• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Setup IPv6 on Mikrotik router - unable to ping/get net connection using IPv6

Started by LANLink, April 06, 2011, 10:52:29 AM

Previous topic - Next topic

LANLink

Hello there,
I'm actually using IPv6 for the first time but I'm having problems using it with my Mikrotik Router and I'm really looking for some help from someone.

At the moment, I've set the firewall up on IPv4 side to allow protocal 41.

And I have used the following code to my router:


/interface 6to4
  add comment="HE IPv6" local-address=81.106.XXX.XXX mtu=1280 name=sit1 remote-address=\
    216.66.80.26

/ipv6 address
  add address=2001:470:XXX:17a5::2/64 advertise=no eui-64=no interface=sit1

/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:XXX:17a5::1 scope=30 target-scope=10



All the LAN computers now have the IPv6 addresses, but no DNS addresses for IPv6.
Also on my windows 7 machines they are reporting "no internet access" on the IPv6 status area.

Thank you

cholzhauer

So what problems are you having?

If you could remove the X's in your IPv6 addresses, it would be helpful.

LANLink

Well the problem I'm having is that I'm not able to verify that its actually working - i.e. webpages don't seem to be loading expect for ipv6.he.net - when I test my configuration here: http://test-ipv6.com - is shows that its not working.

Here is the code again without the XXX


/interface 6to4
  add comment="HE IPv6" local-address=81.106.119.233 mtu=1280 name=sit1 remote-address=\
    216.66.80.26

/ipv6 address
  add address=2001:470:1f08:17a5::2/64 advertise=no eui-64=no interface=sit1

/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:1f08:17a5::1 scope=30 target-scope=10

cholzhauer

Thanks

Are you able to open a console session on your router to try something like "ping ipv6.google.com" ?  I'd like to make sure the tunnel is working before we start "fixing" clients

Edit:

I don't know if this matters, but I noticed you're using a 6to4 interface on your router...is that something you named or is that what the OS calls it?

Does your router have a NAT address or does it actually have that 81.106 address that you list?

mindlesstux

cholzhauer:
For a mikrotik, that would be the correct interface name.

Based on what the OP posted it looks like they copied and pasted the example configuration they got from the tunnel detail page.

*EDIT*
I to question the status of the IPv6 tunnel...
# ADDRESS                                 RT1   RT2   RT3   STATUS                                               
1 2001:470:7:303::1                       43ms  43ms  43ms                                                       
2 2001:470::90:0:0:0:1                    41ms  41ms  45ms                                                       
3 2001:470::36:0:0:0:2                    48ms  58ms  47ms                                                       
4 2001:470::128:0:0:0:2                   118ms 125ms 124ms                                                       
5 2001:470::67:0:0:0:2                    121ms 122ms 121ms network unreachable

LANLink

Yes I have a console open now, but I am unable to ping the google address.
The tunnel, doesn't seem to be receiving data. The guide I used to configure the router was this: http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network
I have also tried the configuration which tunnelbrokers creates (but same issues occurs).

6to4 is the bridge between my IPv4 and IPv6 - i.e. the tunnelling system.

My public (static) IP from my ISP is 81.106


Thank you for your help in this issue.

mindlesstux

Is this router behind a router/modem?

Do you have a public IP on your mikrotik?

*EDIT*
Isnt the tunnel broker suppose to be able to ping your ipv4 endpoint?

[mindlesstux@Router-Davenport] > ping 81.106.119.233
HOST                                    SIZE  TTL TIME  STATUS                                                     
81.106.119.233                                          timeout                                                   
81.106.119.233                                          timeout                                                   
81.106.119.233                                          timeout                                                   
81.106.119.233                                          timeout                                                   
    sent=4 received=0 packet-loss=100%

cholzhauer

Quote
Isnt the tunnel broker suppose to be able to ping your ipv4 endpoint?

He could be only allowing ping from HE

I'm unable to ping the HE side of the tunnel, and I"m always able to do that



[carl@mars ~]$ ping6 2001:470:1f08:17a5::1
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1f08:17a5::1
^C
--- 2001:470:1f08:17a5::1 ping6 statistics ---
13 packets transmitted, 0 packets received, 100.0% packet loss

LANLink

My firewall prevent any kind of ping expect from the address I allow (which is confirmed as working using the tools on HE).

Also I am unable to ping HE's server for IPv6.

My router (RB450G) has a public IP. (81.106.119.233)

cholzhauer

Quote from: LANLink on April 06, 2011, 12:03:47 PM
Also I am unable to ping HE's server for IPv6.

Sure..if your tunnel isn't up, it won't work ;)

mindlesstux, can you try pinging the IPv6 address of the HE side of his tunnel to confirm?

EDIT:

I just tried the looking glass and was unable to ping 2001:470:1f08:17a5::1

HE page shows all tunnel servers as being up

mindlesstux

LANLink,
What tunnel server are you using? (City, Country please)

I dont recognize the 1f08 prefix of the tunnel server.  (At least I am fairly certain that is a identifier for which tunnel server.)

Also a reverse dns on the tunnel ip makes me wonder is it the right ipv6 address...
$ dig -x 2001:470:1f08:17a5::1 @4.2.2.2

; <<>> DiG 9.7.1-P2 <<>> -x 2001:470:1f08:17a5::1 @4.2.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12700
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.a.7.1.8.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
8.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 900 IN SOA ns1.he.net. hostmaster.he.net. 2011040303 10800 1800 604800 86400

;; Query time: 94 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Wed Apr  6 15:13:33 2011
;; MSG SIZE  rcvd: 147


If I do a reverse DNS check on my tunnel ip, I get something of the following...
;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.3.0.7.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN PTR mindlesstux-1-pt.tunnel.tserv13.ash1.ipv6.he.net.

LANLink

Sadly, I cannot ping the HE server on IPv6. But even on the HE webpage using the their looking glass I get theses results:

Count   5
Size   16 bytes
Target   2001:470:1f08:17a5::1
Timeout   5000ms
TTL   64
Receieved Percent   0%
Receieved Count   0/5


[Admin@MKroute] > ping 2001:470:1f08:17a5::1
2001:470:1f08:17a5::1 ping timeout
2001:470:1f08:17a5::1 ping timeout
2001:470:1f08:17a5::1 ping timeout
2001:470:1f08:17a5::1 ping timeout
2001:470:1f08:17a5::1 ping timeout

------

At the moment I am connected to the UK server (ipv4 = 216.66.80.26)

mindlesstux

Can you go to the tunnel details page and go to the example configuration and copy to here the mikrotik example?  With no edits... 

LANLink

Example configuration:
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=81.106.119.233 mtu=1280 name=sit1 remote-address=216.66.80.26
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:1f08:17a5::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:1f08:17a5::2/64 advertise=yes disabled=no eui-64=no interface=sit1



broquea