[LEDE-DEV] using 464XLAT in LEDE (or OpenWRT)

[Hans Dedecker]

Hi,

On Wed, Mar 8, 2017 at 10:23 PM, JORDI PALET MARTINEZ
<jordi.palet at consulintel.es> wrote:
> Hi Hans,
>
> I believe you’re the maintainer of 464XLAT. I want to do demonstrations of OpenWRT/LEDE in scenarios where you run out of IPv4 addresses for the WAN links.
>
> Sorry to write you directly, but I’ve been trying for many hours to find more info as I’m not succeeding to configure a CLAT to work in a very simple scenario.
I've added LEDE development mailing list in CC as the info could be
usefull for other persons who're trying to use 464xlat
>
> The main problem is that I don’t know what are the parameters needed in the network file.
The 464xlat feature is currently broken on LEDE as the 464xlat netifd
logic have been reverted
(https://git.lede-project.org/?p=project/netifd.git;a=commit;h=39d9ceeb96162a83a3f5fa63e6aaa1ccb38caa62)
as it changed the default behavior of user ip rules in unexpected
ways. This can easily be checked by the ip rule list cmd as it should
contain a rule to the prelocal table.
>
> My scenario is quite simple. I’ve a virtual machine with Ubuntu running a DNS64 with bind9 and NAT64 with Jool. This has been tested and is working.
>
> In the router where I want to run CLAT, I’ve:
>
> 1) WAN interface configured only with an IPv6 address (and of course I’ve checked that I can ping from here to the DNS/NAT64 and Internet with IPv6).
> 2) LAN interface with an IPv6 prefix /64, an IPv4 /24 (private), and DHCP and SLAAC running. I can ping with both IPv4 and IPv6 to the router.
>
> I tried both with Luci and editing the network file.
>
> I don’t understand what it means tunlink (is it the WAN with only IPv6 interface?). Should I configure additional addresses for the CLAT? According the 464XLAT RFC I need 3 IPv6/prefixes (WAN/LAN/translation).
tunlink is indeed the logical interface on which the 464xlat interface
depends; in this case it's the IPv6 wan interface
>
> By the way, for the NAT64, I’m using the standard prefix 64:ff9b::/96.
>
> Do I need to do any special configuration in the rest of the interfaces or the firewall to make it work?
You need to specify to which firewall zone the 464xlat interface
belongs via the zone UCI parameter; usually this is the wan zone
>
> I hope you have a sample configuration for the network and firewall files that I can understand what I’m doing wrong or missing. It may be something really silly but I’m unable to see it.
>
First you need to verify if you're using a build which still supports
464xlat otherwise even with a correct config it won't work ...

Hans
> Thanks a lot!
>
> By the way, we just submitted a new IETF draft to allow configuring the CLAT (and other protocols related to NAT64 usage) by DHCPv6 options:
>
> https://www.ietf.org/id/draft-li-intarea-nat64-prefix-dhcp-option-00.txt
>
> Regards,
> Jordi
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
>
>
>