no route to host it fails.
I can ping the 2a01:4a0:4a::1 gateway from the router, but in the routing it says it's unreachable. And of course if I wan't to ping any ipv6 address outside, it says no route to host.
Is it a possible bug?
-
-
StubArea51
Trainer
- Posts: 1742
- Joined:
- Location: stubarea51.net
- Contact:
Re: IPv6 on WAN no cimp
Have you tried setting the next hop to the link local address instead of the global unicast?