Is there any support for NAT64 planned?

[dtoubelis]

I wonder if support for NAT64 is on the roadmap. We are switching some of our subnets to IPv6-only and NAT64 is not optional any longer.

We are currently using pfSense and they don't have this feature neither do Mikrotik, Zeroshell, m0n0wall, VyOS, etc. So, we run two boxes instead - bsdrouter (the only opensource project that has it) in front and pfSense after.

For obvious reasons I would rather have on a single box and use the other for redundancy (CARP or VRRP) and I'm trying to gauge OpnSense fares in this regard.

[franco]

Hi,

There are updates in FreeBSD 12-CURRENT that allow NAT64 in IPFW. It looks like a viable target, but we are largely bound to what FreeBSD considers release worthy. I'm not sure this is in FreeBSD 11.1, and 12.0 is at least 1-2 years away last I heard.


Cheers,
Franco

[dbtsai]

NAT64 has been added in FreeBSD 11.1 https://svnweb.freebsd.org/base?view=revision&revision=316446
so in theory, with proper UI, this can be fairly easy to implement in opnsense. Given now Apple requires all the new apps supporting NAT64, and there is no other affordable solution except high end Cisco routers, this could be a good area that opnsense wins.

[Maurice]

*BUMP*

I'm also in the process of switching one LAN to IPv6 only and would like to do DNS64/NAT64 in OPNsense.
FreeBSD supports NAT64 in ipfw and Unbound can do DNS64, so I guess the only thing missing are some options in the WebIf? But I might be oversimplifying things. ;)

Is this on the roadmap?

Thanks!
Maurice

[franco]

A ticket was  created a while back: https://github.com/opnsense/core/issues/167

It's closed now, but that doesn't mean it can't be reopened as soon as work is being done.

Please make noise on GitHub, we can discuss options more permanently there :)


Thanks,
Franco