IPv6 prefix delegation support comes to PPPoE in RouterOS version v5.10* so for those of you ready to jump onboard this release, here’s my attempt at a best-practice way to set it all up.
IPv6 has been around in RouterOS for a while now, but the specific feature that was introduced is called “DHCPv6 Prefix Delegation” which allows RouterOS to receive a prefix (or a bunch of framed routes if you’re more familiar with that terminology) that it can then distribute out itself.
This means for someone like myself, using IPv6 with my local Internet Service Provider becomes relatively straightforward, with no more need for tunneled IPv6 connections.
How to get it running:
Firstly, ensure your router is running v5.10 or higher* and that the IPv6 package is enabled (under system > packages).
Next, ensure the profile your pppoe connection uses has IPv6 enabled (default or yes).
Once this is done, head to IPv6 > DHCP Client and add a new entry with the following details:
Interface – <your pppoe-client interface>
Pool name – ipv6-pool
Pool prefix length – 64
This will go off and request an IPv6 Prefix Delegation (PD) and should show up like this when done.
This is pretty much all that is required to receive your prefix however if we want to actually use it somewhere, we’ll need to setup a couple more things.
Adding a publically reachable router address:
Simply copy the prefix from your DHCPv6 client, and change the last section to
1/64, allocating your first /64 subnet to a physical port in your network.
An example prefix of: 2001:1111:1111::/48
Now becomes: 2001:1111:1111::1/64
Add this address to your interface of choice (I used my LAN network because it makes it easy to remember my LAN segment too)
Adding a basic firewall to your new public ranges:
Make sure to update the “your-lan-interface” (2 listings) and “your-pppoe-client-interface” (1 listing) to match your local router.
02 | add action=accept chain=input comment="Router - Allow IPv6 ICMP" disabled=no protocol=icmpv6 |
03 | add action=accept chain=input comment="Router - Accept established connections" connection-state=established disabled=no |
04 | add action=accept chain=input comment="Router - Accept related connections" connection-state=related disabled=no |
05 | add action=drop chain=input comment="Router - Drop invalid connections" connection-state=invalid disabled=no |
06 | add action=accept chain=input comment="Router- UDP" disabled=no protocol=udp |
07 | add action=accept chain=input comment="Router - From our LAN" disabled=no in-interface=your-lan-interface |
08 | add action=drop chain=input comment="Router - Drop other traffic" disabled=no |
09 | add action=drop chain=forward comment="LAN - Drop invalid Connections" connection-state=invalid disabled=no |
10 | add action=accept chain=forward comment="LAN - Accept UDP" disabled=no protocol=udp |
11 | add action=accept chain=forward comment="LAN - Accept ICMPv6 " disabled=no protocol=icmpv6 |
12 | add action=accept chain=forward comment="LAN - Accept established Connections" connection-state=established disabled=no |
13 | add action=accept chain=forward comment="LAN - Accept related connections" connection-state=related disabled=no |
14 | add action=accept chain=forward comment="LAN - Internal traffic" disabled=no in-interface=your-lan-interface |
15 | add action=log chain=forward comment="LAN - Log everything else" disabled=no log-prefix="Log IPv6" |
16 | add action=reject chain=forward comment="LAN - Drop everything else" connection-state=new disabled=no in-interface=your-pppoe-client-interface reject-with=icmp-no-route |
And there you have it!
*As of writing this v5.11 is out which fixes a bug with the hotspot that was created in v5.9 I would recommend jumping straight to v5.11.
Title : IPv6 over PPPoE – RouterOS v5.10
Description : IPv6 prefix delegation support comes to PPPoE in RouterOS version v5.10* so for those of you ready to jump onboard this release, here’s my ...
Posted by Unknown on Minggu, 25 Maret 2012 - Rating: 4.5
0 Response to "IPv6 over PPPoE – RouterOS v5.10"
Posting Komentar