Hi there,
as it is holiday season I've dedicated some spare time to getting my IPv6 Tunnel up and runnning again - and ran into the problem, that my tunnel can send data but never receives any data...
My setup:
912UAG-5HPnD
Sierra Wireless MC7710 3G/4G PCI Card for Internet-Connectivity
Several other clients (Other Mikrotik Routerboards and a Mac).
My IP address is dynamic so I've update it with a script found at the mikrotik-wiki which works fine (tested a few moments ago) - as soon my ip changes HE gets an update.
All clients are working fine with the provided internal scope: 2001:470:26:301::/64
But none of them is able to send requests beyond my internal borders...
If I try to ping the IPv6 2001:470:25:301::1 which is my default gateway - I'll get an timeout (tested on the router itself, another mikrotik router and my mac).
On the mikrotik router which holds the sit1 tunnel, I see packets leaving the interface - but none of them are getting back (absolutely zero - none...)
Also with wireshark I was able to see, that the packets are leaving - with the IPv6 destination 2001:470:25:301::1 and the IPv4 destination 216.66.80.98 - but nothing gets answered...
A few configurations from my mikrotik router:
ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-... INTERFACE ADV
0 DL fe80::e68d:8cff:fef7:af59/64 VLAN666 no
1 DL fe80::e68d:8cff:fef7:af59/64 VLAN10 no
2 DL fe80::e68d:8cff:fef7:af59/64 VLAN1 no
3 DL fe80::e68d:8cff:fef7:af59/64 vlan666 no
4 DL fe80::e68d:8cff:fef7:af59/64 ether1 no
5 DL fe80::4421:ccff:febe:507/64 lte1 no
6 DL fe80::200:5eff:fe00:101/64 gw-vlan10 no
7 G 2001:470:25:301::2/64 sit1 no
8 G 2001:470:26:301::1/64 VLAN666 yes
9 DL fe80::fefd:0/64 sit1 no
ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S 2000::/3 2001:470:25:301::1 1
1 ADC 2001:470:25:301::/64 sit1 0
2 ADC 2001:470:26:301::/64 VLAN666 0
interface 6to4 print
Flags: X - disabled, R - running
# MTU ACTUAL-MTU LOCAL-ADDRESS REMOTE-ADDRESS
0 R ;;; Hurricane Electric IPv6 Tunnel Broker
1480 1480 178.112.22.4 216.66.80.98
/ip firewall filter
add chain=input protocol=ipv6
add chain=input connection-state=established,related,new protocol=ipv6
add chain=output protocol=ipv6
add chain=input connection-state=established,related,new log=yes src-address=216.66.80.98
add chain=output dst-address=216.66.80.98
add chain=input comment="Allow limited pings" limit=50,2:packet protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
/ipv6 firewall filter
add chain=output protocol=icmpv6
add chain=input protocol=icmpv6
add chain=output
add chain=input
In the firewall-counters I can see that traffic is going to 216.66.80.98 - but there is no traffic going back (
I've also talked with my internet-provider in advance - they do not filter out anything, as this can be disabled via self-servive portal (already done that ages ago).
I've also deleted my whole configuration and passed in the following configuration to my router (again).
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=178.112.22.4 mtu=1280 name=sit1 remote-address=216.66.80.98
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:25:301::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:25:301::2/64 advertise=no disabled=no eui-64=no interface=sit1
Here in this forum a few other posts were made with almost the same "errors" I've running into - strangely they did not get a lot of feedback, maybe someone can finally explain if this is a general problem, or how you could get rid of that.
Hopefully someone can help me.
Thanks in advance
Björn
I'll admit I did not study this in detail...have you emailed ipv6@he.net and asked them to look at your tunnel? I've seen edge cases where the tunnel just doesn't get setup correctly.
I've did - I'll keep this thread updated, if any news come in.
So far I've only received an acknowledgement mail by support.