I've recently migrated my setup from RB4011 to CCR2004, most things went smoothly except I couldn't get the new DDNS to work with IPv6 anymore, it seems to think I have no IPv6 connectivity.
I am able to ping Google's DNS from RouterOS:
But RouterOS DDNS update is only giving me IPv4 address:
(Already tried toggling DDNS off and on then force update, no dice.)
My configuration (as much as comparable) was working ok on RB4011, so I'm a bit lost as to what I'm missing.
The only difference is that CCR2004 is on 7.14, but so far I haven't seen any reports of IPv6 not working on this version, so I believe this is more of a me-problem.
Any idea what I did wrong here? Thanks in advance!
Here are the IPv6 routes currently present:
And the rest of the IPv6 configuration - I believe the ula addresses shouldn't interfere with DDNS but happy to be proven wrong.
I am able to ping Google's DNS from RouterOS:
Code:
> ping address=2001:4860:4860::8844 src-address=2a01:zzzz:87bd:9b0d:: SEQ HOST SIZE TTL TIME STATUS 0 2001:4860:4860::8844 56 252 487us echo reply 1 2001:4860:4860::8844 56 252 472us echo reply 2 2001:4860:4860::8844 56 252 469us echo reply 3 2001:4860:4860::8844 56 252 466us echo reply 4 2001:4860:4860::8844 56 252 486us echo reply 5 2001:4860:4860::8844 56 252 464us echo reply 6 2001:4860:4860::8844 56 252 459us echo reply sent=7 received=7 packet-loss=0% min-rtt=459us avg-rtt=471us max-rtt=487usBut RouterOS DDNS update is only giving me IPv4 address:
(Already tried toggling DDNS off and on then force update, no dice.)
Code:
> /ip/cloud/print ddns-enabled: yes ddns-update-interval: 10m update-time: yes public-address: 88.zzz.zzz.74 dns-name: zzzzzzzzzzzz.sn.mynetname.net status: updatedMy configuration (as much as comparable) was working ok on RB4011, so I'm a bit lost as to what I'm missing.
The only difference is that CCR2004 is on 7.14, but so far I haven't seen any reports of IPv6 not working on this version, so I believe this is more of a me-problem.
Any idea what I did wrong here? Thanks in advance!
Here are the IPv6 routes currently present:
Code:
/ipv6/route/printFlags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP; + - ECMPColumns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCEDAd+ ::/0 fe80::6208:10ff:feb9:ebfb%sfp28-1 1DAd+ ::/0 fe80::6208:10ff:feb9:ebfb%sfp28-1 1DAc ::1/128 lo 0DAd 2a01:zzzz:87bd:9b00::/56 1DAc 2a01:zzzz:87bd:9b0b::/64 bridge-uk-172 0DAc 2a01:zzzz:87bd:9b0c::/64 bridge-uk-254 0DAc 2a01:zzzz:87bd:9b0d::/64 bridge-uk-10 0DAc 2a01:zzzz:87bd:9b0e::/64 bridge-uk-253 0DAc 2a01:zzzz:acf8:a67f:f381:787b:643:492b/128 sfp28-1 0DAc fc00:0:0:216::/64 back-to-home-vpn 0DAc+ fdfd::/64 bridge-uk-10 0DAc+ fdfd::/64 bridge-uk-10 0DAc+ fdfd:0:0:a00::/64 bridge-uk-10 0DAc+ fdfd:0:0:a00::/64 bridge-uk-10 0DAc+ fdfd:0:0:ac00::/64 bridge-uk-172 0DAc+ fdfd:0:0:ac00::/64 bridge-uk-172 0DAc+ fdfd:0:0:fd00::/64 bridge-uk-253 0DAc+ fdfd:0:0:fd00::/64 bridge-uk-253 0DAc+ fdfd:0:0:fe00::/64 bridge-uk-254 0DAc+ fdfd:0:0:fe00::/64 bridge-uk-254 0DAc fe80::%sfp28-1/64 sfp28-1 0DAc fe80::%bridge-uk-10/64 bridge-uk-10 0DAc fe80::%bridge-uk-172/64 bridge-uk-172 0DAc fe80::%bridge-uk-253/64 bridge-uk-253 0DAc fe80::%bridge-uk-254/64 bridge-uk-254 0DAc fe80::%wg-tunnel/64 wg-tunnel 0DAc fe80::%wireguard1/64 wireguard1 0DAc fe80::%back-to-home-vpn/64 back-to-home-vpn 0And the rest of the IPv6 configuration - I believe the ula addresses shouldn't interfere with DDNS but happy to be proven wrong.
Code:
/ipv6 pooladd name=ula-fdfd-10 prefix=fdfd:0:0:a00::/56 prefix-length=64add name=ula-fdfd-0 prefix=fdfd::/56 prefix-length=64add name=ula-fdfd-172 prefix=fdfd:0:0:ac00::/56 prefix-length=64add name=ula-fdfd-253 prefix=fdfd:0:0:fd00::/56 prefix-length=64add name=ula-fdfd-254 prefix=fdfd:0:0:fe00::/56 prefix-length=64/ipv6 addressadd from-pool=isp interface=bridge-uk-10add from-pool=isp interface=bridge-uk-172add from-pool=isp interface=bridge-uk-254add from-pool=isp interface=bridge-uk-253add address=::1 advertise=no from-pool=ula-fdfd-0 interface=bridge-uk-10add from-pool=ula-fdfd-10 interface=bridge-uk-10add from-pool=ula-fdfd-172 interface=bridge-uk-172add from-pool=ula-fdfd-253 interface=bridge-uk-253add from-pool=ula-fdfd-254 interface=bridge-uk-254/ipv6 dhcp-clientadd add-default-route=yes interface=sfp28-1 pool-name=isp request=\ address,prefix use-interface-duid=yes use-peer-dns=no/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6add address=zzzzzzzzzzzz.sn.mynetname.net list=wan-ip/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=drop chain=forward comment=\ "Deny from Untrusted Bridges to Local Bridges" in-interface-list=\ bridges-untrusted out-interface-list=bridges-alladd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=input comment=WireGuard dst-port=13231,13232 \ in-interface-list=wan protocol=udpadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !localadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="web ingress" dst-port=80,443 \ in-interface-list=wan protocol=tcpadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !local/ipv6 firewall natadd action=dst-nat chain=dstnat comment="Allow GW to front IPv6 Ingress" \ dst-address-list=wan-ip dst-port=80,443 protocol=tcp to-address=\ fdfd::aaaa:bbbb:cccc:dddd/128/ipv6 ndset [ find default=yes ] advertise-dns=no disabled=yes dns=\ 2001:4860:4860::8888,2001:4860:4860::8844add dns=fdfd::1 hop-limit=64 interface=bridge-uk-10 \ managed-address-configuration=yes ra-interval=20s-10madd dns=fdfd::1 hop-limit=64 interface=bridge-uk-172 ra-interval=20s-10madd dns=fdfd::1 hop-limit=64 interface=bridge-uk-253 ra-interval=20s-10madd dns=fdfd::1 hop-limit=64 interface=bridge-uk-254 ra-interval=20s-10mStatistics: Posted by burnduck — Sat Mar 09, 2024 9:53 am