April 10, 2017 at 13:49Mikrotik 6to4 automation with dynamic IPv4
- Tutorial
This article will be useful for those who want to experience IPv6 using the 6to4 encapsulation protocol, but with dynamic IPv4.
First of all, check if you have the opportunity to use the public 6to4 gateway, we ping it at the address: 192.88.99.1. If ping goes, read on.
So, for starters, you need to install the IPv6 support module (download Extra packages for your device from the site ). We take out ipv6 - *. Npk from the archive and upload it to the router, then restart it.
Now you have IPv6 support, note that firewall rules for it must be done separately.
Next, we create a special “6to4 Tunnel” interface, put the address of the public gateway in Remote Adress, and our current public IPv4 address in Local Adress (or “make mistakes” in the address so that the script would configure everything by itself).
In routing, you need to configure the tunnel interface as the default gateway (to the address :: / 0).
Now we can check if there is ping before anything from IPv6 (for example ipv6.google.com)
If there are pings, then go ahead :
In the script, you need to set the variables that are responsible for the interfaces that we configure:
Running the script, we get a configured tunnel and a local interface with the / 64 prefix.
Now add this script to the scheduler (I run it every 5 minutes), and when changing external IPv4, with a slight delay, 6to4 will be reconfigured.
Clients receive IPv6 using SLAAC, and there is no way to set the DNS and gateway (Win clients receive only a gateway through RA). Mikrotik has DHCPv6, but there is still little sense from it (it has not been fully completed).
To support DNS in Mikrotik we set up well-known public servers (for example, 2620: 0: ccc :: 2 and 2620: 0: ccd :: 2), clients can configure the link local Mikrotik address.
Mikrotik IPv6
First of all, check if you have the opportunity to use the public 6to4 gateway, we ping it at the address: 192.88.99.1. If ping goes, read on.
So, for starters, you need to install the IPv6 support module (download Extra packages for your device from the site ). We take out ipv6 - *. Npk from the archive and upload it to the router, then restart it.
Now you have IPv6 support, note that firewall rules for it must be done separately.
6to4 setup
Next, we create a special “6to4 Tunnel” interface, put the address of the public gateway in Remote Adress, and our current public IPv4 address in Local Adress (or “make mistakes” in the address so that the script would configure everything by itself).
In routing, you need to configure the tunnel interface as the default gateway (to the address :: / 0).
Now we can check if there is ping before anything from IPv6 (for example ipv6.google.com)
If there are pings, then go ahead :
Auto Tuning Script
##############Script Settings##################
:local EXTif "ext"
:local TUNif "6to4tun"
:local LOCif "local"
###############################################
:local EXTipv4 [/ip address get [find interface=$EXTif] address];
:local TUNipv4 [/interface 6to4 get [find name=$TUNif] local-address];
:for i from=( [:len $EXTipv4] - 1) to=0 do={
:if ( [:pick $EXTipv4 $i] = "/") do={
:set $EXTipv4 ([:pick $EXTipv4 0 $i]);
}
}
:global dec2hex do={
:local hex ""
:local dec [:tonum $1]
:for i from=0 to=4 step=4 do={
:set hex ([:pick "0123456789ABCDEF" (($dec>>$i)&0xf) ((($dec>>$i)&0xf)+1)].$hex)
}
:return ([:tostr $hex])
}
:local 6to4prefix do={
:global dec2hex
:local oct
:local ipv6 "2002:"
:local tmp 0
:local c 0
:local ipv4 $1
:for i from=0 to=( [:len $ipv4] - 1) do={
:if ( [:pick $ipv4 $i] = "." || [:pick $ipv4 $i] = "/") do={
:set oct ([:pick $ipv4 $tmp $i])
:set tmp ($i+1)
:set ipv6 ("$ipv6".[$dec2hex $oct])
:if ( c =1 || c =3) do={
:set ipv6 ("$ipv6".":")
}
:set c (c+1)
}
}
:return ($ipv6)
}
:if ( $TUNipv4 != $EXTipv4 ) do={
/interface 6to4 set [find name=$TUNif] local-address=$EXTipv4
/ipv6 address remove [find interface=$TUNif]
/ipv6 address remove [find interface=$LOCif]
:local ipv6new [$6to4prefix ($EXTipv4."/")]
:log info ($ipv6new)
/ipv6 address add interface=$TUNif advertise=no address=("$ipv6new".":1/48")
/ipv6 address add interface=$LOCif advertise=yes address=("$ipv6new".":1/64")
}
In the script, you need to set the variables that are responsible for the interfaces that we configure:
- EXTif - external interface
- TUNif - tunnel interface
- LOCif - local interface
Running the script, we get a configured tunnel and a local interface with the / 64 prefix.
Now add this script to the scheduler (I run it every 5 minutes), and when changing external IPv4, with a slight delay, 6to4 will be reconfigured.
What difficulties await you?
Clients receive IPv6 using SLAAC, and there is no way to set the DNS and gateway (Win clients receive only a gateway through RA). Mikrotik has DHCPv6, but there is still little sense from it (it has not been fully completed).
To support DNS in Mikrotik we set up well-known public servers (for example, 2620: 0: ccc :: 2 and 2620: 0: ccd :: 2), clients can configure the link local Mikrotik address.