My ISP (Unifi by Telekom Malaysia) support native IPv6 via PPPoE
IPv6 come with two set of address:
- PPPoE Interface IPv6 Address (Router own WAN Address)
- LAN Prefixes
As usual Mikrotik, using DHCPv6 to acquire LAN Prefixes, but for ISP I am using, DHCPv6 cannot work when:
Request: 🟩 info, ✅ address, ✅ prefix
I had to do this to get LAN Prefixes:
Request: 🟩 info, 🟩 address, ✅ prefix
When do that, I will lose Router own WAN IPv6, take note that address at bridge interface is not meant for Router use, the WAN traffic come to that address will push to LAN
Mitigate
To mitigate this, ISP using RA (Router Advertisement) from PPPoE Client Interface, by default Mikrotik reject RA from ISP so need to allow RA from ISP:
Once do that, need to reboot, but first, do this:
Set PPPoE Client Interface “Default Route Distance” to 4
Then, set DHCPv6 Client “Default Route Distance” to 5 or higher then pppoe-out1
Reboot
Once you set all that, proceed to reboot the Mikrotik from WinBox
Verify
Once complete and PPPoE connected, you will get proper pppoe-out1 IPv6 that Router can use for NPT-v6/NAT66
With this, can use IPv6 NAT Firewall to accept incoming traffic just like typical IPv4 Port Forward via ULA prefix
NOTE: you cannot use Link-Local Address (fe80::/10) to NAT, Operating System block routable of this prefix