Edgerouter Static IPV6 setup help please!

[jasons6930]

Hi guys,

New ISP that has static ip's and have got the basic ipv4 up and running, however i am struggling to set up the static IPv6 and Ipv6 gateway.

I have got the ipv6 set up on the WAN interface and i think, on the Switcho interface as it appears to be giving out IPv6, but non of the clients can see the outside world via ipv6.

My current config...

all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {

}


}

}
ethernet eth9 {
address ***.***.***.***/30
address ****:****:****::2/48
description Internet
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth10 {
duplex auto
speed auto
}
ethernet eth11 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
name-server 2606:4700:4700::1001
other-config-flag false
prefix ****:****:****:1::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
s
}
}
}
protocols {
static {
route6 ::/0 {
next-hop ****:****:****::1 {
interface eth9
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN2 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}

}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on eth8
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth9
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address ***.***.***.***
host-name ubnt
login {
user ********** {
authentication {
encrypted-password ****************
}
level admin
}
}
name-server *************
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC


Thanks for any help!

 

[ddaenen1]

Well, i don't have any answers for you but what i can tell you is that i have tried getting IPv6 set up on the ERL3 about a year ago and never succeeded despite many efforts. It appears that in some cases, where the ISP gives out a static IPv6, the ERL3 has issues with that. I have switched over in the mean time to a Mikrotik and now it does work BUT i have switched it off. Main reason is that i could not think of a solid argument why i should have IPv6 functionality and maybe you should ask yourself that question too.

If you can answer it positively, i wish you all the best in finding a solution to your issue.

 

[jasons6930]

Thanks.

I understand what you are saying about the absolute need for IPV6 but, i guess it isn't going to go away anytime soon so i just thought i could set it up and be done with it.

Must admit, i was beginning to wonder about the ER and problems with setting up a static IPV6, however, there really doesn't seem to be much help out there, although there is plenty if the ISP hands them out via dhcpv6.

I did have one guy helping me out but he has gone a bit quiet now so i cannot proceed any further.

Which Mikrotik would you recommend as an alternative to the ER12?

 

[coxhaus]

If you really want good IPv6 I sure the Cisco small business gear will work well.

 

[ddaenen1]

Thanks.

I understand what you are saying about the absolute need for IPV6 but, i guess it isn't going to go away anytime soon so i just thought i could set it up and be done with it.

Must admit, i was beginning to wonder about the ER and problems with setting up a static IPV6, however, there really doesn't seem to be much help out there, although there is plenty if the ISP hands them out via dhcpv6.

I did have one guy helping me out but he has gone a bit quiet now so i cannot proceed any further.

Which Mikrotik would you recommend as an alternative to the ER12?

I found exactly the same when i was look for help. Even posted a couple of messages on their forum but without any solid solution.

As for which Mikrotik, i guess that largely depends on your budget. I am running a Mikrotik RB3011UiAS-RM of which i am really happy. Throughput is more than sufficient for my 1Gbps connection and once you get the hang of it, RouterOS is easy to work with. A big difference is that with RouterOS, all settings can be done via the GUI whereas with the ERL3, a lot of stuff can only be configured via CLI. Of course, the RB3011 is a 19" rack model but the RB4011 can do both desktop and rack and is significantly faster than the RB3011. Probably one of my next upgrades.

 

[jasons6930]

I found exactly the same when i was look for help. Even posted a couple of messages on their forum but without any solid solution.

As for which Mikrotik, i guess that largely depends on your budget. I am running a Mikrotik RB3011UiAS-RM of which i am really happy. Throughput is more than sufficient for my 1Gbps connection and once you get the hang of it, RouterOS is easy to work with. A big difference is that with RouterOS, all settings can be done via the GUI whereas with the ERL3, a lot of stuff can only be configured via CLI. Of course, the RB3011 is a 19" rack model but the RB4011 can do both desktop and rack and is significantly faster than the RB3011. Probably one of my next upgrades.

Must admit after posting I did steer towards the 3011 as that did seem to compare a little with the ER.

I like the look of the 4011 and it isn't a huge amount more than the 3011, but would i notice a real difference in performance between the two? (3011 & 4011)?

Either are much cheaper than the ER12!