Hi, we are currently testing 464XLAT functionality of OpenWrt (Chaos Calmer 15.05 rc1). Since 464XLAT only supports the CLAT functionality for now, is it possible to test it without the PLAT-side?

Please advice. Thanks!

Well usually the PLAT-side, i.e. NAT64 and DNS64 is located on a different router (i.e. on the ISP-side) where as the CLAT runs either on the CPE or directly on a handset (e.g. like Android does it).

So yes you can setup a NAT64 / DNS64 (the PLAT side) on another router and hookup the OpenWrt CPE to it. When integrating the CLAT stuff i used the www.jool.mx NAT64 on a generic Linux server together with some DNS64 server.

The PLAT router could also be an OpenWrt router using e.g. tayga for NAT64 but I haven't tried that.

Good day,

I am trying the CLAT functionalities of OpenWRT using virtual machines
As suggested, I have tried using jool for the PLAT side. It's working great on that end thanks for the suggestion, but I can't seem to make the CLAT side to work. Any help would be greatly appreciated. Thanks in advance.

Here's my current network setup:

(IPv4 network)                                (IPv6 network)                                   (IPv4 network)
[Host1]-eth0----------------eth0-[CE]-eth1---------------------eth0-[NAT64]-eth1----------------eth0-[Host2]
                                                    |
                                                 [Host3]

With the following details:
Host1
eth0: 192.168.0.100

CE
eth0: 192.168.0.1
eth1: 2001:db8::2

NAT64
eth0: 2001:db8::1
eth1: 203.0.113.1

Host2
eth0: 203.0.113.100

For testing purposes for the NAT64, I have also added a third host:
Host3
eth0: 2001:db8::100

I have confirmed the following connectivity checks (successful ping) with the left side the initiator of the ping:
NAT64 to Host2
NAT64 to Host3
NAT64 to CE

Host3 to Host2
Host3 to NAT64
Host3 to CE

CE to NAT64
CE to Host3
CE to Host1

Host1 to CE

And for the CE, I have the following configurations

config interface 'lan'
    option ifname 'eth0'
    option proto 'static'
    option ipaddr '192.168.0.1'
    option netmask '255.255.255.0'

config interface 'wan'
    option ifname 'eth1'
    option proto 'static'
    option ip6addr '2001:db8::2/96'

config interface 'wan6_xlat'
    option proto '464xlat'

Do I have to set for anything else?
I have read from this post: https://forum.openwrt.org/viewtopic.php?id=57455
That the rest of the configurations for the 464xlat are auto-detected. Is there a way to check the detected configurations?

Oh, and my ipv6 prefix is 64:ff9b::

Did you setup a DNS64 on the PLAT side as well and point the router with the CLAT (and its clients) to use it as resolver?
Because that is how the CLAT auto-detects the PLAT + this is what makes your client use the NAT64 actually.

You could test the pure CLAT functionality without DNS64 as well if you are juggling with "raw" ip-addresses. You would then need to add "option ip6prefix 64:ff9b::/96" to the wan6_xlat interface to manually select the NAT64 prefix.

Thanks for the quick response!

I would very much like to test it without the DNS64 so
I have edited the CE's configurations to match your suggestions:

config interface 'wan6_xlat'
    option proto '464xlat'
    option ip6prefix '64:ff9b::/96'

then restarted the interfaces,
then tried to initiate a ping from Host1 to Host2 but it simply returned "Destination Net Unreachable"

I checked the ifstatus for the wan6_xlat and here's what it gave me:

{
     "up": false,
     "pending": false,
     "available": false,
     "autostart": true,
     "proto": "464xlat",
     "data": {
     }
}

so I entered ifup wan6_xlat
then checked the status again

{
     "up": false,
     "pending": false,
     "available": false,
     "autostart": true,
     "proto": "464xlat",
     "data": {
     },

     "errors": [
            {
            "subsystem": "interface",
            "code": "NO_DEVICE"
            }
      ]
}

Do I have to set the wan6_xlat with option ifname 'eth1'?
More help would be grand thanks very much!

You need to have an IPv6 default route otherwise your router doesn't know where to send packets to 64f9b::/96 to, so you probably need to set an option ip6gw in your regular wan6 section.

Ah I see

config interface 'wan'
    option ifname 'eth1'
    option proto 'static'
    option ip6addr '2001:db8::2/96'
    option ip6gw '2001:db8::1'

With the configurations above, the wan6_xlat has indeed been created successfully.

but the ping results are still not successful.
I have tried the following from Host1(192.168.0.100) trying to ping Host3(203.0.113.100):
ping 203.0.113.100
ping6 64:ff9b::203.0.113.100

Am I still missing something?

if the ping6 isn't successful then something is wrong with your nat64, 464xlat doesn't interfere there, unless that is working correctly 464 will not either.

as another hint, it might be a good idea to change the ip6addr prefix length from /96 to /64

Oops, my bad.
I just checked the tcpdump of the CLAT and the NAT64. Turns out that the CLAT is indeed doing its job. It's just that the host on the other side of the NAT64 isn't replying at all. Is it because I have no CLAT on the NAT64 side? or DNS64?

Anyways, seeing the pcap of the CLAT is good enough for me. I still don't know why Host2 won't reply to me though...

Also, would it be possible to manually set the source ipv6 prefix for the CLAT? I checked the ifstatus of the wan6_xlat and saw the auto-generated src and dest but would I be able to set the prefix6 for the src? I'm trying to do this because in the packet capture, the Source is this

Source:
::c3f6:d727:bdd2:360c

Destination
64:ff9b::cb:71:6400:0

the ipv6 prefix, 64:ff9b:: is in the destination but I was wondering why the source address looks like that.

Again, thanks so much for the continued help

You can use the option ip6addr to manually control the CLAT's IPv6 address, it usually chooses a random one within the /64 at the wan-interface.
The manually chosen one obviously should be within the /64 of the wan-interface.

This is not the best solution however we cannot reuse the existing outgoing IPv6 address for this since otherwise we would break devices using NAT64 directly behind the router or applications on the router itself using NAT64.

Sorry I seem to have misworded my post, my bad. What I meant was the source ipv6 prefix -> Is there a manual way to set this?

Destination (PLAT) ipv6 prefix: 64:ff9b::
Source (CLAT) ipv6 prefix: 4ffe:1::       <--- is there a way to set this manually? Since the option ip6addr inside the wan6_xlat interface replaces the whole source ip address

Sorry, where does that 4ffe:1 come from? I don't see it anywhere.

Ah that was just an example. Still, is it possible to set CLAT's ipv6 prefix manually? If so, is there a command for it?

Thanks

not yet, but since it just uses the /64 of the wan-interface you could simply change that.

Hello again.
I have retried everything from scratch and I am glad to report that I'm able to do ping6 and ping now.

Here's my setup

(IPv4 network)                                (IPv6 network)                                   (IPv4 network)
[Host1]-eth0----------------eth0-[CE]-eth1---------------------eth0-[NAT64]-eth1----------------eth0-[Host2]

I'm using JOOL for the NAT64 using 64:ff9b::/96 prefix for the PLAT

With the following details:
Host1
eth0: 192.168.0.100

OpenWRT
eth0: 192.168.0.1/24
         2001:db8:1::1/64
eth1: 2001:db8:100::2/64

NAT64 (JOOL)
eth0: 2001:db8:100::1/64
eth1: 203.0.113.1
         203.0.113.2

Host2
eth0: 203.0.113.42

for the /etc/config/network:

config interface 'lan'
    option ifname 'eth0'
    option proto 'static'
    option ipaddr '192.168.0.1/24'
    option ip6addr '2001:db8:1::1/64'

config interface 'wan'
    option ifname 'eth1'
    option proto 'static'
    option ip6addr '2001:db8:100::1/64'
    option ip6gw '2001:db8:100::2'

config interface 'wan6_xlat'
    option proto '464xlat'
    option ip6prefix '64:ff9b::/96'
    option ip6addr '2001:db8:2::'

I just need a little more explanation on clat's behavior and I would like to confirm my understanding with you:

Here's the outside packet from CLAT to NAT64:

ping 203.0.113.42 from Host1 to Host2
CLAT eth1:
Source: 2001:db8:2::
Destination: 64:ff9b::cb00:712a

ping6 64:ff9b::203.0.113.42 from Host1 to Host2
CLAT eth1:
Source: 2001:db8:1:0:7439:2e18:c814:eddd
Destination:  64:ff9b::cb00:712a

Both ping and ping6 are replying just fine. I just don't understand how the CLAT knows how to differentiate which host sent the packet for the ping command since the source ip address is only 2001:db8:2::

The NAT64 passes the packet with the destination address 2001:db8:2:: back to the CLAT. But how does CLAT know that Host 1 sent the packet? I tried adding another host behind the clat and indeed, only host1 recieves the reply. It works, but I don't completely understand why. Any explanation at all would be very much appreciated.

Thanks.

Well it uses NAT44 the same way as if the IPv4 uplink was native, so the packets actually get NATted twice if coming from a host behind the router.
When a host sends an IPv4 packet your router first NATs the source-address to one of its own, i.e. 192.0.0.1 and afterwards does the NAT46 to translate it to IPv6. On the return path that process is reversed, the router only knows which host (and port to use) because it tracked and noted the connection back when host established it (i.e. when sending the ping request).

Hi CyrusFF,

Firstly, much thanks for your contribution. I'm trying to port 464xlat to another platform. I have read the code of nat46 module, "464xlatcfg.c", "464xlat.sh" and the patch of add 464xlat integration to odhcp6c. I was puzzled about the 464xlatcfg arguments.

Take @A Stranger I Remain 's model as example:
464xlatcfg: %s <name> [ifname] [ipv6prefix] [ipv4addr] [ipv6addr]
1. ipv4addr means the address(192.168.0.1) of "eth0" interface of "CE" ? (You use "192.0.0.1" in code when "192.168.1.1" is the default static addr of lan interface of OpenWrt)
2. ipv6prefix means  the prefix 64:ff9b::/96 but where it comes from. (the PLAT side? or just specified)
3. and the ipv6addr is 2001:db8:2:: ?(we specified for wan6_xlat interface itself?)
Why the source addrs of local host are different when ping and ping6 the remote host as the wan6_xlat was a virtual interface bind to eth0 ?
Finally, it writes to: local.v4  local.v6  remote.v4  remote.v6

Thanks anyway

What platform are you porting to?

As a first hint you should probably read through RFC 6877 and RFC 7050 to get a clue where most of the addresses come from.

Thanks, it is a commercial router which integrate the OpenWrt platform
I have read them, but I'm not fully understand the RFC 7050. I will continue my research on it.
And I found a bug in your code of "464xlatcfg.c"
=================================
    if (!argv[2])
        return 0;
   
    if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx")))
        return 1;

    signal(SIGTERM, sighandler);

    prefix[sizeof(prefix) - 1] = 0;
    strncpy(prefix, argv[3], sizeof(prefix) - 1);

    if (!prefix[0]) {
        struct addrinfo hints = { .ai_family = AF_INET6 }, *res;
        if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) {
            sleep(3);
            if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res)
                return 2;
        }

        struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)res->ai_addr;
        inet_ntop(AF_INET6, &sin6->sin6_addr, prefix, sizeof(prefix) - 4);
        strcat(prefix, "/96");       
        freeaddrinfo(res);
    }
===============================

We will never run getaddrinfo() of "ipv4only.arpa" when the argv[3] is a null value.

Ah this is a commerical integration? Well sorry, no pro bono consulting here then

Hi again,
Is that code a bug? I test the chaos_calmer 15.05 on D-Link DIR-835. And as shows below:

root@OpenWrt:~# ps -w
29293 root      1472 S    {464xlat.sh} /bin/sh ./464xlat.sh 464xlat setup wan6_4 {"name":"wan6_4","ifname":"@wan6","proto":"464xlat
29302 root       792 S    464xlatcfg 464-wan6_4 eth0.2  192.0.0.1

They two become zombie processes.  Is that because we didn't get the  ipv6prefix from NAT64/DNS64 ?

Some time ago I tested 464XLAT and I got working. I've a VM with a DNS64/NAT64, so I only need to setup the CLAT working in OpenWRT. I tried again what I recall was working and I guess I'm missing something ... pity that the old configuration was lost in a router that was configured for something else.

So, anyone has been able to configure it ? I'm trying both OpenWRT and LEDE, should be the same ...

I've discovered the issue. It works in 15.05, and also ping is working there via the CLAT. However it doesn't work in 15.05.1.

In LEDE is working, but is very confusing because ping doesn't work, so if you relay on ping for a quick test ... you will be confused.

Finally the other issue is that it seems in all the versions, it only works after a complete reboot.

How you setup Jool to be able to get the PLAT working?

I'm trying to get a CPE with LEDE to behave as a NAT64, using the same config I use in an Ubuntu, but no success ...

So, I installed both kmod-jool and jool-tools, and using my previous script which works in Ubuntu, tried to make it work:

#!/bin/sh
sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv6.conf.all.forwarding=1
ethtool --offload br-lan gro off lro off
ethtool --offload eth0.6 gro off lro off
ip addr add 10.10.10.19/24 dev eth0.6
ip -6 route add 2001:470:68ee:30::/64 via 2001:470:68ee:20::21
ip -6 route add 2001:470:68ee:40::/64 via 2001:470:68ee:20::21
modprobe jool pool6=64:ff9b::/96 pool4=10.10.10.19

However, I can’t get it working in LEDE.

If I traceroute an any 64:ff9b::/96, it is being routed to my default IPv6 gateway instead of going thru jool …

I’m missing anything?

Thanks in advance!