I've successfully installed a #NAT64 server and a #DNS64 Bind9 server in my homelab.
I set the DHCP Option 108 and observed my #iOS and #Android devices immediatly going #IPv6-only and enabling its #CLAT engine.

The most surprising part though was that #macOS did the same.
I've read online multiple times, that it also requires an option in the Router Advertisement, which I currently can't set. But no, it didn't need it and also started CLAT.
Now if only #Windows would do the same...

With #CLAT it works so well, it's actually insane. Everything just works.
Github? No problem.
My Companies IPv4-only VPN? No problem!

Gonna keep testing this setup for a while and see if I find any issues.

#IPv6

Show thread

@jonatan my brain hurts. are you doing this because you have to deal with ipv6 only traffic and your apps only ipv4? Assume I know very little

@Chaft Haha, understandable, I was throwing a lot of terms around there :D

I am learning about IPv6, by forcing myself to try to go IPv6-only at home (or at least going as far towards it as is possible).
To do that I setup NAT64 and DNS64. DNS64 can create IPv6 addresses for DNS entries that don't have any (example: Github). Those then go to NAT64, which translates them to IPv4.

@Chaft
This doesn't work for applications that use hard-coded IPv4 addresses (e.g. Steam), because they don't use DNS and thus never arrive at DNS64.
That's where something called 464XLAT comes in, which has a CLAT component on the Client device, which create an IPv4 internet interface, which accepts the IPv4 traffic and then routes it to NAT64.
To the application it doesn't feel different from native IPv4.

iOS, Android and macOS support this natively.
Windows only does for WWAN interfaces...

@Chaft So in summary: I cause myself a lot of network suffering, to learn, and so far it's working better than I would have expected :D

Follow

@jonatan
Cool! Is your "NAT64" server also connected to the public Internet via a "IPv6 capable" ISP?

And do your devices use stable IPs? Likely not, even if they derive it from the MAC ID since e.g. Android randomizes it?

Asking, to see if an IPv6 address can be connected to from outside. With all the chaos that can ensue ;-) ... depending on ISP allowing incoming requests on the downlink, software, etc.
@Chaft

@tetrislife @Chaft
My ISP has native IPv4 and IPv6 connectivity, but (sadly) with a dynamic prefix. Thus I only use that for outgoing connections and also have a ULA Prefix, that I currently use for internal communications.
I would like to unify that with a static global prefix, that that is still work in progress.

@tetrislife @Chaft
All devices have stable IPs, even though some have Privacy Extension IPs, they also have a MAC derived one where I could reach them. They just also have a random one, which they prefer for outgoing connections.

The addresses could be reached from outside, if I allow it in my firewall. Currently I don’t yet do that mostly, because I still have to figure out how I‘ll work around the dynamic prefix. But it’s certainly possible if I want. My ISP doesn’t hinder me in any way.y

@jonatan
Very interesting. Thanks. I'll check my ISP, but I will probably be jealous of yours 😃
@Chaft

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.