OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • NAT64 with Tayga
« previous next »
  • Print
Pages: [1]

Author Topic: NAT64 with Tayga  (Read 322 times)

Perun

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 0
    • View Profile
NAT64 with Tayga
« on: October 04, 2024, 09:55:12 am »
Hi All,

After configuring IPv6, a RedHat program started behaving strangely (long waiting for a timout). I checked it with strace and found that it was trying to reach the address: 64:ff9b::d184:b210. I identified this as a NAT64 address of a Red Hat host. When I opened a ticket with Red Hat, they told me that the program does not support IPv6 and asked if I had configured NAT64/DNS64. I had not. Now I am trying it with Tayga, but something is not working.

The first question is, I use both ipv4 and ipv6 in my LAN. Do I need to configure NAT64? I read that you only need NAT64 if you have at least an IPv6-only network.
If that’s the case, is Red Hat doing something wrong, or is it my router configuration that’s messed up?

Second:
This is my Tayga Configuration:
IPv4 Address 192.168.254.3 (not used somwhere else)
IPv4 NAT64 Interface Address 192.168.253.1 (not used somwhere else)
IPv6 Address fd00:14::1
IPv6 NAT64 Interface Address 2a02:XXXX:XX:XX00:0::1 (I've got the prefix from my ISP: 2a02:XXXX:XX:XX/56)
IPv6 Prefix 64:ff9b::/96
IPv4 Pool 192.168.254.0/24
Custom IPv6 Routing not checked

(NAT, Normalization and FW Rule for Tayga Iface are configured)

Problem:
# traceroute6 64:ff9b::d184:b210
traceroute6 to 64:ff9b::d184:b210 (64:ff9b::d184:b210) from 2a02:XXXX:XX:XX00::1, 64 hops max, 28 byte packets
 1  fd00:14::1  0.124 ms  0.103 ms  0.191 ms

# ping6 64:ff9b::d184:b210
PING(56=40+8+8 bytes) 2a02:XXXX:XX:XX00::1 --> 64:ff9b::d184:b210
--- 64:ff9b::d184:b210 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss

What I'm doing wrong?

TiA
Greetz
Logged

Maurice

  • Hero Member
  • *****
  • Posts: 1213
  • Karma: 158
    • View Profile
    • GitHub
Re: NAT64 with Tayga
« Reply #1 on: October 05, 2024, 02:21:12 am »
Quote from: Perun on October 04, 2024, 09:55:12 am
asked if I had configured NAT64/DNS64. I had not.

Are you sure? This sounds like you might have enabled DNS64 in Unbound.

You do not need DNS64 / NAT64 if your hosts are Dual Stack (or IPv4-only). NAT64 allows IPv6-only hosts to access IPv4-only services, but it seems you don't have IPv6-only hosts.

Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).

Perun

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 0
    • View Profile
Re: NAT64 with Tayga
« Reply #2 on: October 05, 2024, 09:41:08 am »
yeah that was the problem... DNS64 flag was set in unbound. Disabled and now is all as it should be...
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • NAT64 with Tayga
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2