IPv6 over IPv4 - what am I doing wrong?

edited May 2022 in Technical

Hi guys,
I am trying to set up a tunnel via Route48 or HE to make IPv6 working at home. I have a public IPv4 (carrier says it's dynamic, but it did not change in the last 5 months, lol) and MikroTik RB4011iGS+5HacQ2HnD (RouterOS 7.1.1 stable).
Because my carrier provided me a semi-managed by them router [ZTE] (I do not have administrative access to it, I can for example set up firewall or change wifi password), I made NAT on my MikroTik.
It looks like that:
ZTE: 192.168.1.0/24
MikroTik: 192.168.1.2, DMZ 192.168.1.6 (WAN INTERNET), NAT 192.168.88.0/24
All devices except IPTV client device, are connected to MikroTik

What I want to reach is to make IPv6 work in my home network and I tried several ways to make the tunnel working, but both do not work.

First approach: using NAT IP (192.168.88.1)
[admin@MikroTik] > /interface 6to4 add comment="Route48.org Tunnel Broker (DE)" disabled=no local-address=192.168.88.1 mtu=1280 name=sit1 remote-address=194.50.X.X [admin@MikroTik] > /ipv6 route add comment="" disabled=no distance=1 dst-address=::/0 gateway=2a06:a003:XXXX::1 scope=30 target-scope=10 [admin@MikroTik] > /ipv6 address add address=2a06:a003:XXXX::2/48 advertise=no disabled=no eui-64=no interface=sit1

Second approach: using carrier router IP (192.168.1.6):
[admin@MikroTik] > /interface 6to4 add comment="Route48.org Tunnel Broker (DE)" disabled=no local-address=192.168.1.6 mtu=1280 name=sit1 remote-address=194.50.X.X [admin@MikroTik] > /ipv6 route add comment="" disabled=no distance=1 dst-address=::/0 gateway=2a06:a003:XXXX::1 scope=30 target-scope=10 [admin@MikroTik] > /ipv6 address add address=2a06:a003:XXXX::2/48 advertise=no disabled=no eui-64=no interface=sit1

I also tried to forward all ports to Mikrotik and use my public IPv4, but it didn't work neither...

After any try, I tried to ping Cloudflare IPv6 DNS, but there are timeouts...
[admin@MikroTik] > ping 2606:4700:4700::1111 SEQ HOST SIZE TTL TIME STATUS 0 2606:4700:4700::1111 timeout 1 2606:4700:4700::1111 timeout 2 2606:4700:4700::1111 timeout 3 2001:470:71:74b:: 104 64 95ms158us address unreachable

What am I doing wrong in my config? Tunnel does not work neither with Route48 nor HE.

Tagged:

Comments

  • I beleive your public ip needs to be pingable, to use Route48's tunnel if not wireguard..

    Can you confirm if that's the case?

  • It doesn't look like you're trying to do GRE at all with your command lines, but I don't know this router, so I can't help much beyond that.

    The other way of solving this is to use wireguard on a linux host. That's easy to setup, but I guess you're trying to do everything on the router itself if you can.

  • @brejski said: I also tried to forward all ports to Mikrotik and use my public IPv4, but it didn't work neither...

    I wonder if your router is able to forward the SIT protocol (41) which you are trying to use. BTW GRE also use its own protocol (47), but WireGuard uses UDP.

    Thanked by (1)yoursunny
  • @contactwajeeh said:
    I beleive your public ip needs to be pingable, to use Route48's tunnel if not wireguard..

    Can you confirm if that's the case?

    My public IP is pingable and reachable from internet

    @lebuser said:

    I wonder if your router is able to forward the SIT protocol (41) which you are trying to use. BTW GRE also use its own protocol (47), but WireGuard uses UDP.

    This is a good question. I know this router supports GRE

  • CloudieCloudie Hosting ProviderServices Provider

    @brejski said: My public IP is pingable and reachable from internet

    But, unfortunately still behind a NAT.

    You will need to use Wireguard. Mikrotik devices running v7 have the ability to run Wireguard natively. :)

    Thanked by (1)yoursunny
  • You can try to put your zte in bridged mode and use mikrotik to do the routing.
    SIT/GRE would work only with 1:1 NAT, Alternatively it would be possible to do with iptables prerouting rule if your zte router allows you to add them.

  • edited May 2022

    @Cloudie said:

    @brejski said: My public IP is pingable and reachable from internet

    But, unfortunately still behind a NAT.

    You will need to use Wireguard. Mikrotik devices running v7 have the ability to run Wireguard natively. :)

    I am trying to set up Wireguard, but something is wrong and IPv6 does not work. I configured several IPv4 tunnels on MikroTik in the past....
    Providing screenshots (IPs and keys removed)
    First one: Configuration of Interface and Peer - interface has public key from config

    Second one: IPv6 configuration

  • CloudieCloudie Hosting ProviderServices Provider

    @brejski pop into the discord if you can ( https://discord.gg/e9Dm6d7ey3 ), there are a few users that run Mikrotik, perfectly fine on there, and from the DE POP as well. they would be best to talk to about that, after all, my experience with Mikrotik is a bit.. lacking... (i did recently purchase one, but haven't had the time to mess around with it)

    Thanked by (1)brejski
  • @Cloudie said:
    @brejski pop into the discord if you can ( https://discord.gg/e9Dm6d7ey3 ), there are a few users that run Mikrotik, perfectly fine on there, and from the DE POP as well. they would be best to talk to about that, after all, my experience with Mikrotik is a bit.. lacking... (i did recently purchase one, but haven't had the time to mess around with it)

    Cool, joined. Thanks!

Sign In or Register to comment.