How to configure 464XLAT?

Installing and Using OpenWrt
1

hi,
i am new with openwrt.
i want to use 5G CPE router with OpenWrt that installed in Tp-link MR-200.
i use Jio (india) sim and this sim 4G/5G network is a 464XLAT-based network.

  • Current 5G CPE router ip : 192.168.0.1 and openWrt ip is: 192.168.1.1
  • 5G router connected with port 4 of MR-200 that label is lan/wan behind router and My pc is connected to lan 1 port.

network config :

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd9c:655f:ccc5::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option defaultroute '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'

config device
	option name 'usb0'
	option macaddr '3c:46:d8:e3:cf:68'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '6t 0 1 2'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 3'
	option vid '2'
	option description 'WAN'

config interface 'wan'
	option proto 'dhcpv6'
	option device 'eth0.2'
	option reqaddress 'try'
	option reqprefix 'auto'
  • DHCP config:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'hybrid'
	option ra 'hybrid'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

thank you,

2

Delete custom DNS servers from LAN.
Show the output of the following commands from the router:

ifstatus wan
nslookup ipv4only.arpa.
ping openwrt.de
ping 64:ff9b::40be:3f6f
3 
root@OpenWrt:~# ifstatus wan
{
        "up": false,
        "pending": true,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "proto": "dhcpv6",
        "device": "eth0.2",
        "data": {

        }
}

root@OpenWrt:~# nslookup ipv4only.arpa.
Server:         127.0.0.1
Address:        127.0.0.1:53

** server can't find ipv4only.arpa.: REFUSED

** server can't find ipv4only.arpa.: REFUSED


root@OpenWrt:~# ping 64:ff9b::40be:3f6f
PING 64:ff9b::40be:3f6f (64:ff9b::40be:3f6f): 56 data bytes
ping: sendto: Network unreachable
  • currently internet not worked get error ERR_NAME_NOT_RESOLVED in chrome.
4

You need to have the working IPv6 connectivity before proceeding with 464XLAT.
Connect your PC to your 5G CPE directly and see if you have a working Internet connection.

5

yes internet working working fine on 5G CPE. not working from openwrt.

6

Assuming that 464xlat has to be handled by OpenWrt: Is the 464xlat package installed? If not, please build a custom image for your device on https://firmware-selector.openwrt.org/ including this package.

Alternatively, assuming that 464xlat is to be handled by the 5G CPE router: enable it there. Note that it may not be possible. Globe Telecom in the Philippines also experimented with 464xlat in March 2022 and forgot that a non-zero percentage of their own routers do not support this technology, thus leaving some users without connectivity at all.

7

Ok, do you receive both IPv4 and IPv6 (public or GUA) addresses on your PC from this 5G CPE?

8

newmyip-2023-12-23_151607
newmyip-2023-12-23_1516072051×1536 193 KB

9

464xlat already installed.
i use ZTE MC801A. no option for 464xlat.

10

You need to check locally on your PC. There is no need to visit any external web site yet.
Use ipconfig from command line.

11

ping test from pc when connected to 5G CPE.

C:\Users\Admin>ipconfig

 Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2409:40c1:2d:bf2c:c956:fc35:af5c:edc
   Temporary IPv6 Address. . . . . . : 2409:40c1:2d:bf2c:f9e0:2ada:d033:12b6
   Link-local IPv6 Address . . . . . : fe80::e84a:309c:6331:2c69%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.120
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::b00a:d551:2194:1%10
                                       192.168.0.1
12

If it is installed and does not work, then the real question is - are you sure that you need 464xlat? Windows supports it only on internal or USB-connected LTE modems, not on Ethernet-connected CPEs.

Can you ping 8.8.8.8 from Windows, just to confirm that you have IPv4 connectivity via IP addresses, and not just via domain names resolving to fake IPv6 addresses?

13

please don't interfere

14

The ipconfig output is incomplete. Could you please confirm that it does not mention any IP address in the range from 192.0.0.0 to 192.0.0.7? If no such IP address exists, this would confirm that 464xlat is not in use, and you just need IPv6 relay protocol.

15

Problem :
when i connected with 5G CPE router and open any ipv4 address like 1.1.1.1 or any other ivp4 address then can't open or ping. but if i open google.com, youtube.com, fast.com or any other domain then work fine. this is happening in pc and other mobiles when connect via wifi.
so, i find in google about this problem. after i find one post in forum that have same problem for me. and they solve with 464XLAT and openWrt.
they tell jio is a 464XLAT-based network ipv6 only internet provider.
Check this post:
https://broadband.forum/threads/sim-based-router-recommendation-for-5g-cellular-network.221760/post-1619936

16

OK, thanks for the explanation. Can we check a prerequisite for 464xlat - namely, that the ipv4only.arpa domain is resolving correctly?

From Windows:

nslookup -debug -type=A+AAAA ipv4only.arpa
17 
C:\Users\Admin>nslookup -debug -type=A+AAAA ipv4only.arpa
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        1.0.168.192.in-addr.arpa, type = PTR, class = IN
    AUTHORITY RECORDS:
    ->  168.192.in-addr.arpa
        ttl = 10800 (3 hours)
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 3600 (1 hour)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)

------------
Server:  UnKnown
Address:  192.168.0.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        ipv4only.arpa, type = A, class = IN
    ANSWERS:
    ->  ipv4only.arpa
        internet address = 192.0.0.170
        ttl = 7372 (2 hours 2 mins 52 secs)
    ->  ipv4only.arpa
        internet address = 192.0.0.171
        ttl = 7372 (2 hours 2 mins 52 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        ipv4only.arpa, type = AAAA, class = IN
    ANSWERS:
    ->  ipv4only.arpa
        AAAA IPv6 address = 64:ff9b::c000:ab
        ttl = 52860 (14 hours 41 mins)
    ->  ipv4only.arpa
        AAAA IPv6 address = 64:ff9b::c000:aa
        ttl = 52860 (14 hours 41 mins)

------------
Name:    ipv4only.arpa
Addresses:  64:ff9b::c000:ab
          64:ff9b::c000:aa
          192.0.0.170
          192.0.0.171
18

OK, so with this setup 464xlat should definitely work.

The initial network config that you have posted, however, contains an incompatible option: with 464xlat, you are not allowed to use custom DNS servers, because the "normal" DNS servers will not return the AAAA record for ipv4only.arpa and thus will trick the router into believing that 464xlat is pointless. There are ways around that, but let's exclude the obvious issue.

Please remove the custom DNS from the lan and retry. If this works, we can introduce the workaround and switch back to Google DNS servers as the next step.

EDIT: there are two possible workarounds here besides switching to the ISP's automatically-obtained DNS servers.

The easiest way would be to use Google's alternative DNS servers specifically meant to be used with DNS64. See https://developers.google.com/speed/public-dns/docs/dns64, the correct IP addresses are 2001:4860:4860::6464 and 2001:4860:4860::64. Use them instead of 8.8.8.8 and 8.8.4.4.

Alternatively, you can try adding all 4 "correct" answers for ipv4only.arpa (192.0.0.170, 192.0.0.171,
64:ff9b::c000:aa, 64:ff9b::c000:ab) to Network > DHCP and DNS > Hostnames if the OpenWrt router will never connect to ISPs that don't need 464xlat.

19

The 5G CPE stock firmware almost certainly has an internal CLAT 464 (official name for what OpenWrt's 464xlat package does) running. The simplest thing to do then would be to make WAN a dual-stack connection to the CPE and NAT IPv4 to it as usual.

Once that is confirmed working then you can look at running your own 464xlat.

20

We have already discovered that it doesn't. See the quote below.