search

tyd / mikrotik-starlink-ipv6

A quick and easy IPv6 configuration for Mikrotik and Starlink
MIT License
13 stars 6 forks source link

ipv6 pool not found starlink-v6 #1

Open bigmalloy opened 1 year ago

bigmalloy commented 1 year ago

Hello

Thanks for the great script, one issue I had was it does not create the required starlink-v6 ipv6 pool so I had to create it manually, I used the settings name: starlink-v6 prefix: ::/56, prefix length: 64 not sure what the correct pool settings are it would be much appreciated if you could update your script to reflect this.

Loving this star link connection!

jinja2ninja commented 7 months ago

This probably indicates that you're unable to get a prefix. I was able to get a v6 address without needing to add a pool. I'd suggest removing all of your v6 settings (addresses, dhcp client, firewall rules, firewall address lists), and running the script again. That was what ended up working for me. You'll know if it worked if you see a prefix under your v6 client settings in webfig

bigmalloy commented 7 months ago

Yes had to alter the script as I have multiple lan interfaces and it would not work properly until I rebooted the router , heres what I changed for multiple lan ports, had to add addresses and alter firewall rules to use in-interface-list, works a treat. Note you will need to add lan interface lists for the below script to work like so

/interface list add name=LAN add name=WAN

/interface list member add interface=ether2 list=LAN add interface=ether4 list=LAN add interface=ether5 list=LAN add interface=ether3 list=LAN add interface=wifi2 list=LAN add interface=wifi1 list=LAN add interface=mikeslan list=LAN add interface=internet list=WAN

:global StarlinkInterface "internet"; :global LANInterfacelist "LAN" :global LANipv61 "mikeslan" :global LANipv62 "ether4" :global LANipv63 "ether5"

/ipv6 settings set accept-redirects=no accept-router-advertisements=yes disable-ipv6=no forward=yes max-neighbor-entries=8192

/ipv6 dhcp-client add add-default-route=no dhcp-options="" dhcp-options="" disabled=no interface="$StarlinkInterface" pool-name=starlink-v6 pool-prefix-length=64 prefix-hint=::/0 rapid-commit=no request=prefix use-interface-duid=yes use-peer-dns=yes :delay 5000ms

/ipv6 address add address=::2/64 advertise=yes disabled=no eui-64=no from-pool=starlink-v6 interface="$LANipv61" no-dad=no add address=::2/64 advertise=yes disabled=no eui-64=no from-pool=starlink-v6 interface="$LANipv62" no-dad=no add address=::2/64 advertise=yes disabled=no eui-64=no from-pool=starlink-v6 interface="$LANipv63" no-dad=no

/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" disabled=no dynamic=no list=bad_ipv6 add address=::1/128 comment="defconf: lo" disabled=no dynamic=no list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" disabled=no dynamic=no list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=no dynamic=no list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" disabled=no dynamic=no list=bad_ipv6 add address=100::/64 comment="defconf: discard only " disabled=no dynamic=no list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" disabled=no dynamic=no list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" disabled=no dynamic=no list=bad_ipv6 add address=[/ipv6/dhcp-client get value-name=dhcp-server-v6 number=internet] disabled=no dynamic=no list=prefix_delegation comment="dhcp6 client server value"

/ipv6 firewall filter add action=accept chain=input dst-port=5678 protocol=udp add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list="!$LANInterfacelist" add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list="!$LANInterfacelist"

/ipv6 nd set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=no dns="" hop-limit=64 interface=all managed-address-configuration=yes mtu=1280 other-configuration=yes ra-delay=3s ra-interval=3m20s-8m20s ra-lifetime=30m ra-preference=medium

/ipv6 nd prefix default

bigmalloy commented 4 months ago

Note updated script as ipv6 firewall address list prefix delegation was breaking it.