• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Setup IPv6 on Mikrotik router - unable to ping/get net connection using IPv6

Started by LANLink, April 06, 2011, 10:52:29 AM

Previous topic - Next topic

LANLink

Thank you - I've just tried pinging again, but no luck 2001:470:1f08:17a5::1/64 - This is from my router. Although the webpage checker is working.




mindlesstux

broquea, thank you for dropping in, I was about to go insane for a minute...

I can hit ::1/64 but not ::2/64 from my home router.

... and as I am about to hit post, ::2/64 pings...

[mindlesstux@Router-Davenport] > tool traceroute 2001:470:1f08:17a5::2
# ADDRESS                                 RT1   RT2   RT3   STATUS                                                
1 2001:470:7:303::1                       43ms  43ms  46ms                                                        
2 2001:470::90:0:0:0:1                    41ms  48ms  49ms                                                        
3 2001:470::36:0:0:0:2                    48ms  47ms  47ms                                                        
4 2001:470::128:0:0:0:2                   124ms 125ms 133ms                                                      
5 2001:470::67:0:0:0:2                    121ms 122ms 121ms                                                      
6 2001:470:1f08:17a5::2                   129ms 139ms 143ms                                                      


LANLink, try pinging ipv6.google.com now or visiting any ipv6 site.

LANLink

I can't seem to visit any page yet, or ping anything directly from the router.
There must be something in the configuration of the router.....

mindlesstux

Did you add one of the routed ips to the lan side of your router?
The following should do ya, but thats assuming your lan router IPv4 address is on a interface called bridge1.
ipv6 address add address=2001:470:1f09:17a5::1/64 interface=bridge1 actual-interface=bridge1 eui-64=no advertise=yes

LANLink

Hi there,
Yes I have added this to the LAN side. But just as we are speaking my mac is actually able to visit IPv6 pages now. I think this might be working now.... fingers crossed! Just running a few more tests.


LANLink

Right ok I can:
Visit IPv6 webpages with no problems (actually faster than IPv4)
I cannot ping my HE server 2001:470:1f08:17a5::1
I can ping ipv6.google.com - using 2001:4860:8004::93

The IPv6 test site - passed on my mac expect for the "No IPv6 address detected" but all other test. It did not work on the windows pc's. I can't ping or visit any site.



cholzhauer

You are using the wrong /64 for your hosts...on your tunnel info page, you should have two /64's...one says tunnel /64 and one says routed /64

Use the routed /64 for your hosts...you should only use ::1 and ::2 out of your tunnel /64

(I have seen posts saying that using your tunnel /64 works, but it's not "best practice" and HE doesn't delegate DNS for those)

LANLink

I've tried changing the host as you've suggest but nothing has change.

broquea


LANLink

Ok right I got this working all working now.

For anyone else that may need it and also for the configuration tool (it needs updating to work with ROS V4.17+)

Add in firewall rules to allow protocal 41 to pass through firewall
Add in HE ip address when if needed to trusted list

Import the following replacing the details where needed.

NB = eth3 is the LAN

/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=81.106.119.233 mtu=1280 name=sit1 remote-address=216.66.80.26


/ipv6 address
add address=2001:470:96e0:1::1/64 advertise=yes comment="" disabled=no \
   eui-64=no interface=ether3
add address=2001:470:1f08:17a5::2/64 advertise=yes comment="" disabled=no \
   eui-64=no interface=sit1

/ipv6 firewall filter
add action=accept chain=input comment="Router - Allow IPv6 ICMP Traffic" \
   disabled=no protocol=icmpv6
add action=accept chain=input comment=\
   "Router - Accept established connections" connection-state=established \
   disabled=no
add action=accept chain=input comment="Router - Accept related connections" \
   connection-state=related disabled=no
add action=drop chain=input comment="Router - Drop invalid connections" \
   connection-state=invalid disabled=no
add action=accept chain=input comment="Router- UDP" disabled=no protocol=udp
add action=accept chain=input comment="Router - From our LAN" disabled=no \
   in-interface=bridge1
add action=log chain=input comment="Router - Log everything else" disabled=no \
   log-prefix="DROP IP6 INPUT"
add action=drop chain=input comment="Router - Drop everything else" disabled=\
   no
add action=drop chain=forward comment="Lan - Drop invalid Connections" \
   connection-state=invalid disabled=no
add action=accept chain=forward comment="Lan - Accept UDP" disabled=no \
   protocol=udp
add action=accept chain=forward comment="LAN - Accept ICMPv6 " disabled=no \
   protocol=icmpv6
add action=accept chain=forward comment=\
   "Lan - Accept established Connections" connection-state=established \
   disabled=no
add action=accept chain=forward comment="Lan - Accept related connections" \
   connection-state=related disabled=no
add action=accept chain=forward comment="Lan - From our Lan" disabled=no \
   in-interface=ether3 src-address=2001:470:1f09:17a5::/64
add action=log chain=forward comment="Lan - Log everything else" disabled=no \
   log-prefix="Log IPv6"
add action=reject chain=forward comment="Lan - Drop everything else" \
   connection-state=new disabled=no in-interface=sit1 reject-with=\
   icmp-no-route

/ipv6 nd
add advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=64 \
   interface=all managed-address-configuration=no mtu=unspecified \
   other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
   reachable-time=unspecified retransmit-interval=unspecified

/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2001:470:1f08:17a5::2 \
   scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=\
   2001:470:1f08:17a5::1 scope=30 target-scope=10

Edit:

I forgot to say a thank you to everyone who help resolve this matter. Its now working perfectly and I've distributed it across 4 other routers now.