• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

SIT tunnel on Mikrotik

Started by ghane, March 12, 2021, 04:45:55 AM

Previous topic - Next topic

ghane

Hi,

I have a tunnel registered in 2019, to route our own PI IPv6 space with our ASN.  This was never critical, so each time I have spent some time setting it up, failing, and then forgetting about it.  But this time, I will stick with it :-)

Firstly, the SIT is up, and I see a few packets flowing. 

[sanjeev@270s] > /interface 6to4 print  detail
Flags: X - disabled, R - running
0  R ;;; Hurricane Electric IPv6 Tunnel Broker
      name="sit1" mtu=1480 actual-mtu=1480 local-address=103.224.166.65
      remote-address=216.218.221.2 keepalive=10s,10 dscp=0 clamp-tcp-mss=yes
      dont-fragment=no


My IPv6 addresses from HE are:
Mine:
2001:470:17:11a::2/64

HE:
2001:470:17:11a::1/64


But I cannot even ping the other side, 2001:470:17:11a::1 .  Is this normal?  I do have a route:

[sanjeev@270s] > /ipv6 route print where dst-address=2001:470:17:11a::2/64
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
#      DST-ADDRESS              GATEWAY                  DISTANCE
0 ADC  2001:470:17:11a::/64     sit1                            0


Thank you,

--
Sanjeev


tomkep

The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).

If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.

ghane

Quote from: tomkep on March 12, 2021, 06:21:59 AM
The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).
Yes, please.

Quote from: tomkep on March 12, 2021, 06:21:59 AM

If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.

This is a pure router, no protocol (udp, tcp,41) is blocked, and no ports, either.  I can see 120MB/247MB of traffic to 216.218.221.2 since last reboot, protocol 41.

Thank you for helping me debug this.

--
Sanjeev

ghane

Hi, this is solved.

The Tunnel endpoint on my side was the interface.  I changed it to the Router's IP address, and all works, including BGP.

Thank you