How to configure 1:1 IPv6 NAT with ISP-provided subnet?

haimg · June 7, 2024, 9:16pm

I’m trying to configure 1:1 IPv6 NAT: My ISP gives me a /56, but the subnet address changes, and I want to have stable internal IPv6 addresses. So I’m thinking that NAT66 could work, and indeed it does, when configured manually:

set nat66 source rule 10 source prefix fda3:xxxx:xxxx::/56
set nat66 source rule 10 outbound-interface name eth0.99
set nat66 source rule 10 translation address 2607:aaaa:bbbb:cccc::/56

set nat66 destination rule 20 destination address 2607:aaaa:bbbb:cccc::/56
set nat66 destination rule 20 inbound-interface name eth0.99
set nat66 destination rule 20 translation address fda3:xxxx:yyyy::/56

This all works, but I need to make automatic changes to the above config when the ISP-provided subnet (2607:aaaa…) changes, this seems to be impossible.

I tried using “set interfaces … dhcpv6-options pd 0 interface” to assign the external subnet to some dummy interface, but it looks like Vyos won’t let me assign the whole /56, and besides it’s not clear to me how to setup routing through that interface.

Any suggestions?

16again · June 10, 2024, 6:15am

Ugly: Schedule a script that checks IPv6 addresses, and alters nat66 rules accordingly.

haimg · June 11, 2024, 12:52pm

Thanks! Yeah, that’s pretty ugly, but probably the best bet.

I checked whether DHCPv6 client can trigger it, and:

The DHCP client does not provide prefix delegation info in its script vars.
VyOS does not support custom scripts for DHCPv6 in general.
Looks like any config commit (even completely unrelated) triggers DHCPv6 renewal on all interfaces…