Setup Route64
Create IPv6 WireGuard tunnel
- Login to Route64 manager.
- Go to IPv6 Tunnelbroker, and Add new tunnelbroker.
- Choose your nearest PoP on Interface dropbox.
- On Tunnel type dropbox, choose Wireguard4.
- Enter your IP address on Remote endpoint.
- Click Create Tunnelbroker Service.
Get WireGuard configuration
- Go to IPv6 Tunnelbroker, and List all tunnels.
- On your tunnel, click the meatballs menu icon and click Show Config.
The WireGuard configuration will show like this:
|
|
Get IPv6 subnet
The IPv6 subnet is the one that you will assign on your devices connected to the router.
- Go to IPv6 Tunnelbroker, and List IP subnets.
- On your tunnel, the subnet will appear, in this case it is
2a11:6c7:2001:5300::/56
.
Setup MikroTik WireGuard
- Add new WireGuard interface.
/interface wireguard add mtu=1420 name=Route64 private-key="your_private_key"
- Add WireGuard peer to connect to Route64.
/interface wireguard peers add allowed-address=::/1,8000::/1 endpoint-address=165.140.142.113 endpoint-port=58140 interface=Route64 persistent-keepalive=30s public-key="FkVCzA3bhSrqOUhXNxVHDXSLDvWHUa7BGj75uuh85TE="
Setup IPv6
WAN side
- Add Route64 IPv6 address to the WireGuard interface.
/ipv6 address add address=2a11:6c7:f03:153::2/64 interface=Route64
- Add IPv6 route that goes to the Route64 WireGuard interface.
/ipv6 route add dst-address=2000::/3 gateway=Route64
LAN side
Route64 gives us /56
subnet, which we can divide into 256 /64
subnets. Since we got 2a11:6c7:2001:5300::/56
, I have chosen the prefix 2a11:6c7:2001:5304::/64
to be given via SLAAC.
- Set the Neighbor Discovery to the correct interface. By default, Neighbor Discovery is enabled for all interfaces, but it’s better to run it just at LAN. Take note of the MTU, since the default MTU of WireGuard is 1420, set the MTU of ND to 1420 so that the packets don’t fragment.
/ipv6 nd set [ find default=yes ] interface=bridge mtu=1420
- Add Route64 IPv6 subnet address to your LAN interface.
/ipv6 address add address=2a11:6c7:2001:5304::/64 advertise=yes interface=bridge
Testing
- Try to ping your Route64 tunnel endpoint. If your address is
2a11:6c7:f03:153::2/64
, then your tunnel endpoint is2a11:6c7:f03:153::1
. - Try to ping an IPv6 server or use test-ipv6.com.