Difference between revisions of "OpenWRT IPv6: NAT64 dan DNS64"
Onnowpurbo (talk | contribs) (New page: NAT64/DNS64 on OpenWRT The latest stable release of OpenWRT – Barrier Break – makes it a simple matter to add NAT64 and DNS64 capabilities to the router. This is particularly useful i...) |
Onnowpurbo (talk | contribs) |
||
Line 8: | Line 8: | ||
So, install TOTD and configure it. | So, install TOTD and configure it. | ||
− | # opkg update | + | # opkg update |
− | # opkg install totd | + | # opkg install totd |
− | # vi /etc/totd.conf | + | # vi /etc/totd.conf |
The totd.conf file should contain the following: | The totd.conf file should contain the following: | ||
− | ; substitute with your upstream DNS | + | ; substitute with your upstream DNS |
− | forwarder 8.8.8.8 port 53 | + | forwarder 8.8.8.8 port 53 |
− | forwarder 8.8.4.4 port 53 | + | forwarder 8.8.4.4 port 53 |
− | ; modify your OpenWRT ULA prefix here | + | ; modify your OpenWRT ULA prefix here |
− | prefix fd63:fab9:6ccf:64:: | + | prefix fd63:fab9:6ccf:64:: |
− | ; this port is used later | + | ; this port is used later |
− | port 5353 | + | port 5353 |
Enable and start TOTD, and check the logs for any errors: | Enable and start TOTD, and check the logs for any errors: | ||
− | # /etc/init.d/totd enable | + | # /etc/init.d/totd enable |
− | # /etc/init.d/totd start | + | # /etc/init.d/totd start |
− | # logread | + | # logread |
Finally, configure the built-in DNSMASQ to use TOTD as its upstream. Just remember to use 127.0.0.1#5353 as the upstream server. Note the use of a hash (#) symbol. | Finally, configure the built-in DNSMASQ to use TOTD as its upstream. Just remember to use 127.0.0.1#5353 as the upstream server. Note the use of a hash (#) symbol. | ||
Line 32: | Line 32: | ||
You should be able to verify that it works by querying AAAA records for pure IPv4 names. You should see that a fake IPv6 address be returned with your TOTD specified prefix. | You should be able to verify that it works by querying AAAA records for pure IPv4 names. You should see that a fake IPv6 address be returned with your TOTD specified prefix. | ||
− | # ping6 ipv4.google.com | + | # ping6 ipv4.google.com |
You won’t be able to actually ping it over IPv6 yet at this point, until your NAT64 is setup correctly. | You won’t be able to actually ping it over IPv6 yet at this point, until your NAT64 is setup correctly. | ||
Line 41: | Line 41: | ||
First, install TAYGA. | First, install TAYGA. | ||
− | # opkg update | + | # opkg update |
− | # opkg install tayga | + | # opkg install tayga |
Next, edit /etc/config/network and add a new interface. | Next, edit /etc/config/network and add a new interface. | ||
− | config interface nat64 | + | config interface nat64 |
− | + | option proto tayga | |
− | + | option ifname 'tayga-nat64' | |
− | + | option ipv4_addr 192.168.64.1 | |
− | + | option prefix fd63:fab9:6ccf:64::/96 | |
− | + | option dynamic_pool 192.168.64.0/24 | |
− | + | option accept_ra 0 | |
− | + | option send_rs 0 | |
Next, edit /etc/config/firewall and add it to the LAN zone. | Next, edit /etc/config/firewall and add it to the LAN zone. | ||
− | config zone | + | config zone |
− | + | option name 'lan' | |
− | + | option input 'ACCEPT' | |
− | + | option output 'ACCEPT' | |
− | + | option forward 'ACCEPT' | |
− | + | option network 'lan nat64' | |
Enable and start TAGYA, and check the logs for errors. | Enable and start TAGYA, and check the logs for errors. | ||
− | # /etc/init.d/network restart | + | # /etc/init.d/network restart |
− | # /etc/init.d/firewall restart | + | # /etc/init.d/firewall restart |
− | # logread | + | # logread |
You should now be able to ping any IPv4 server using IPv6. | You should now be able to ping any IPv4 server using IPv6. | ||
− | # ping6 ipv4.google.com | + | # ping6 ipv4.google.com |
Voila! | Voila! |
Latest revision as of 11:52, 14 July 2015
NAT64/DNS64 on OpenWRT
The latest stable release of OpenWRT – Barrier Break – makes it a simple matter to add NAT64 and DNS64 capabilities to the router. This is particularly useful if one wishes to run an IPv6 only internal LAN network while dealing with the IPv4 + IPv6 world of the Internet. DNS64
DNS64 provides a faux AAAA record for any existing A record. The easiest tool to use for this is TOTD, which is no longer in development but is found in the main OpenWRT repositories.
So, install TOTD and configure it.
# opkg update # opkg install totd # vi /etc/totd.conf
The totd.conf file should contain the following:
; substitute with your upstream DNS forwarder 8.8.8.8 port 53 forwarder 8.8.4.4 port 53 ; modify your OpenWRT ULA prefix here prefix fd63:fab9:6ccf:64:: ; this port is used later port 5353
Enable and start TOTD, and check the logs for any errors:
# /etc/init.d/totd enable # /etc/init.d/totd start # logread
Finally, configure the built-in DNSMASQ to use TOTD as its upstream. Just remember to use 127.0.0.1#5353 as the upstream server. Note the use of a hash (#) symbol.
You should be able to verify that it works by querying AAAA records for pure IPv4 names. You should see that a fake IPv6 address be returned with your TOTD specified prefix.
# ping6 ipv4.google.com
You won’t be able to actually ping it over IPv6 yet at this point, until your NAT64 is setup correctly. NAT64
NAT64 provides an IPv6 to IPv4 NAT mechanism which will actually transfer the IPv6 packets by converting them into IPv4 packets and back. The tool to do this is TAYGA and is also available in the OpenWRT repositories.
First, install TAYGA.
# opkg update # opkg install tayga
Next, edit /etc/config/network and add a new interface.
config interface nat64 option proto tayga option ifname 'tayga-nat64' option ipv4_addr 192.168.64.1 option prefix fd63:fab9:6ccf:64::/96 option dynamic_pool 192.168.64.0/24 option accept_ra 0 option send_rs 0
Next, edit /etc/config/firewall and add it to the LAN zone.
config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan nat64'
Enable and start TAGYA, and check the logs for errors.
# /etc/init.d/network restart # /etc/init.d/firewall restart # logread
You should now be able to ping any IPv4 server using IPv6.
# ping6 ipv4.google.com
Voila!