Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: SIT tunnel on Mikrotik  (Read 1647 times)

ghane

  • Newbie
  • *
  • Posts: 3
SIT tunnel on Mikrotik
« on: March 12, 2021, 04:45:55 AM »

Hi,

I have a tunnel registered in 2019, to route our own PI IPv6 space with our ASN.  This was never critical, so each time I have spent some time setting it up, failing, and then forgetting about it.  But this time, I will stick with it :-)

Firstly, the SIT is up, and I see a few packets flowing. 

[sanjeev@270s] > /interface 6to4 print  detail
Flags: X - disabled, R - running
 0  R ;;; Hurricane Electric IPv6 Tunnel Broker
      name="sit1" mtu=1480 actual-mtu=1480 local-address=103.224.166.65
      remote-address=216.218.221.2 keepalive=10s,10 dscp=0 clamp-tcp-mss=yes
      dont-fragment=no


My IPv6 addresses from HE are:
Mine:
2001:470:17:11a::2/64

HE:
2001:470:17:11a::1/64


But I cannot even ping the other side, 2001:470:17:11a::1 .  Is this normal?  I do have a route:

[sanjeev@270s] > /ipv6 route print where dst-address=2001:470:17:11a::2/64
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 ADC  2001:470:17:11a::/64     sit1                            0


Thank you,

--
Sanjeev

Logged

tomkep

  • Newbie
  • *
  • Posts: 13
Re: SIT tunnel on Mikrotik
« Reply #1 on: March 12, 2021, 06:21:59 AM »

The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).

If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.
Logged

ghane

  • Newbie
  • *
  • Posts: 3
Re: SIT tunnel on Mikrotik
« Reply #2 on: March 12, 2021, 08:27:15 AM »

The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).
Yes, please.


If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.

This is a pure router, no protocol (udp, tcp,41) is blocked, and no ports, either.  I can see 120MB/247MB of traffic to 216.218.221.2 since last reboot, protocol 41.

Thank you for helping me debug this.

--
Sanjeev
Logged

ghane

  • Newbie
  • *
  • Posts: 3
Re: SIT tunnel on Mikrotik
« Reply #3 on: March 15, 2021, 08:51:59 PM »

Hi, this is solved.

The Tunnel endpoint on my side was the interface.  I changed it to the Router's IP address, and all works, including BGP.

Thank you
Logged