IPv6-only connection, www.openwrt.org not working

I'm doing doing testing with an IPv6-only connection and am running into some interesting things. Regarding the OpenWRT site, both openwrt.org and forum.openwrt.org have an AAAA record and work fine, but www.openwrt.org points to wiki-03.infra.openwrt.org which does not have an AAAA record.

Also there is wiki-02.infra.openwrt.org without an AAAA record. wiki-01.infra.openwrt.org does have an AAAA record.

Does it make sense to report this here? Could this be solved?

2 Likes

See if you can ping for example, 64:ff9b::40be:3f6f

Can you share details about your provider or connection method? Is this a mobile broadband?

I did not set up any NAT64 on purpose, I'm using an IPv6-only connection. If it's known this is not fully handled, that's ok.

1 Like

Never asked about NAT64. Can you ping the address provided?

Are you currently using DNS servers assigned by your ISP?

I cannot. I believe addresses starting with the well-known prefix 64:ff9b:: need to be handled by a special gateway, which I didn't set up and neither did my ISP.

I am just trying out what happens when there is no IPv4-connectivity whatsoever. My ISP provides both a public IPv4 address and IPv6 subnet. I put an extra router behind my regular router which only lets IPv6 traffic through, such that I can see what happens when there's only IPv6 connectivity.

1 Like

In IPv6-only environment providers typically implement DNS64/NAT64 solution on their side and customers only need to implement 464XLAT on their side in order to access IPv4 literals.
Since your provider gives out IPv4 they probably don't bother much about IPv6.

64:ff9b::40be:3f6f is a synthetic address for openwrt.de (that has A record only).
Your provider either don't have NAT64 implemented or they use a non-standard prefix.

If I understand @jschwart correct, he trieds how far he can get with an IPv6-only connection.

So his obeservation is, that not all of OpenWrt Infrastructure is Dual-Stack.

If is correct, that to access IPv4-only hosts, some kind of transition method is needed.

I'm currently running my home network or at least some subnets at home in a way which is currently referred to as IPv6-mostly. IPv6-only capable devices drop there IPv4 lease or do not acknowledge it in the first place.

As iOS, macOS, Android can run without an IPv4 address and use a network side NAT64 gateway (PLAT) to access IPv4-only hosts and IPv4 literals by the means of a CLAT.
Many mobile networks are running like this e.g., T-Mobile Germany works IPv6-only.

Linux, Windows and others, which do not need IPv4 literals and some IPv4 only APIs run fine in this setup with DNS64. But this breaks DNSSec.

@jschwart try using one of the public NAT64 gateways, if you like:

https://nat64.xyz/
https://nat64.net/

@jow @thess @standarduser would it be possible to enable dual stack to
wiki-02.infra.openwrt.org and wiki-03.infra.openwrt.org and asu-01.infra.openwrt.org

2 Likes

Ah wow this is really neat! Indeed I'm just experimenting and it seems this works really well!!

Yes that was indeed the point of starting the thread. It would seem good to avoid the need for NAT64 as much as possible. Thanks for forwarding the question!
I'm observing more often that with IPv6-only with some sites www.example.com does not work while example.com does or vice-versa.

1 Like

If you want to avoid using this public NAT64 gateways, you can run one on your OpenWrt router:

https://openwrt.org/docs/guide-user/network/ipv6/nat64

But you need to provide a DNS64 server, if you are not using iDevices or Android.

3 Likes

It's interesting to see how well this public gateway is working. Maybe I'll also try out running NAT64 myself, but for now I'm curious what would happen if an ISP provides just IPv6 and nothing else :slight_smile:
Another idea I had is setting up an HTTP proxy server and maybe more proxy servers that would also allow IPv4-only systems to reach IPv6 systems.

Actually, it's a DNS problem:

  • asu-01 - fixed (misspelled AAAA name)
  • wiki-03 - fixed (missing AAAA record)
  • wiki-02 - Archived forum (Don't know status)
4 Likes

Thank you Ted, very much appreciated.

Testing now with an IPv6-only connection and everything is working great!! @thess, many thanks!!