4x ULA Subnets and NAT64 + DNS64

Installing and Using OpenWrt Network and Wireless Configuration
1

4x ULA Subnets and NAT64 + DNS64

Hello all,

1. Base Setup

I have setup my router with four ULA subnets and a WAN which connects to my Xfinity router that support IPv6 + IPv4. Xfinity only provides a /64 to my knowledge.

I wish for the network to be IPv6-only accessing IPv4 sites on the internet using Jool NAT64.

I have also manually setup the machines on the subnets using nmcli and nmgui and they are able to access websites via IPv6 via the gateway for their subnet for example: fd02:2c95:9f91:dddd::1 and using a static ULA addresses like fd02:2c95:9f91:dddd::2 on the fd022:2c95:9f91:dddd::/64 network.

2. NAT64_for_a_IPv6-Only Network Jool -> Setup Using Option 2 of NAT64 with Jool

# Dependencies are installed:
root@OpenWrt~# opkg list-installed | grep -i 'kmod-veth\|ip-full\|kmod-jool-netfilter\|jool-tools-netfilter'
ip-full - 6.11.0-r1
jool-tools-netfilter - 4.1.14-r1
kmod-jool-netfilter - 6.6.93.4.1.14-r1
kmod-veth - 6.6.93-r1

# Jool Version
root@OpenWrt~# jool --version
4.1.14.0

# Hardware:
root@OpenWrt~# ubus call system board
{
     "kernel": "6.6.93",
     "hostname": "OpenWrt",
      "system": "MediaTek MT7628AN ver:1 eco:2",
      "model": "Linksys E5400",
      "board_name":"linksys,e5400",
      "rootfs_type": "squashfs",
      "release": {
          "distribution": "OpenWrt",
          "version": "24.10.2",
          "revision": "r28739-d9340319c6",
          "target": "ramips/mt76x8",
          "description": "OpenWrt 24.10.2 r28739-d9340319c6",
          "builddate": "1750711236"
      }

}

I followed the entire tutorial for NAT64, and when pinging from the router itself to 1.1.1.1 in the Testing section the pings do not come back.

root@OpenWrt:/etc/jool# ping 64:ff9b::1.1.1.1
PING 64:ff9b::1.1.1.1 (64:ff9b::101:101): 56 data bytes
^C
--- 64:ff9b::1.1.1.1 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss

Upon further inspection it appears there's an issue when creating the veth for jool@openwrt or openwrt@jool and I can't switch to network namespace to run any of the commands as specified in the section Setup Jool Network Namespace.

root@OpenWrt:~# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
5: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group de
fault qlen 1000
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
6: eth0.5@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 100
0
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
7: eth0.4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 100
0
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
8: eth0.3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 100
0
    link/ether e8:9f:80:be:49:25 brd ff:ff:ff:ff:ff:ff
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 100
0
    link/ether e8:9f:80:be:49:26 brd ff:ff:ff:ff:ff:ff
10: openwrt@jool: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1
000
    link/ether fe:2b:88:aa:62:53 brd ff:ff:ff:ff:ff:ff
11: jool@openwrt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1
000
    link/ether ee:76:67:1a:87:ce brd ff:ff:ff:ff:ff:ff

root@OpenWrt:~# ip netns list
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
jool

root@OpenWrt:~# ip netns exec jool sh
setting the network namespace "jool" failed: Invalid argument

root@OpenWrt:/var/run/netns# ls -la
drwxr-xr-x    2 root     root            60 Oct 14 23:09 .
drwxr-xr-x    8 root     root           320 Oct 14 23:18 ..
----------    1 root     root             0 Oct 14 23:09 jool

I also tried turning on the logging while pinging to see what happens, and the packet is just sent back to the kernel because it is not in pool6.

Any ideas?

Thank you,

helpdeskaleer

2

Running the ip -6 route command I noticed that there are two entries that read unreachable and are assigned to the lo device, which seems to relate to when we list ip netns list and it prints out:

root@OpenWrt:~# ip netns list
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
jool

I'm not sure what route might need to be added to access jool@openwrt or openwrt@jool.

Here is the entire output of the ip -6 route command, it looks like a route is available on 64:ff9b::/96 using fe80::64 as a gateway and using the device jool. But fe80 is a LLA and not a ULA network, so do I need another one for that?

root@OpenWrt:/etc/jool# ip -6 route
64:ff9b::/96 via fe80::64 dev jool proto static metric 1024 pref medium
2601:985:4602:4540::/64 dev eth0.2 proto static metric 256 pref medium
unreachable 2601:985:4602:4540::/64 dev lo proto static metric 2147483647 pref medium
fd02:2c95:9f91:10::/64 dev br-lan proto static metric 1024 pref medium
fd02:2c95:9f91:64::/64 dev jool proto static metric 1024 pref medium
fd02:2c95:9f91:abcd::/64 dev eth0.3 proto static metric 1024 pref medium
fd02:2c95:9f91:bbbb::/64 dev eth0.5 proto kernel metric 256 pref medium
fd02:2c95:9f91:dddd::/64 dev eth0.4 proto kernel metric 256 pref medium
unreachable fd02:2c95:9f91::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.5 proto kernel metric 256 pref medium
fe80::/64 dev eth0.4 proto kernel metric 256 pref medium
fe80::/64 dev eth0.3 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev jool proto kernel metric 256 pref medium
fe80::/64 dev openwrt proto kernel metric 256 pref medium
default via fe80::d6ab:82ff:fe36:5f49 dev eth0.2 proto static metric 512 pref medium

It seems like there should be a route for the ipv4 route as well, there appears to be one at the end.

ip route
default via 10.0.0.1 dev eth0.2 proto static src 10.0.0.44
10.0.0.0/24 dev eth0.2 proto kernel scope link src 10.0.0.44
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.164.0/24 dev jool proto kernel scope link src 192.168.164.1
3

Maybe this is a bit clearer:

root@OpenWrt:/etc/jool# ip -6 route list dev jool
64:ff9b::/96 via fe80::64 proto static metric 1024 pref medium
fd02:2c95:9f91:64::/64 proto static metric 1024 pref medium
fe80::/64 proto kernel metric 256 pref medium

root@OpenWrt:/etc/jool# ip -6 route list dev openwrt
fe80::/64 proto kernel metric 256 pref medium    

root@OpenWrt:/etc/jool# ip -6 route list type unreachable
unreachable 2601:985:4602:4540::/64 dev lo proto static metric 2147483647 pref medium
unreachable fd02:2c95:9f91::/48 dev lo proto static metric 2147483647 pref medium

# I believe this is the WAN port connected to my XFinity Router.
root@OpenWrt:/etc/jool# ip -6 route list dev eth0.2
2601:985:4602:4540::/64 proto static metric 256 pref medium
fe80::/64 proto kernel metric 256 pref medium
default via fe80::d6ab:82ff:fe36:5f49 proto static metric 512 pref medium
4

Elsewhere someone is asking about netns and how it doesn't appear to be working, but I have ip-full installed per opkg

opkg list-installed | grep -i 'kmod-veth\|ip-full\|kmod-jool-netfilter\|jool-tools-netfilter'
ip-full - 6.11.0-r1
jool-tools-netfilter - 4.1.14-r1
kmod-jool-netfilter - 6.6.93.4.1.14-r1
kmod-veth - 6.6.93-r1