Press "Enter" to skip to content

Second IPv6 Subnet via Mikrotik ROS 7 using NAT

Published 12th May 2022 by anime4000

If your ISP giving you only /64 IPv6 address, you cannot have second IPv6 subnet, however, Mikrotik ROS 7 has IPv6 NAT support, this way you can create another subnet that support IPv6 without needing IPv6 Tunnel

IPv6 NAT is more like existing IPv4 NAT, you don’t have P2P function unless Port Forward…

In this example, ether2 as second LAN and removed from bridge member

IPv6 Pool

Navigate IPv6 ➡ Pool

Name: ula-ether2
Prefix: 2000::/64
Prefix Length: 64

I choose 2000::/64 because this address is unreachable, enough to fool Windows this is an real address. Windows and browser refuse to use ULA space fc00::/7, this very reasons we need break IANA IPv6 rules

IPv6 Address

Navigate IPv6 ➡ Address ➡ ➕

Address: ::/64
From Pool: ula-ether2
Interface: ether2
[ ] EUI64
[✔] Advertise
[ ] No DAD

IPv6 Masquerade

Navigate IPv6 ➡ Firewall ➡ NAT ➡ ➕

[General]
Chain: srcnat
Src. Address: 2000::/64
Out. Interface List: WAN

[Advanced]
IPsec Policy: out : none

[Action]
Action: masquerade

Take note on Src. Address, without it, all your main subnet also going to be NAT!

This masquerade must be on the top!

Test

Plug PC into ether2 or Connect your Local Bridge SoftEther VPN

Your Public IP and IP from Windows is different, like IPv4, this is how IPv6 NAT do

Published in Networking

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.