Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Perun on October 04, 2024, 09:55:12 AM

Title: NAT64 with Tayga
Post by: Perun on October 04, 2024, 09:55:12 AM
Hi All,

After configuring IPv6, a RedHat program started behaving strangely (long waiting for a timout). I checked it with strace and found that it was trying to reach the address: 64:ff9b::d184:b210. I identified this as a NAT64 address of a Red Hat host. When I opened a ticket with Red Hat, they told me that the program does not support IPv6 and asked if I had configured NAT64/DNS64. I had not. Now I am trying it with Tayga, but something is not working.

The first question is, I use both ipv4 and ipv6 in my LAN. Do I need to configure NAT64? I read that you only need NAT64 if you have at least an IPv6-only network.
If that's the case, is Red Hat doing something wrong, or is it my router configuration that's messed up?

Second:
This is my Tayga Configuration:
IPv4 Address 192.168.254.3 (not used somwhere else)
IPv4 NAT64 Interface Address 192.168.253.1 (not used somwhere else)
IPv6 Address fd00:14::1
IPv6 NAT64 Interface Address 2a02:XXXX:XX:XX00:0::1 (I've got the prefix from my ISP: 2a02:XXXX:XX:XX/56)
IPv6 Prefix 64:ff9b::/96
IPv4 Pool 192.168.254.0/24
Custom IPv6 Routing not checked

(NAT, Normalization and FW Rule for Tayga Iface are configured)

Problem:
# traceroute6 64:ff9b::d184:b210
traceroute6 to 64:ff9b::d184:b210 (64:ff9b::d184:b210) from 2a02:XXXX:XX:XX00::1, 64 hops max, 28 byte packets
1  fd00:14::1  0.124 ms  0.103 ms  0.191 ms

# ping6 64:ff9b::d184:b210
PING(56=40+8+8 bytes) 2a02:XXXX:XX:XX00::1 --> 64:ff9b::d184:b210
--- 64:ff9b::d184:b210 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss

What I'm doing wrong?

TiA
Greetz
Title: Re: NAT64 with Tayga
Post by: Maurice on October 05, 2024, 02:21:12 AM
Quote from: Perun on October 04, 2024, 09:55:12 AM
asked if I had configured NAT64/DNS64. I had not.

Are you sure? This sounds like you might have enabled DNS64 in Unbound.

You do not need DNS64 / NAT64 if your hosts are Dual Stack (or IPv4-only). NAT64 allows IPv6-only hosts to access IPv4-only services, but it seems you don't have IPv6-only hosts.

Cheers
Maurice
Title: Re: NAT64 with Tayga
Post by: Perun on October 05, 2024, 09:41:08 AM
yeah that was the problem... DNS64 flag was set in unbound. Disabled and now is all as it should be...
Text only | Text with Images