Enabling Jool NAT64 crashes my Archer C7 running 23.05.02

Hello guys,

I've been using Hurricane Electric tunnel to gather IPv6 on my TP-Link Archer C7 running OpenWRT 23.05.02. It works fine with the Public NAT64/DNS64 nameservers provided by https://nat64.net/.

But I wanted was to try the same HE tunnel with own NAT64 via Jool package. Unfortunately my router crashes when I configure Jool package and restart it's service.

My WiFi network disappears and router is unreachable on Ethernet - via HTTP or SSH either. The 'Power' symbol starts to blink quickly on the router and the only way to fix this is to reset the router.

What I do is:

  • Already have HE tunnel configured and running on 'wan6' interface, followed this tutorial https://openwrt.org/docs/guide-user/network/ipv6/ipv6tunnel-luci
  • The IPv4 address is removed from the 'lan' interface in order to remove the IPv4
  • I update the opkg packages list and install kmod-jool-netfilter jool-tools-netfilter
  • I then add 'jool instance add --pool6 64:ff9b::/96' to /etc/rc.local as described in Update NAT64 jool instructions
  • Set uci set jool.general.enabled="1" and uci set jool.nat64.enabled="1"
  • uci commit jool
  • Finally when I attempt to 'service jool restart' I got an error and router crashes:
    Error: The kernel module returned error 3: The requested instance does not exist.

Not sure what I'm doing wrong and how to get logs in this router state.

Thanks!

Just to be clear, you're using HE because your ISP doesn't have native IPv6, correct?

1 Like

Yes, indeed :slight_smile:

1 Like

It looks like you're starting Jool twice. If you're going to start directly with a command or rc.local script, leave the UCI service disabled.

Also don't add anything to /etc/rc.local until you're sure it works, as if it causes a crash it will be hard to disable it and recover. The same effect can be had by running jool instance add directly from the CLI, the service should run until the next reboot. Jool is a kernel module. The userspace programs only push configurations into the kernel module that does the actual work in the background.

The UCI way requires setting up a native config file in /etc/jool. I have done this before but it seems complicated.

1 Like

Thanks @mk24 - you were right! I attempted to start the jool one more time which caused the crash :slight_smile:

I'd tried to set jool 'jool instance add ..' directly in CLI and it worked: I started to receive response to an IPv4 address converted to IPv6 with NAT64 prefix:

% ping6 64:ff9b::8.8.8.8
PING6(56=40+8+8 bytes) 2001:470:7464:0:ab:d6d7:816e:acc5 --> 64:ff9b::808:808
16 bytes from 64:ff9b::808:808, icmp_seq=0 hlim=117 time=39.843 ms
16 bytes from 64:ff9b::808:808, icmp_seq=1 hlim=117 time=8.387 ms
16 bytes from 64:ff9b::808:808, icmp_seq=2 hlim=117 time=12.136 ms
16 bytes from 64:ff9b::808:808, icmp_seq=3 hlim=117 time=90.636 ms
16 bytes from 64:ff9b::808:808, icmp_seq=4 hlim=117 time=4.083 ms

I then added the line to /etc/rc.local to preserve the setting after restart.

I know it's an off-topic and I maybe have to open another thread for this, but adding DNS64 addresses to the WAN6 interface using this guide, didn't provide me DNS64 support https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

I saw the DNS64 nameservers added to the WAN6 interface, however.

I had to add DNS64 nameservers to the 'Announced IPv6 DNS servers' to the LAN interface to provide DNS64 support. This actually advertises these DNS64 nameservers I've added to the clients and they use them directly.

The expectation was slightly different - client to send DNS queries to default DNS server(router), and then maybe router redirects them to the WAN6 configured DNS64 nameservers as described in the mentioned guide.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.