Good afternoon,
I'm attempting to get a working MAP-T configuration working on a Raspberry Pi. I've had some success.
My BNG is sending the DHCP Option 95 to the CPE with what appears to be a valid configuration.
rule=type=map-t,ealen=10,prefix4len=28,prefix6len=38,ipv4prefix=192.0.2.0,ipv6prefix=2001:db8:4000::,dmr=2001:db8::/64,
RULE_1_FMR=0
RULE_1_EALEN=10
RULE_1_PSIDLEN=6
RULE_1_OFFSET=6
RULE_1_PREFIX4LEN=28
RULE_1_PREFIX6LEN=38
RULE_1_IPV4PREFIX=192.0.2.0
RULE_1_IPV6PREFIX=2001:db8:4000::
RULE_1_IPV6PD=2001:db8:4011::
RULE_1_PD6LEN=48
RULE_1_PD6IFACE=wan6
RULE_1_IPV6ADDR=2001:db8:4011::c00:200:11
RULE_BMR=1
RULE_1_IPV4ADDR=192.0.2.0
RULE_1_ADDR4LEN=32
RULE_1_PORTSETS='1296-1311 2320-2335 3344-3359 4368-4383 5392-5407 6416-6431 7440-7455 8464-8479 9488-9503 10512-10527 11536-11551 12560-12575 13584-13599 14608-14623 15632-15647 16656-16671 17680-17695 18704-18719 19728-19743 20752-20767 21776-21791 22800-22815 23824-23839 24848-24863 25872-25887 26896-26911 27920-27935 28944-28959 29968-29983 30992-31007 32016-32031 33040-33055 34064-34079 35088-35103 36112-36127 37136-37151 38160-38175 39184-39199 40208-40223 41232-41247 42256-42271 43280-43295 44304-44319 45328-45343 46352-46367 47376-47391 48400-48415 49424-49439 50448-50463 51472-51487 52496-52511 53520-53535 54544-54559 55568-55583 56592-56607 57616-57631 58640-58655 59664-59679 60688-60703 61712-61727 62736-62751 63760-63775 64784-64799 '
RULE_1_DMR=2001:db8::/64
RULE_COUNT=1
I have no IPv4 being issued over the WAN, and my routing table looks good.
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 map-wan6_4
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br_int
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 phy0-ap0
Doing a wget from the command line, I get a working connection
root@OpenWrt:~# wget -O /dev/null -4 http://bbc.co.uk
Downloading 'http://bbc.co.uk'
Connecting to 151.101.0.81:80
Redirected to / on bbc.co.uk
Redirected to / on www.bbc.co.uk
Writing to '/dev/null'
/dev/null 100% |*******************************| 574k 0:00:00 ETA
Download completed (588050 bytes)
I have 2 issues.
Issue 1:
There appears to be an issue with the port set utilisation. If I make multiple requests to the same URL, eventually it stops being able to reach it.
root@OpenWrt:~# wget -O /dev/null -4 http://google.com
Downloading 'http://google.com'
Connecting to 216.58.201.110:80
Redirected to / on www.google.com
Writing to '/dev/null'
Download completed (18103 bytes)
root@OpenWrt:~# wget -O /dev/null -4 http://google.com
Downloading 'http://google.com'
Failed to send request: Operation not permitted
Looking at the nf_conntrack table I can see only the first block of ports is utilised. Once these entries time out, the connections will work again
root@OpenWrt:~# cat /proc/net/nf_conntrack | grep 216.58.201.110 | awk '{print $16}'
dport=1309
dport=1311
dport=1298
dport=1305
dport=1303
dport=1310
dport=1297
dport=1306
dport=1301
dport=1308
dport=1299
dport=1296
dport=1300
dport=1307
dport=1304
dport=1302
Issue 2:
I'm fairly certain this one is down to my own incompetence...
I have the WiFi set up as an AP and I've got a test client connected to it. This client can connect to things via IPv6 without issue, but fails to connect to anything IPv4 related. Packets just appear to ignore the MAP interface.
I've played around with trying to NAT to that interface etc, but nothing seems to work.
When running the above wget, if I tcpdump I see all kinds of traffic going over the map interface:
13:58:22.877405 map-wan6_4 Out IP 192.0.2.0.1296 > 216.58.201.110.443: Flags [S], seq 617976271, win 65376, options [mss 16344,sackOK,TS val 3984600024 ecr 0,nop,wscale 7], length 0
13:58:22.921061 map-wan6_4 In IP 216.58.201.110.443 > 192.0.2.0.1296: Flags [S.], seq 3163976732, ack 617976272, win 65535, options [mss 1220,sackOK,TS val 2610248305 ecr 3984600024,nop,wscale 8], length 0
13:58:22.921170 map-wan6_4 Out IP 192.0.2.0.1296 > 216.58.201.110.443: Flags [.], ack 1, win 511, options [nop,nop,TS val 3984600068 ecr 2610248305], length 0
13:58:22.921480 map-wan6_4 Out IP 192.0.2.0.1296 > 216.58.201.110.443: Flags [P.], seq 1:146, ack 1, win 511, options [nop,nop,TS val 3984600069 ecr 2610248305], length 145
When trying with my connected client, I see nothing, only the traffic coming in from the radio with the reset flag.
13:59:47.023804 phy0-ap0 In IP 192.168.2.157.57645 > 52.112.120.9.443: Flags [S], seq 3991208143, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 324368950 ecr 0,sackOK,eol], length 0
13:59:47.024051 phy0-ap0 Out IP 52.112.120.9.443 > 192.168.2.157.57645: Flags [R.], seq 0, ack 3991208144, win 0, length 0
13:59:48.991238 phy0-ap0 In IP 192.168.2.157.57646 > 20.50.80.214.443: Flags [S], seq 798403272, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 699083286 ecr 0,sackOK,eol], length 0
13:59:48.991495 phy0-ap0 Out IP 20.50.80.214.443 > 192.168.2.157.57646: Flags [R.], seq 0, ack 798403273, win 0, length 0
13:59:49.336433 phy0-ap0 In IP 192.168.2.157.62565 > 216.239.36.21.443: Flags [S], seq 3269082297, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1315858300 ecr 0,sackOK,eol], length 0
Here is a dump of hopefully all the relevant config files.
root@OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc8:7cad:5a6b::/48'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option auto '0'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config device
option type 'bridge'
option name 'br_int'
option bridge_empty '1'
config interface 'lan'
option proto 'static'
option device 'br_int'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
list ip6class 'wan6'
config device
option name 'phy0-ap0'
config interface 'wifilan'
option proto 'static'
option device 'phy0-ap0'
option ip6assign '64'
list ip6class 'wan6'
list ipaddr '192.168.2.1/24'
root@OpenWrt:/etc/config# cat wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'test1234'
option network 'wifilan'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
root@OpenWrt:/etc/config# cat firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wifilan'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-Admin'
option src 'wan'
option proto 'tcp'
option dest_port '22 80 443'
option target 'ACCEPT'
config rule
option name 'Allow-Traffic'
option dest 'wan'
option target 'ACCEPT'
option src '*'
Any pointers as to what I'm doing wrong would be appreciated 
Edit:
Versions may be useful.
OpenWrt 23.05.0, r23497-6637af95aa
root@OpenWrt:/etc/config# opkg list-installed | grep map
map - 7