Hello
I’m currently setting up a VyOS router in my test environment and I’m encountering some issues with my IPv6 configuration and NAT64 translation. Despite my efforts, my client machine isn’t able to properly communicate via IPv6. Below are the details of my setup and the issues I’m facing.
Environment:
VyOS Version: VyOS 1.5-rolling-202407171706
Two network interfaces:
eth0 (WAN): 10.6.250.240/24, autoconf for IPv6
eth1 (LAN): fd12:3456:789a::1/64
Configuration:
Here is my current configuration:
firewall {
group {}
ipv6 {}
}
interfaces {
ethernet eth0 {
address
address
description WAN
hw-id 00:50:56:b2:0c:64
ipv6 {
address {
autoconf
}
}
offload {
gro
gso
sg
tso
}
}
ethernet eth1 {
address fd12:3456:789a::1/64
address fd12:3456:789a::2/64
description LAN
hw-id 00:50:56:b2:e5:ea
offload {
gro
gso
sg
tso
}
}
loopback lo {}
}
nat64 {
source {
rule 100 {
source {
prefix 64:ff9b::/96
}
translation {
pool 10 {
address
port 1-65535
}
}
}
}
}
nat66 {
destination {
rule 1 {
destination {
address 64:ff9b::/96
}
inbound-interface {
name eth0
}
translation {
address fd12:3456:789a::/64
}
}
}
source {
rule 1 {
outbound-interface {
name eth0
}
source {
prefix fd12:3456:789a::/64
}
translation {
address 64:ff9b::/96
}
}
}
}
protocols {
static {
route {
next-hop {}
}
route6 ::/0 {
next-hop fd12:3456:789a::1 {}
}
route6 64:ff9b::/96 {
next-hop fd12:3456:789a::1 {}
}
}
}
service {
dhcpv6-server {
shared-network-name ETH1_SUBNET {
subnet fd12:3456:789a::/64 {
lease-time {
default 86400
}
option {
domain-search
name-server fd12:3456:789a::1
}
range 0 {
start fd12:3456:789a::10
stop fd12:3456:789a::100
}
subnet-id 1
}
}
}
dns {
forwarding {
allow-from fd12:3456:789a::/64
dns64-prefix 64:ff9b::/96
listen-address fd12:3456:789a::1
}
}
ntp {
allow-client {
address
address
address
address
address
address ::1/128
address fe80::/10
address fc00::/7
}
server {}
server {}
server {}
}
router-advert {
interface eth1 {
default-preference high
name-server fd12:3456:789a::1
other-config-flag
prefix fd12:3456:789a::/64 {}
}
}
snmp {
community ninja {
authorization ro
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
domain-name
host-name vyos-15-ipv6
login {
user cisco {
authentication {
encrypted-password ****************
}
}
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
name-server
name-server
name-server fd12:3456:789a::1
syslog {
global {
facility all {
level info
}
facility local7 {
level debug
}
}
}
time-zone America/Chicago
}
1-Current Issues:
- Client Machine Configuration: My client machine receives an IPv6 address from the DHCPv6 server, but it does not show the correct gateway (fd12:3456:789a::1). Instead, it uses the link-local address as the gateway.
2. Here is the client’s network configuration:
Ethernet adapter ipv6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-50-56-B2-3D-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd12:3456:789a:0:7891:1e2d:64e0:8f45(Preferred)
Temporary IPv6 Address. . . . . . : fd12:3456:789a:0:9ed:909f:feac:cf0f(Preferred)
Link-local IPv6 Address . . . . . : fe80::4242:140b:48a0:b737%15(Preferred)
Default Gateway . . . . . . . . . : fe80::250:56ff:feb2:e5ea%15
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
NetBIOS over Tcpip. . . . . . . . : Disabled
2-IPv6 Routing Issues : The client can perform DNS lookups but cannot ping external IPv6 addresses.
Here are the route tables:
Active Routes:
If Metric Network Destination Gateway
15 26 ::/0 fd12:3456:789a::1
15 41 ::/0 fe80::250:56ff:feb2:e5ea
1 331 ::1/128 On-link
15 41 fd12:3456:789a::/64 On-link
15 281 fd12:3456:789a:0:48da:b653:ca93:5883/128 On-link
15 281 fd12:3456:789a:0:7891:1e2d:64e0:8f45/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::4242:140b:48a0:b737/128 On-link
3-NAT64 Translation : I have set up NAT64, but I’m not sure if it’s configured correctly. Here’s the relevant part of the config:
nat64 {
source {
rule 100 {
source {
prefix 64:ff9b::/96
}
translation {
pool 10 {
address 10.6.250.239
port 1-65535
}
}
}
}
}
4-DHCPv6 Lease Issue: Although my client machines are receiving IP addresses, the leases do not show up when I run show dhcpv6 server leases on VyOS.
Troubleshooting Steps Taken:
- Firewall Configuration: I disabled the firewall to ensure it’s not blocking any traffic.
- Router Advertisement: Configured RA but still facing the same issue.
- Checked NAT Configuration: Ensured NAT64 and NAT66 are configured as per documentation.
Request for Assistance:
- How can I ensure the client machine correctly receives the VyOS router’s IPv6 address as the default gateway?
- What could be the reason for the client being unable to ping external IPv6 addresses?
- Is my NAT64 configuration correct?
Any help is appreciated