question

[thomasschaeferm]

I am sitting here in Zurich at the ipv6conference. There is a ipv6-only-wifi.

Unfortunately with dhcpv6 only. Is this the reason that clatd doesn't work? (clatd needs a second address!?)

hpmini:/home/thomas/clat/clatd # ./clatd Starting clatd v1.1 by Tore Anderson tore@fud.no Performing DNS64-based PLAT prefix discovery (cf. RFC 7050) Using PLAT (NAT64) prefix: 64:ff9b::/96 Device facing the PLAT: wlan0 Attempting to derive a CLAT IPv6 address from a EUI-64 address on 'wlan0' Using CLAT IPv4 address: 192.0.0.1 Using CLAT IPv6 address: ::c1:a700:0 Checking if this system already has IPv4 connectivity in 10 sec(s) Enabling IPv6 forwarding Adding ip6tables rules allowing traffic between the CLAT and PLAT devices Enabling Proxy-ND for ::c1:a700:0 on wlan0 Creating and configuring up CLAT device 'clat' Cannot use reserved address ::c1:a700:0 in map directive, aborting...

cmd(tayga --config /tmp/DIJauO7082 --mktun ) returned 0 hpmini:/home/thomas/clat/clatd # ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 3c:d9:2b:1a:c9:9a brd ff:ff:ff:ff:ff:ff 3: wlan0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d0:df:9a:93:67:90 brd ff:ff:ff:ff:ff:ff inet6 2001:8a8:3800:2::35/128 scope global dynamic valid_lft 10617sec preferred_lft 10617sec inet6 fe80::d2df:9aff:fe93:6790/64 scope link valid_lft forever preferred_lft forever hpmini:/home/thomas/clat/clatd # I try to use enforce to avoid dhcpv6. May be the the error message can be improved?

[toreanderson]

Hi, you should do a git pull - at least there's one bug displayed here that I believe I fixed already (see da7b48e7794f6f71e2dc79172bb90bc9d7e8dd93). That will however only make it fail more gracefully instead of continuing with the bogus CLAT address ::c1:a700:0. The CLAT needs a dedicated IPv6 address, there's no way around that. So you can try your luck and just grab a random address in the link prefix, configure it as clat-v6-addr and see if it works. If not, the network is probably using some sort of security mechanism that disallows traffic to/from addresses for which there is no valid DHCPv6 lease, and you'll have to start a DHCPv6 client to obtain a second IPv6 address and use that as clat-v6-addr. Let me know how it goes?

[toreanderson]

Actually, come to think of it, in 81f2c61364143f898e53b69625e1a4cb9d5f5b71 I made it so that if it can't find a SLAAC-based address to derive a clat-v6-addr from, it will generate a random interface ID instead. So you shouldn't need to manually configure a random clat-v6-addr with current git master, it'll try that automatically. But it can't guarantee that the network will actually allow it to use that address, in which case you need to do DHCPv6.

[toreanderson]

Oh and say hello to Silvia from me! :-)

[thomasschaeferm]

Now it looks clearer:

hpmini:/home/thomas/clat/clatd # ./clatd Starting clatd v1.2 by Tore Anderson tore@fud.no Performing DNS64-based PLAT prefix discovery (cf. RFC 7050) Using PLAT (NAT64) prefix: 64:ff9b::/96 Device facing the PLAT: wlan0 Attempting to derive a CLAT IPv6 address from an IPv6 address on 'wlan0'

Could not find a global IPv6 address on wlan0 from which to derive a CLAT IPv6 address (try setting 'clat-v6-addr') hpmini:/home/thomas/clat/clatd # sorry for using the old version. She is around here, of course :-)

[toreanderson]

Can you show me the output from ip address show dev wlan0? Just curious.

[thomasschaeferm]

ip a show dev wlan0 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d0:df:9a:93:67:90 brd ff:ff:ff:ff:ff:ff inet6 2001:8a8:3800:2::35/128 scope global dynamic valid_lft 10613sec preferred_lft 10613sec inet6 fe80::d2df:9aff:fe93:6790/64 scope link valid_lft forever preferred_lft forever

ip -6 r 2001:8a8:3800:2::35 dev wlan0 proto kernel metric 256 expires 10583sec 2001:8a8:3800:2::/64 dev wlan0 proto ra metric 10 fe80::/64 dev wlan0 proto kernel metric 256 default via fe80::2ff:3eff:fe57:f2f4 dev wlan0 proto static metric 1024

[thomasschaeferm]

I sent her your greetings. She is missing you!

[toreanderson]

Does the network allow you to grab other addresses in that /64 without getting them through DHCPv6? Test the below:

ip a a 2001:8a8:3800:2:d2df:9aff:fe93:6790/128 dev eth0 preferred 0
ping6 -I 2001:8a8:3800:2:d2df:9aff:fe93:6790 fud.no

If so you should in theory be able to run ./clatd clat-v6-addr=2001:8a8:3800:2:d2df:9ac1:a793:6790 and get working 464XLAT. Let me know how it goes.

[thomasschaeferm]

hpmini:~ # ip a a 2001:8a8:3800:2:d2df:9aff:fe93:6790/128 dev eth0 preferred 0 RTNETLINK answers: Permission denied hpmini:~ # ip a a 2001:8a8:3800:2:d2df:9aff:fe93:6790/128 dev wlan0 preferred 0 hpmini:~ # ping6 -I 2001:8a8:3800:2:d2df:9aff:fe93:6790 fud.no PING fud.no(greed.fud.no) from 2001:8a8:3800:2:d2df:9aff:fe93:6790 : 56 data bytes 64 bytes from greed.fud.no: icmp_seq=1 ttl=52 time=146 ms 64 bytes from greed.fud.no: icmp_seq=2 ttl=52 time=41.0 ms 64 bytes from greed.fud.no: icmp_seq=3 ttl=52 time=360 ms ^C --- fud.no ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 41.094/182.704/360.280/132.766 ms hpmini:~ # cd /home/thomas/clat/clatd hpmini:/home/thomas/clat/clatd # ./clatd Starting clatd v1.2 by Tore Anderson tore@fud.no Performing DNS64-based PLAT prefix discovery (cf. RFC 7050) Using PLAT (NAT64) prefix: 64:ff9b::/96 Device facing the PLAT: wlan0 Attempting to derive a CLAT IPv6 address from an IPv6 address on 'wlan0'

Could not find a global IPv6 address on wlan0 from which to derive a CLAT IPv6 address (try setting 'clat-v6-addr') hpmini:/home/thomas/clat/clatd # ./clatd clat-v6-addr=2001:8a8:3800:2:d2df:9ac1:a793:6790 Starting clatd v1.2 by Tore Anderson tore@fud.no Performing DNS64-based PLAT prefix discovery (cf. RFC 7050) Using PLAT (NAT64) prefix: 64:ff9b::/96 Device facing the PLAT: wlan0 Using CLAT IPv4 address: 192.0.0.1 Using CLAT IPv6 address: 2001:8a8:3800:2:d2df:9ac1:a793:6790 Checking if this system already has IPv4 connectivity in 10 sec(s) Enabling IPv6 forwarding Adding ip6tables rules allowing traffic between the CLAT and PLAT devices Enabling Proxy-ND for 2001:8a8:3800:2:d2df:9ac1:a793:6790 on wlan0 Creating and configuring up CLAT device 'clat' Created persistent tun device clat Adding IPv4 default route via the CLAT Starting up TAYGA, using config file '/tmp/5Xs1nI6LX1' it works: thomas@hpmini:~> ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.90 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=22.6 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 2 received, 33% packet loss, time 2003ms rtt min/avg/max/mdev = 5.900/14.260/22.621/8.361 ms thomas@hpmini:~> Using different IPs in a "managed" network.... Thank you! I can't continue - my akku is running low and Switzerland has no sockets for german plugs.

[toreanderson]

Glad it worked out! You're not really "allowed" to grab arbitrary addresses like that when the network hasn't told you it's OK, but oh well... :-)