How to Set a Public IPv6 /64 on a 6to4 Tunnel in MikroTik

If you are looking for a way to Set a Public IPv6 /64 on a 6to4 Tunnel in MikroTik, read this guide through!

IPv6 offers a larger address space and better network efficiency than IPv4, but the transition is difficult. 6to4 tunnels interconnect IPv6 and IPv4 networks to access IPv6 content even when there is no native support. This guide illustrates the configuration of a /64 public IPv6 address using a 6to4 tunnel on a MikroTik route. It provides the necessary configurations, commands, and considerations for a successful setup.

Configure Public IPv6 on a 6to4 Tunnel in MikroTik

Here is how to set up Public IPv6 on a 6to4 tunnel on a Mikrotik router:

1- Setup process at Hurricane Electric (HE) Tunnelbroker.net

• Register with Hurricane Electric Tunnel Broker.
• Sign up on Hurricane Electric’s Tunnel Broker website (https://www.tunnelbroker.net/)/
• Set up a new tunnel.

You will need to provide your public IPv4 address as the IPv4 Endpoint. If you do not know your public IP, look at a site such as whatismyip.com to find out.

• Choose a server closest to your geographical area.

You can find the best options on our website! Check it out.

• Once your tunnel has been established, Hurricane Electric will supply you with the IPv6 configuration details.

These will include your client IPv6 address, Server IPv6 address, and routed /64 IPv6 prefix.

• You will need to set up a 6to4 tunnel interface, add an IPv6 route, and give the tunnel interface an IP address.
• Set the IPv6 address for your LAN interface.

• Turn on the router advertisement feature and input your IPv6 prefix.

• Establish an IPv6-inIPv4 tunnel.
• Specify the tunnel mode as IPv6-in-IPv4, then specify the IPv6 address and remote gateway.

• Add a static route to route the IPv6 address to Hurricane Electric. Set the destination IP to:: with prefix length 0, and set the interface to the IPv6-inIPv5 tunnel.

2- MikroTik Configuration

• Log in to your MiktoTikrouter through Winbox or SSH and add a new 6to4 tunnel interface:

/interface 6to4 add name=sit1 local-address=YOUR_PUBLIC_IPV4_ADDRESS mtu=1280 remote-address=REMOTE_IPV4_ADDRESS

• Replace YOUR_PUBLIC_IPV4_ADDRESS with your public IPv4 address and REMOTE_IPV4_ADDRESS with the IPv4 address of the Hurricane Electric tunnel endpoint in your Tunnel Broker Account.
• Assign an IPv6 address to the tunnel interface by placing 2002::/16 as a prefix and using the hexadecimal representation of your public IPv4 address.

/ipv6 address add address=2002:YOUR_IPV4_IN_HEX::2/64 advertise=no interface=sit1

• For example, if your public IPv4 address is 192.02.1, the hexadecimal representation will be C000:0201, and will be assigned as follows:

/ipv6 address add address=2002:C000:0201::2/64 advertise=no interface=sit1

• Establish a 6to4 tunnel route:

/ipv6 route add dst-address=2000::/3 gateway=sit1

• To enable your internal network to be addressed by IPv6, assign the routed /64 prefix to your local interface (such as bridge-local) and substitute 2001:470:XXXX: XXXX with the routed prefix received from Hurricane Electric.

/ipv6 address add address=2001:470:XXXX:XXXX::1/64 interface=bridge-local advertise=yes

• Allow DNS server advertisement using network discovery:

/ipv6 nd set [find default=yes] advertise-dns=yes

• Verify the configuration by pinging an external IPv4 address:

/ping 2001:4860:4860::8888

3- Dynamic IP Automation

This automation uses two small scripts. Even though the MikroTik scripting language is non-standard, it is highly readable and well-embedded into the device. The code includes a REST API and a few configuration commands:

• Replace the YOUR_* placeholders with values from HE and your MikroTik configuration:

:local HEtunnelinterface "sit1" ; #YOUR 6to4 interface name
:local HEtunnelid "YOUR_TUNNEL_ID" ; #HE Tunnel ID (number)
:local HEuserid "YOUR_HE_USERID" ; #HE Username
:local HEUpdatekey "YOUR_HE_UPDATE_KEY" ; #HE Update Key
:local WANinterface "WAN" ; #Your WAN interface name
:local WANipv4addr [/ip address get [/ip address find interface=$WANinterface] address];
:set WANipv4addr [:pick [:tostr $WANipv4addr] 0 [:find [:tostr $WANipv4addr] "/"]];

/interface 6to4 {
:if ([get ($HEtunnelinterface) local-address] != $WANipv4addr) do={
:log info ("Updating " . $HEtunnelinterface . " local-address with new IP " . $WANipv4addr ."...");
set ($HEtunnelinterface) local-address=$WANipv4addr;

:local fetchurl ("https://" . $HEuserid . ":" . $HEUpdatekey . "@ipv4.tunnelbroker.net/nic/update?ipv4b=" . $WANipv4addr . "&hostname=" . $HEtunnelid);
/tool ??fetch mode=https url=$fetchurl dst-path=update.txt;
:local htmlcontent [/file get update.txt contents];
/file remove update.txt;
:log info ("Tunnelbroker update resp: " . $htmlcontent);
}
}

• The script retrieves your latest WAN IP, checks if it is equal to the 6to4 local address, and updates both interfaces and HE when a change occurs. It then uses the HE API to report the change.
• To execute the script with a scheduled execution when the tunnel is not, use the MikroTik scheduler:

/system scheduler add name=he-tunnel-update interval=5m start-time=startup on-event=your-script-name

• your-script-name is the name you assigned your script in / system script.

Conclusion

By following the instructions in this guide, you can successfully configure a /64 public IPv6 on 6to4 tunnel, on your MikroTik router. This configuration provides your network with the capability of IPv6 connectivity, allowing devices to access IPv6-based services and resulting in a more future-proofed network infrastructure. Although 6to4 tunnels offer a convenient transition solution, be aware of their shortcomings, such as potential performance impact and reliance upon the 6to4 relay infrastructure. Ensure your network setup is under periodic review and remain aware of best practices for IPv6 deployment to have optimal performance and security.