Mikrotik 6to4 automation with dynamic IPv4
This article will be useful to those who want to experience IPv6 using 6to4 encapsulation protocol, but with dynamic IPv4.
First of all, let's check if you have the opportunity to use the public 6to4 gateway, ping it to the address: 192.88.99.1. If ping goes, read on.
So, first of all, you need to install an IPv6 support module (download Extra packages for your device from the site ). From the archive we take out ipv6 - *. Npk and upload it to the router, then restart it.
Now you have IPv6 support, please note that the firewall rules for it need to be done separately.
')
Next, we create a special interface “6to4 Tunnel”, in the Remote Adress we put the address of the public gateway, in Local Adress our current public IPv4 address (or “wrong” in the address, so that the script would configure everything itself).
In routing, you need to configure the tunnel interface as the default gateway (before the address :: / 0).
Now we can check if there is a ping to anything from IPv6 (for example ipv6.google.com)
If there is a ping, then go further:
In the script, you need to set variables that are responsible for the interfaces that we set up:
By running the script, we get the configured tunnel and the local interface with the / 64 prefix.
Now we will add this script to the scheduler (I run every 5 minutes), and when changing the external IPv4, with a small delay, 6to4 will be reconfigured.
Clients get IPv6 using SLAAC, and there is no way to set the DNS and gateway (Win clients get only the gateway through RA). In Mikrotik, there is DHCPv6, but there is still little sense from it (it is not fully completed).
In order to support DNS in Mikrotik itself, we set up well-known public servers (for example, 2620: 0: ccc :: 2 and 2620: 0: ccd :: 2), customers can set up a link local Mikrotik address.
Mikrotik IPv6
First of all, let's check if you have the opportunity to use the public 6to4 gateway, ping it to the address: 192.88.99.1. If ping goes, read on.
So, first of all, you need to install an IPv6 support module (download Extra packages for your device from the site ). From the archive we take out ipv6 - *. Npk and upload it to the router, then restart it.
Now you have IPv6 support, please note that the firewall rules for it need to be done separately.
')
6to4 setup
Next, we create a special interface “6to4 Tunnel”, in the Remote Adress we put the address of the public gateway, in Local Adress our current public IPv4 address (or “wrong” in the address, so that the script would configure everything itself).
In routing, you need to configure the tunnel interface as the default gateway (before the address :: / 0).
Now we can check if there is a ping to anything from IPv6 (for example ipv6.google.com)
If there is a ping, then go further:
Autotune script
##############Script Settings################## :local EXTif "ext" :local TUNif "6to4tun" :local LOCif "local" ############################################### :local EXTipv4 [/ip address get [find interface=$EXTif] address]; :local TUNipv4 [/interface 6to4 get [find name=$TUNif] local-address]; :for i from=( [:len $EXTipv4] - 1) to=0 do={ :if ( [:pick $EXTipv4 $i] = "/") do={ :set $EXTipv4 ([:pick $EXTipv4 0 $i]); } } :global dec2hex do={ :local hex "" :local dec [:tonum $1] :for i from=0 to=4 step=4 do={ :set hex ([:pick "0123456789ABCDEF" (($dec>>$i)&0xf) ((($dec>>$i)&0xf)+1)].$hex) } :return ([:tostr $hex]) } :local 6to4prefix do={ :global dec2hex :local oct :local ipv6 "2002:" :local tmp 0 :local c 0 :local ipv4 $1 :for i from=0 to=( [:len $ipv4] - 1) do={ :if ( [:pick $ipv4 $i] = "." || [:pick $ipv4 $i] = "/") do={ :set oct ([:pick $ipv4 $tmp $i]) :set tmp ($i+1) :set ipv6 ("$ipv6".[$dec2hex $oct]) :if ( c =1 || c =3) do={ :set ipv6 ("$ipv6".":") } :set c (c+1) } } :return ($ipv6) } :if ( $TUNipv4 != $EXTipv4 ) do={ /interface 6to4 set [find name=$TUNif] local-address=$EXTipv4 /ipv6 address remove [find interface=$TUNif] /ipv6 address remove [find interface=$LOCif] :local ipv6new [$6to4prefix ($EXTipv4."/")] :log info ($ipv6new) /ipv6 address add interface=$TUNif advertise=no address=("$ipv6new".":1/48") /ipv6 address add interface=$LOCif advertise=yes address=("$ipv6new".":1/64") } In the script, you need to set variables that are responsible for the interfaces that we set up:
- EXTif - external interface
- TUNif - Tunnel Interface
- LOCif - local interface
By running the script, we get the configured tunnel and the local interface with the / 64 prefix.
Now we will add this script to the scheduler (I run every 5 minutes), and when changing the external IPv4, with a small delay, 6to4 will be reconfigured.
What difficulties await you?
Clients get IPv6 using SLAAC, and there is no way to set the DNS and gateway (Win clients get only the gateway through RA). In Mikrotik, there is DHCPv6, but there is still little sense from it (it is not fully completed).
In order to support DNS in Mikrotik itself, we set up well-known public servers (for example, 2620: 0: ccc :: 2 and 2620: 0: ccd :: 2), customers can set up a link local Mikrotik address.
Source: https://habr.com/ru/post/326076/
All Articles