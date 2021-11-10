Geekzone: technology news, blogs, forums
GinjaNinjaNZ

#290418 10-Nov-2021 14:10
Hi all,

 

My EdgeRouter X is playing up so trying to set up a MikroTik hEX X to replace it.

I have it almost set up but not quite. I can create a PPPoE connection to 2degrees, and can even resolve DNS, but can't ping or load websites.

 

Here's some screenshots of router config:

 

https://imgur.com/a/rHpWdKd

 


1) VLAN interface

 

2) PPPoE connection

 

3) Pingplotter screenshot showing DNS resolution

 

4) System tray showing Windows believing it has a connection

If there's further information that would be helpful I'm perfectly happy to supply it

RunningMan
  #2810472 10-Nov-2021 14:16
Default firewall config probably has ether1 as the WAN interface. That may need to be updated to be your PPPoE interface instead.

mentalinc
  #2810478 10-Nov-2021 14:29
@michealmurphy 




GinjaNinjaNZ

  #2810482 10-Nov-2021 14:38
haha, yep, that was it, figured it'd probably be something simple tucked away somewhere I hadn't thought of looking, thank you so much!

 



toejam316
  #2819018 25-Nov-2021 10:02
Just FYI, you'll have a better time using Winbox over Webfig.




RunningMan
  #2819047 25-Nov-2021 11:09
Only if you want to use Windows that is.

toejam316
  #2819165 25-Nov-2021 13:20
RunningMan:

 

Only if you want to use Windows that is.

 

 

I've seen Winbox working A-OK under Mac OS X and on Linux using WINE without issue.




BlackHand
  #2819170 25-Nov-2021 13:30
I've been using this without any issue : https://github.com/nrlquaker/winbox-mac

 

 



MadEngineer
  #2819190 25-Nov-2021 14:21
Can confirm it works cross platform under wine. Mikrotik have done work to ensure this.




cyril7
  #2819194 25-Nov-2021 14:27
pppffftt the cli on MT is fine, works on anything

 

BlackHand
  #2820639 28-Nov-2021 14:36
Anyone able to share the steps/settings to get IPV6 working, my dhcpv6-client is stuck on searching....

 

 0    interface=2degrees VLAN status=searching... duid="0x000....." 
      dhcp-server-v6=:: request=prefix add-default-route=yes 
      default-route-distance=1 use-peer-dns=no dhcp-options="" 
      pool-name="2degrees-ipv6" pool-prefix-length=56 prefix-hint=::/0 
      dhcp-options="" 

 

 

 

 

 

 

aseni
  #2820642 28-Nov-2021 15:21
Send private message

 

/ipv6 dhcp-client
add add-default-route=yes interface=pppoe pool-name=pppoe request=prefix \
    use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="DHCPv6 client" dst-port=546 \
    in-interface=pppoe protocol=udp src-port=547

 

MadEngineer
  #2820646 28-Nov-2021 15:49
^ the default IPv6 firewall rules will already have that rule, albeit not restricted to the WAN:

 


/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/16
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall raw
add action=drop chain=prerouting comment=bad_ipv6 src-address-list=bad_ipv6

 

(note that I've moved the bad_ipv6 address filter to raw)

 

Also I request both address and prefix on the dhcp client




aseni
  #2820648 28-Nov-2021 16:20
MadEngineer:

 

Also I request both address and prefix on the dhcp client

 

 

That's interesting... I always got the DHCP request ignored when I tried requesting both address and prefix.

BlackHand
  #2820762 28-Nov-2021 21:29
Thanks I've tried the suggestions above, same issue still (do I need to change anything in pool, nd, etc..) ?
I've tried both 64 and 56 prefix length, i'm pretty sure it needs to be 56 for 2degrees?

 

 

 

 

 

 

> /ipv6/ export

 


 

/ipv6 dhcp-client

 

add add-default-route=yes interface=2degrees-pppoe pool-name=2degrees-ipv6 pool-prefix-length=56 request=prefix use-peer-dns=no

 

/ipv6 firewall address-list

 

add address=::/128 comment="defconf: unspecified address" list=bad_ipv6

 

add address=::1/128 comment="defconf: lo" list=bad_ipv6

 

add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6

 

add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6

 

add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6

 

add address=100::/64 comment="defconf: discard only " list=bad_ipv6

 

add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6

 

add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6

 

add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6

 

add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6

 

add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6

 

add address=::/104 comment="defconf: other" list=bad_ipv6

 

add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6

 

/ipv6 firewall filter

 

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

 

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

 

add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6

 

add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp

 

add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16

 

add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

 

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

 

add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6

 

add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6

 

add action=accept chain=forward comment="defconf: accept HIP" protocol=139

 

add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp

 

add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah

 

add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp

 

add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec

 

/ipv6 firewall raw

 

add action=drop chain=prerouting comment=bad_ipv6 src-address-list=bad_ipv6

 

/ipv6 settings

 

set max-neighbor-entries=8192

 

 

 

