MikroTik

Posted: **Mon Jul 08, 2013 4:38 am**

Hi there, I've been working on this for 2 days now and checked every thread and wiki post that I could possibly find on the subject, but I can't seem to get my clients connecting to the internet through my ipv6 tunnel.

I am able to ping google's ipv6 address from the router, and I'm able to ping both of my interfaces, but I'm a complete newbie and have no idea what to do other than that, I'm sure I'm missing the most basic thing in the world.

IPv6 Tunnel Endpoints
Server IPv4 Address:184.105.253.14
Server IPv6 Address:2001:470:1f10:a2e::1/64
Client IPv4 Address:70.75.xxx.132
Client IPv6 Address:2001:470:1f10:a2e::2/64
Routed IPv6 Prefixes
Routed /64:2001:470:1f11:a2e::/64
Routed /48:Assign /48
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42

[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                          ADVERTISE
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway                                     no       
 1 DL fe80::464b:8884/64                                    sit1                                               no       
 2  G 2001:470:1f10:a2e::2/64                               sit1                                               yes      
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local                                yes

[admin@MikroTik] > /ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  2000::/3                 2001:470:1f10:a2e::1            1
 1 ADC  2001:470:1f10:a2e::/64   sit1                            0
 2 ADC  2001:470:1f11:a2e::/64   ether2-master-local             0

[admin@MikroTik] > /interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE         MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1-gateway                      ether       1500  1520       1520 00:0C:42:BC:FC:93
 1  R  ether2-master-local                 ether       1500  1520       1520 00:0C:42:BC:FC:94
 2   S ether3-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:95
 3  RS ether4-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:96
 4   S ether5-slave-local                  ether       1500  1520       1520 00:0C:42:BC:FC:97
 5  R  ;;; Hurricane Electric IPv6 Tunnel Broker
       sit1                                sit         1280

admin@MikroTik] > /ipv6 nd print
Flags: X - disabled, I - invalid, * - default 
 0 X* interface=all ra-interval=5s-30s ra-delay=3s mtu=unspecified reachable-time=unspecified 
      retransmit-interval=unspecified ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes 
      advertise-dns=yes managed-address-configuration=no other-configuration=no

I think I've got it all together, but I'm clearly missing one key aspect here. Can anyone give me an idea what the heck I'm doing wrong?? Thanks very much...

Posted: **Tue Jul 09, 2013 4:36 am**

If you can ping google via IPv6 then your tunnel is working and routing properly. What IPv6 address are you getting on your client - I don't see a LAN side IPv6 address unless you are trying to bridge everything to the WAN interface.

Posted: **Tue Jul 09, 2013 5:25 am**

Hey there,

I am using ether2-master-local as my lan endpoint.. I'm hoping to have something similar for my ipv6 stack as I have running for my ipv4 stack, here's my address listing for my ipv4 stack for reference:

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                       
 0   ;;; default configuration
     192.168.0.1/24     192.168.0.0     ether2-master-local                                                             
 1 D 70.75.xxx.xxx/22   70.75.136.0     ether1-gateway

[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE           
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway      
 1 DL fe80::464b:8884/64                                    sit1                
 2  G 2001:470:1f10:a2e::2/64                               sit1                
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local

basically, I've got my modem connected to port 1 (ether1-gateway) on my router, and my LAN connected to port 2 (ether2-master-local) on my router, and that's it.. I believe the address I've got on the ether2-master-local is an address within the routable /64 subnet they gave me.. Unless I'm completely wrong (entirely possible since I'm an utter newbie to mikrotik and ipv6)

Thanks again for taking a look at this...

Posted: **Tue Jul 09, 2013 5:44 am**

Hmm, My network architecture goes as such:

Modem -> Router Port 1 -> Router port 2 -> LAN

My ipv4 address scheme goes like this:

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                  
 0   ;;; default configuration
     192.168.0.1/24     192.168.0.0     ether2-master-local                                                                        
 1 D 70.75.136.132/22   70.75.136.0     ether1-gateway

I'm not quite sure how ipv6 addressing works, but I thought I had actually put a proper IP onto my port 2 (ether2-master-local):

[admin@MikroTik] > /ipv6 address print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                     ADVERTISE
 0 DL fe80::20c:42ff:febc:fc93/64                           ether1-gateway                                                no       
 1 DL fe80::464b:8884/64                                    sit1                                                          no       
 2  G 2001:470:1f10:a2e::2/64                               sit1                                                          yes      
 3  G 2001:470:1f11:a2e::1/64                               ether2-master-local                                           yes

to be honest, I'm not sure if ::1 is a proper address within the 2001:470:1f11::/64 range (and it is showing as unreachable on the route list) Anyway, maybe I'm screwed up on some routing rules or something? I'm also noticing that my ether2-master-local interface does not have a local address, I'm assuming that i need one of those?

Thanks again and sorry for my lack of knowledge here.

Posted: **Tue Jul 09, 2013 11:13 am**

Hi again, solved my issue, took a better look at my client's IP addresses and they weren't in the routable network. (I thought they would automatically configure to the /64 on the gateway, I guess not).

Anyway, all is well on my network, thanks for taking a look at my configs (addressing was indeed the issue)

-Wes

Edit: Also, my ether2-master-local didn't have a link-local ipv6 address. A quick reboot solved that issue and my routes suddenly became reachable to it. Educational experience.

Posted: **Sun Nov 03, 2013 5:10 pm**

Hi,

I have similar problem, so I will continue in this thread.

I have been trying to set up local IPv6 network. I did all necessary configuration as is explained at http://wiki.mikrotik.com/wiki/Manual:My ... v6_Network
I set up IPv6 network using IPv6 address pool /64 from my tunnel provider. My ISP also provides IPv6 connectivity but unfortunately I cannot add static IPv6 Neighbor entry in Mikrotik, so I'm staying with only IPv4 and my ISP.

I have the following configuration on Routerboard RB493AH (Router OS v6.4)
I have all internal ports in bridge mode (LAN)

/interface bridge port
add bridge=LAN interface=eth5

I have working tunnel (IPv6 and IPv4) and it's routing properly.
/interface 6to4
add comment="IPv6 tunel" local-address=x.x.x.x name=tunel_Provider \
remote-address=x.x.x.x

/ipv6 nd
add advertise-dns=yes interface=LAN mtu=1280 other-configuration=yes \
reachable-time=2m retransmit-interval=5s

/ipv6 route
add distance=1 dst-address=2000::/3 gateway=2001

x:d750::1 (tunnel server end point IP)

Tunnel provider provides me 2001:x..x:d450::/64 prefix

/ipv6 address
add address=2001

x:d450::/64 comment="Local IPv6 LAN" interface=LAN
add address=2001

x:d750::2 advertise=no comment="IPv6 tunel" \
interface=tunel_Provider

In such configuration PCs are able to configure their interfaces with IPv6 (IP + gateway) and are able to connect to IPv6 internet.

The problem is, if I replace prefix entry in /IPv6 address (2001

x:d450::/64 comment="Local IPv6 LAN" ) with fixed address (e.g.2001

x:d450::1) PCs in network are not able to configure their IPv6 interface and cannot establish IPv6 connectivity.
I also tried to replace in IPv6 address list prefix (2001

x:d450::/64) with ::1/64 and add a IPv6 pool, but it was no difference.
/ipv6 pool
add name=DHCPv6_pool prefix=2001

x:d450::/64 prefix-length=64

I tested above configuration with Mac OS 10.7

Can anyone give me an idea what the heck I'm doing wrong?? Thanks very much...

Urban

MikroTik

IPv6 Tunnelling (solved)

IPv6 Tunnelling (solved)

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling

Re: IPv6 Tunnelling (solved)