I've been investigating the MTU issue more closely now that I have IPv6 working at home.

I think it's a problem specific to Mikrotik. MTU for the PPPoE interface is set to 1480 by default. So if you use clamp values that you found through googling, they might not work if calculated to assume an MTU of 1492.

Further compounding the problem, it appears that a ICMPv6 Packet Too Big isn't sent back to the host in this case.

In my opinion, the best solution on the Mikrotik is to set your IPv6 -> ND -> MTU advertisment to match your PPPoE interface MTU. Doing it this way is less hackish than writing mangle rules for the router to change the TCP MSS. Furthermore the MTU hint will be usable by protocols other than TCP.

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:36 AM

Yes, I wanted to suggest the same as it is more efficient. I've tried matching the MTU advertisement to the pppoe line's MTU (in my case 1492) and it works. I wonder what about the 60 bytes overhead deduction that the linked blog on MSS suggested. 1492 works fine for me. Clamping MSS is a work-around and technically not the solution. As a fail-safe approach, start setting your MTU advertisement to the min value of 1280 and slowly increase from there.

A more conclusive way to test whether your MTU setting works is to use the "Other IPv6 Sites" tab on http://test-ipv6.com/ after successfully running the initial test. This should properly test your MTU against many different servers located all around the world using IPv6. Don't be alarm if you get a grey-bluish dot, as some servers might be down occasionally but you should be getting green ticks otherwise:



By the way, when will lowyat.net's IPv6 connection be up? I am starting to miss those IPv6 tags already.

Your primary router is the device that performs the pppoe connection through your modem. Is that Microtik switch performing the internet connection? Not familiar with that Microtik device as it sounds like just a switch? Anyway, if your Linksys connects to your Microtik via Linksys's WAN port, then yes.

True, it does depend on the websites you use. I personally find google dns much faster compared to open dns. If you want to give priority to local servers, use TM for primary dns and google for secondary dns.

It is indeed a typo. Key "i" and "o" are next to each other on the keyboard. I guess the person who put together that ipv6 guide was pressed for time.

You need to update your firmware.

This post has been edited by Alpha Wolf: Oct 21 2013, 07:34 AM


Attached thumbnail(s)

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:36 AM

Like I've mentioned, use wayback machine. Latest snapshot January 2013. I thought his site was down far back than this?
http://web.archive.org/web/20130118122637/...tik_rb250gs.php

Looks like it's just a switch indeed. Dial up is performed by your modem. Which modem are you using?

This post has been edited by Alpha Wolf: Oct 21 2013, 07:12 AM

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:37 AM

Yeah, for some reason dual wan cannot be enabled in fw 1.01.

Did you also see the bug I mentioned in point no.3 I mentioned here?

BTW, setting the MTU in ND do work.

any idea how to downgrade to 1.01 firmware ?

Agreed, the mangle rules have an additional disadvantage of using more resources on the router. Setting the MTU flag in the RAs seems to work

My only remaining issue is getting rid of the expired v6 prefixes once the session is killed. My home server interface currently looks like this.. :

how to enable IPv6 on Unifi DIR-615 with DD-WRT firmware?

You need to get a copy of the 1.01 firmware first, where DellMalaysia has requested through an email awaiting reply from TM. This is also the reason why I am in search for that firmware.


I was having the same issue with RA clients preferring the older prefixes over the newer ones, thus accumulating a long list of v6 addresses. For wireless devices, his can be fixed by disconnecting and reconnecting to the network. But this can be troublesome. The solution is to shorten the lifetime these prefixes remained preferred in the RA deamon. Most ISP provide static prefixes as v6 prefixes are meant to be static in general, hence why RA deamons have it set to 1 day or more. For some reason, TM is handing out dynamic prefixes. If your router uses radvd like mine for RAs, you can configure this in the config file within the prefix section:

Otherwise, look for settings related to the time advertised prefixes remain valid.


Just when I was about to wonder if anyone else was using DD-WRT with IPv6... I guess technically none yet?

Incidentally, I've spent the last few days relentlessly sorting out and getting IPv6 connection working with DD-WRT. It was an IPv6 learning experience for me too as I was completely new to IPv6. I finally have my Asus RT-N66U running on DD-WRT fully working with Unifi's native IPv6 along side 500 and 600 vlan tagging.

Currently DD-WRT has less support for IPv6 compared to other custom firmwares like Tomato and OpenWRT, at least this is according to the web interface of DD-WRT, most of which needs to be manually configure using the command line interface and script files. But being well accustomed to DD-WRT and its extensive features, I wanted this to work. Only the big builds have IPv6 modules included, but with optware and ipkg and lots of patience, it's fully possible.

In short, here are the applications I am using:
1) rdisc6 to get ICMPv6 from ISP for the WAN interface.
2) DHCPv6 client to get v6 prefix from ISP.
3) and finally radvd to advertise that obtained prefix out to clients.

I also added and configured ip6tables for the v6 firewall.

Here are more details on my setup. Note this is a custom web interface page I included using the MyPage feature of DD-WRT for debugging and status purposes. So far it's been running really stable. No point in masking my IP addresses since they are dynamic plus I run a server.


This post has been edited by Alpha Wolf: Oct 21 2013, 08:17 PM


Attached thumbnail(s)

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:37 AM

Adjustable in IPv6 -> ND -> Prefixes -> Default for RouterOS

No Unifi at my site so maybe someone else with a Mikrotik can test if it works

On Windows (vista/7) a quick disable and enable on the ethernet adapter gets rid of the old prefix.

This post has been edited by Eoma: Oct 21 2013, 07:29 PM

This post has been edited by Moogle Stiltzkin: Jul 15 2017, 10:37 AM

Not for the first time, if you redial, it seems the old prefix is not removed.
I initially thought it was due to the half baked TP Link firmware, but it seems others are experiencing the same thing too.

I have set lowered it from 30d/1w to 2h/1h for Valid/Preferred. Confirmed on Linux that the new lifetimes have taken effect.

In RFC 4862 section 5.5.3, it is recommended that hosts ignore AdvValidLifetime < 2 hours, to avoid a denial of service attack from bogus advertisements. So I think you should raise that to 2 hours.

Good point, I read about that too. I will have it adjusted. The default settings for radvd is 1 day valid and 4 hours preferred.

This post has been edited by Alpha Wolf: Oct 21 2013, 08:18 PM