search

cvmiller / nat64

Configure and Startup script for Tayga, a NAT64 daemon for OpenWRT
GNU General Public License v2.0
58 stars 11 forks source link

Autodetection of IP6 addresses not working #1

Closed jh3141 closed 6 years ago

jh3141 commented 6 years ago

The section of the script that detects IPv6 addresses isn't working for me. There seem to be two distinct problems. The first is pretty simple:

WAN_IP6=$(ip addr show dev eth0.2 | grep "inet6" | grep global | head -1| awk '
{print $2}' | cut  -f 1 -d '/')

I don't have an eth0.2 device, so this isn't working for me. I presume this should be $WAN instead.

The other problem is the detection of LAN_IP6, which isn't producing any results for me. Running through the commands in the pipeline, I get results up as far as grep noprefixroute, but the only result there is this one:

inet6 fdcf:101c:d870::1/60 scope global noprefixroute

which is obviously filtered by the following grep -v 'inet6 fd'.

I'm not sure if removing this filter works for me or not -- when I do so I successfully get the network to start, but the ping test at the end of the script is failing. Whether this is caused by some other error or this address issue, I don't know.

cvmiller commented 6 years ago

Thanks for reporting this issue. The first issue s a bug and has been fixed in version 0.95.

The second issue is a problem with your network (and possibly my docs). You need to have a routable IPv6 address on your LAN-side. You cannot use ULAs in conjunction with NAT64. The end-host stack will try to use IPv6 to get out to the internet, and since ULAs are not routable on the internet, it won't work.

NAT64 is a transition mechanism which allows one to create an IPv6-only network. But the assumption is that the IPv6-only network is using GUA (Globally Unique Address).

jh3141 commented 6 years ago

Ah, thanks for that. I assumed that while native IPv6 addresses would remain undeliverable that the mapped IPv4 addresses would be translated back to IPv4 packets for routing onto the connected IPv4-only network. I presume the appropriate solution here would be to set up an ipv6 tunnel (eg using https://tunnelbroker.net/) on my router?

cvmiller commented 6 years ago

Yes, if you don't have native IPv6 from your ISP, then a tunnel is a good second choice. Be sure to request a /48 from Hurricane Electric, so you can subdivide the allocated IPv6 addresses (for down stream routers or even a DMZ)

jh3141 commented 6 years ago

Great, that's working now. Thanks for the pointer.

In order to make it work, I needed a separate way of specifying the tunnel interface, so I added a command line option for that. I've submitted a PR in case you want to include the change.