VyOS npt6 not work


I have a problem, I tried configure my VyOS 1.3 for nptv6, but It can’t not translated :disappointed:
When I check it in tcpdum the Ipv6 Address not is translated

Has anyone been able to solve it? Thanks!! NOTE: (Sorry, my english is pretty bad)

My configuration:

vyos@vyos# show
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-name NAT66OUT {
default-action accept
rule 1 {
action accept
state {
established enable
related enable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
interfaces {
ethernet eth0 {
address dhcpv6
address dhcp
hw-id 08:00:27:7d:5f:f8
ipv6 {
ethernet eth1 {
address 2001:db8:1::f/64
hw-id 08:00:27:3e:18:f3
ipv6 {
address {
eui64 2001:db8:1::/64
loopback lo {
nat {
nptv6 {
rule 15 {
outbound-interface eth0
source {
prefix 2001:db8:1::/64
translation {
prefix 2001:1210:100:15::/64

nptv6 has been broken, the new implementation will not be merged before vyos upgrades linux kernel 5.8+ (work has been completed)

VyOS 1.3 changed from iptables to nftables but there are missing parts in Kernel 4.19 to make use of the new NETMAP replacement.

If you require NPT you must use VyOS 1.2 series which uses the old iptables implementation for NPT.

https://phabricator.vyos.net/T2518 tracks the NPTv6 implementation in VyOS 1.3

1 Like

There are reports that there are problems with the NPT implementation of vyos 1.2. You can try to check whether there is no problem with the NPT function of 1.2. If you really need and are willing to help test the NPT function of 1.3, you can contact me in the relaxed state. (Before upgrading linux kernel 5.8+ in vyos, peer-to-peer prefix translation cannot be provided, and only asymmetric NAT66 translation at the complete address level can be provided)

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.