|
Mikrotik 6.31 - Problem IPv6 Setup
![[it]](/s/countries/it.gif) Shadow Hawkins on Thursday, 20 August 2015 10:08:08
Hi all,
I'm trying to configure the tunnel on mikrotik to migrate from HE Hurricane Electric to SixXS but seems not to work.
I have followed this guide "https://www.sixxs.net/wiki/RouterOS" but without success.
When I try to add Routes I always get the error "unreachable" and IPv6 does not work; in fact I can not even do a ping other IPv6.
I double-checked several times, the Protocol 41 is enabled both incoming and outgoing, but I do not understand why it does not work.
How can I fix?
Thanks.
Mikrotik 6.31 - Problem IPv6 Setup
You'll have to show your actual configuration and running configuration for anybody to be able to help you.
And also what you are trying to add that results in the 'unreachable' message.
Full commands & errors are useful if you want other people to look at things.
Mikrotik 6.31 - Problem IPv6 Setup
Shadow Hawkins on Thursday, 20 August 2015 17:07:27
Jeroen Massar wrote:
You'll have to show your actual configuration and running configuration for anybody to be able to help you.
And also what you are trying to add that results in the 'unreachable' message.
Full commands & errors are useful if you want other people to look at things.
Hi,
no problem, this is my tunnel info:
PoP Name: ittrn01
PoP Location: Torino, Italy Italy
PoP IPv4: 213.254.12.34
TIC Server: tic.sixxs.net (default in AICCU)
Your IPv4: Static, currently 178.22.XXX.XXX
IPv6 Prefix: 2001:1418:XXX:XXX::1/64
PoP IPv6: 2001:1418:XXX:XXX::1
Your IPv6: 2001:1418:YYY:YYY::2
Subnet Prefix: 2001:1418:XXX:8YYY::/64
Tunnel Endpoint: 2001:1418:YYY:YYY::2
This is my configuration on mikrotik:
/interface 6to4
add comment="SixXS IPv6" local-address=178.22.XXX.XXX mtu=1280 \
name=SixXS-tunnel remote-address=213.254.12.34
/ip dns
set allow-remote-requests=yes servers=\
8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844
/ip firewall filter
add chain=input comment="IPv6 SixXS - Allow ICMP" in-interface=\
pppoe-interoute protocol=icmp src-address=213.254.12.34
add chain=input comment="IPv6 SixXS - Protocol 41" in-interface=\
pppoe-interoute protocol=ipv6 src-address=213.254.12.34
add chain=output out-interface=pppoe-interoute protocol=ipv6
/ipv6 address
add address=2001:1418:YYY:YYY::2/128 advertise=no comment="SixXS Your IPv6" \
interface=SixXS-tunnel
add address=2001:1418:XXX:8YYY:: comment="SixXS Subnet /64" \
interface=bridge-local advertise=yes
/ipv6 route
add comment="SixXS PoP IPv6" distance=1 dst-address=2000::/3 gateway=\
2001:1418:XXX:XXX::1
/ipv6 firewall filter
add chain=input comment="Allow established connections" connection-state=\
established
add chain=input comment="Allow related connections" connection-state=related
add chain=input comment="Router Allow IPv6 ICMP" protocol=icmpv6
add chain=forward comment="Router Allow IPv6 ICMP" protocol=icmpv6
add action=drop chain=input comment="Drop everything else"
add chain=forward comment="Allow established connections" connection-state=\
established
add chain=forward comment="Allow related connections" connection-state=\
related
add chain=forward comment="Allow any to internet" out-interface=SixXS-tunnel
add action=drop chain=forward
the ping to PoP IPv6 not working i receive "no route to host" and on Routes section of RouterOS i see the pop ipv6 is "unreachable".
but if i change the route like on HE:
/ipv6 route
add comment="SixXS IPv6 PoP" distance=1 gateway=\
2001:1418:XXX:XXX::1,SixXS-tunnel
or
/ipv6 route
add comment="SixXS IPv6 PoP" distance=1 dst-address=2000::/3 gateway=\
2001:1418:XXX:XXX::1,SixXS-tunnel
the client PC and mikrotik can ping the PoP IPv6.
but on Routes section i see always 'unreachable, but not understand which is the problem.
Thanks.
Mikrotik 6.31 - Problem IPv6 Setup
/ip firewall filter
As you have a firewall, do make sure it allows the correct traffic.
add address=2001:1418:YYY:YYY::2/128 advertise=no comment="SixXS Your IPv6" \ interface=SixXS-tunnel
That is wrong for sure. That prefix belongs on an internal interface, not on a tunnel.
add address=2001:1418:XXX:8YYY:: comment="SixXS Subnet /64" \ interface=bridge-local advertise=yes
The masking is not making sure if you are doing it correctly, but if XXX indicates the tunnel interface then this is wrong. Above you had YYY:YYY for the subnet.
Running config is very important. Masking IP addresses won't help btw, whois can show these.
Mikrotik 6.31 - Problem IPv6 Setup
Shadow Hawkins on Monday, 31 August 2015 14:13:30
Jeroen Massar wrote:
> /ip firewall filter
As you have a firewall, do make sure it allows the correct traffic.
Hi,
i have resolved it - screenshot
add address=2001:1418:YYY:YYY::2/128 advertise=no comment="SixXS Your IPv6" \ interface=SixXS-tunnel
That is wrong for sure. That prefix belongs on an internal interface, not on a tunnel.
add address=2001:1418:XXX:8YYY:: comment="SixXS Subnet /64" \ interface=bridge-local advertise=yes
The masking is not making sure if you are doing it correctly, but if XXX indicates the tunnel interface then this is wrong. Above you had YYY:YYY for the subnet.
Running config is very important. Masking IP addresses won't help btw, whois can show these.
/interface 6to4
add comment="SixXS IPv6" local-address=<IPv4 Static IP> mtu=1280 \
name=SixXS-tunnel remote-address=<IPv4 Pop IP>
/ip dns
set allow-remote-requests=yes servers=\
8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844
/ip firewall filter
add chain=input comment="IPv6 SixXS - Allow ICMP" in-interface=\
<Gateway IPv4> protocol=icmp
add chain=input comment="IPv6 SixXS - Protocol 41" in-interface=\
<Gateway IPv4> protocol=ipv6
add chain=output out-interface=<Gateway IPv4> protocol=ipv6
/ipv6 address
add address=<Your IPv6/64> advertise=no comment="SixXS Your IPv6" \
interface=SixXS-tunnel
add address=<Subnet Prefix/64> comment="SixXS Subnet /64" \
interface=bridge-local advertise=yes
/ipv6 route
add comment="SixXS PoP IPv6" distance=1 dst-address=2000::/3 gateway=\
<Pop IPv6>,SixXS-tunnel
/ipv6 firewall filter
add chain=input comment="Allow established connections" connection-state=\
established
add chain=input comment="Allow related connections" connection-state=related
add chain=input comment="Router Allow IPv6 ICMP" protocol=icmpv6
add chain=forward comment="Router Allow IPv6 ICMP" protocol=icmpv6
add action=drop chain=input comment="Drop everything else"
add chain=forward comment="Allow established connections" connection-state=\
established
add chain=forward comment="Allow related connections" connection-state=\
related
add chain=forward comment="Allow any to internet" out-interface=SixXS-tunnel
add action=drop chain=forward
Thanks.
|
![[ch]](/s/countries/ch.gif)
on Thursday, 20 August 2015 10:33:21
Posting is only allowed when you are