my router DIR-605L seem don't have IPv6 support.. btw I tried this way:


But... can't pinging:


This post has been edited by Anime4000: Oct 16 2013, 05:12 PM

Can you try ping to other websites? As example, he.net

the way of yr config work for me, dunno why it doesnt work for u, show us your router config.

Hmm, will try to work on that when I am back home later this evening. Using the router provided by TM, i.e.: DIR-615.

My router was DIR-605L. Dont have IPv6...

Could it be an issue with the newer 1.06TM firmware you've upgraded to? 1.01TM runs really stable for me and I am looking around for this version of the firmware so that I can revert back to it. I don't want to get stuck at 1.06TM after trying it.

no idea have been disable ipv6 for few days
no frequent dc issue for this few days
and before I upgrade to 1.06 firmware I do a backup during 1.01 firmware already

How you backup the 1.01 firmware?

then it could be yr windows config? or yr firewall or other software blocking it?

login using below details
user: operator
passw: h566UniFi

go tools > system > save to local hard drive
that cfg.bin should be the firmware backup, didn't try myself

Yes, that is just the configuration backup. But what if you want to downgrade to 1.01 firmware? Because 1.06 might be the culprit for frequent dc. I had no dc issues with 1.01

My initial test of enabling IPV6 with D-Link DSL-2750U ended up in failure even though I enabled IPV6, Request Address and Prefix.

It turns out I must CHECK the Enable RADVD for IPV6 to work its magic.

Thanks for the screenshot.

EDIT: Btw, how to visit IPV6 enabled https lowyat forum? My browser passes the test-ipv6.com with full score and I just posted this post, how come I didnt get the unique 'IPV6' logo at the top right?

This post has been edited by JohnLai: Oct 18 2013, 04:30 PM

Mikrotik Unifi PPPoE IPV6 configuration (tested on RB750 ROS 5.17 + BSRBRF01)

Prerequisites :

i. IPV6 RouterOS modules loaded in System -> Packages (Winbox)
ii. PPPoE Client profile (default) must have IPV6 set to Yes n PPP -> Profiles -> 'default' -> Protocols (Use IPv6 = Yes)

1. Replace "ether1_vlan500_UNIFI" with the name of your Unifi PPPoE client interface :

In terminal :



2. Terminal on my RouterOS says the commands for IPv6 addressing are invalid .. so use Winbox GUI and go into :



3. Disable and enable your PPPoE client interface. It should get a new DHCPv6 prefix which will propagate to your IPv6 address list and LAN clients.


...

Reconnect your LAN clients and it should auto negotiate an IPv6 address for them.

** Do not set static /64 prefixes, they appear to be dynamic and unique to your PPPoE session ID and will change upon reconnect.

TCP MSS Fix :

As pointed out by wKkaY, use the MTU flag in the IPv6 RA to advertise the proper link MTU to your clients :

In Winbox :

IPv6 -> ND

Select your default ND (operates on 'all' interfaces by default), change the MTU option to 1480 (or whatever your PPPoE MTU is) :



Old MSS mangle fix below (don't use this unless the above method isn't working for you) :


Faster prefix expiry :

IPv6 -> ND -> Prefixes tab -> Default

Set a 2H/1H valid/preferred lifetime for your prefixes :




Firewall Configuration (Security):

Enabling the IPv6 stack means no NAT to protect you and no firewall rules (by default) to prevent someone from hitting your Mikrotik login at ::0 or your devices behind the router. Setup these firewall rules to protect your network.

Replace "ether1_vlan500_UNIFI" with the name of your Unifi PPPoE client interface :


** input chain rules affect traffic heading to ::0 (your router's public IPv6), forward chain rules affect traffic from your clients behind the router

** Updated firewall rules to whitelist DHCPv6 packets

** MTU value tag used rather than iptables6 mangle for TCP MSS fixing

** Lower prefix expiry (30days/7days vs 2hours/1hour) to match Unifi's dynamic IPv6 prefix distribution

This post has been edited by rizvanrp: Oct 21 2013, 08:40 PM

no idea
so far now didn't facing frequent dc issue on 1.06 firmware with disable ipv6
yet, by the time I using 1.01 firmware me also didn't get frequent dc issue
and when using 1.01 firmware can't enable ipv6 config also

Several questions about this:-

1. Did you manage to make the routerOS dialer gets its own /64 prefix? If yes, how did you do it? All I can do is to get a link-local address assigned to the PPPoE interface by TM.

2. For the MSS clamping command, is the command that wkKaY mentioned here works much better? But at least I know now that the minimum I have to go down is 1420. Tried 1432 before and it doesn't work.

3. Have you encountered a bug where, if you recycle your PPPoE connection, which will result of routerOS being reassigned a new /64 prefix, all computers in the network will lose its IPv6 connectivity unless the computers' interface are turned off and on again?

1. Nope, it's getting a link local address then negotiating DHCPv6 over that via its DHCPv6 client. I've only seen the rp-pppoe client manage to negotiate a public IPv6 prefix using ICMPv6 RA's .. that's the client being used in TM's routers anyway. I think Mikrotik is using a modified older version of rp-pppoe or proprietary client.

2. For that MSS clamping command, I simply duplicated the mangle rules created by Mikrotiks default PPP profile (Change TCP MSS - yes) and reduced the MSS size by 20 bytes. I was seeing IPv4 headers at 20 bytes and IPv6 headers at 40 bytes .. so I figured reducing the MSS clamping rule by that difference would be enough to accommodate the larger IPv6 header size.

iptables man page also seems to assume a 20 byte MSS difference :


I'm not sure why you would need to clamp to PMTU specifically as path MTU discovery in IPv6 doesn't operate the same way as it does in IPv4 and assumes the MTU is that of the link layer interface.

3. There seem to be a few bugs in Mikrotik's IPv6 implementation. I noted a GUI/terminal bug in my guide where I wasn't able to use the exported configuration from the Winbox GUI on the terminal. The router had no issues updating its IPv6 address list upon disabling/enabling the PPPoE client interface however I'm not sure how it would behave if the session hung or was disconnected administratively at the BRAS. Router reboots also seem to cause some instability with its ability to obtain a DHCPv6 lease and distribute the /64 to LAN clients. And yeah, I had to constantly bring the client interfaces down and up in order to get it to update the prefixes.

When I was testing it back at the lab in TM, accounts were assigned static /64 prefixes and I did not need to test DHCPv6 as the rp-pppoe client was able to obtain the prefix by itself. I think it should be possible to script the Mikrotik to rectify these issues though.

I'm fairly sure that it is Linux, not rp-pppoe, which does that. If you disable the autoconf sysctl, you will not see any ICMPv6 route solicitations sent.

Oh okay. I had to set 4 additional commands inside the rp-pppoe config to get it to obtain an IPv6 address so I assumed it was rp-pppoe

** My bad, it was pppd's config

This post has been edited by rizvanrp: Oct 18 2013, 10:03 PM

Well in the case of PPPoE, the MTU of the host's link layer is bigger than the router's.

AFAIK there's two ways to handle this - 1) through RA announcements about the smaller MTU (not sure whether this is honored by popular OSes), or 2) MSS clamping (which breaks end-to-end principle). The fallback is PMTU discovery.

I have RN-n16, with latest firmware. I cant get the ipv6 connection.
Did I configure it wrong?