This is an old revision of the document!
With the Turris router you can easily create a network that uses only IPv6. Access to IPv4 Internet is solved by translation mechanism NAT64 combining with DNS64 creates an illusion availability of all content over IPv6. For example, on an IPv6-only network, you can test how different devices on the network behave, which is out of date does not support IPv4.
The manual assumes the Turris router with IPv6 connectivity.
config interface 'lan6' option type 'bridge' option therefore 'static' option ip6assign '60 ' option ip6hint '6660' # optional - part of the address option 'igmp_snooping' 0 # disables multicast filtering traffic inside the bridge will solve some problems
config wifi-iface 'wlan5' option device 'radio0' option network 'lan6' option mode 'ap' option ssid 'turris-nat64' option encryption 'psk2' option key 'IPv6IsDaShit'
lan6interface to the
lanzone in the firewall or similar zone.
config dhcp 'lan6' option interface 'lan6' option ignore '1' # ignore for IPv4 DHCP option ra 'server' # send router announcement option dhcpv6 'server' # offers addresses using DHCPv6
ifup lan6to start the interface.
appcpdservice, for example using
wifito restart Wi-Fi
Now there should be a Wi-Fi network that only supports IPv6, without any service support on IPv4. For example, try the page www.nebezi.cz - information should be displayed that you are connected to a network that does not support the older IPv4 protocol.
tayga, for example with
opkg install tayga
/etc/config/network. Address range
10.64.0.0/16can be arbitrarily selected, but should not overlap with addresses in other networks. Address
2001:db8:1234::64should be an address that is routed to your router and is not yet allocated.
config interface 'nat64' option therefore 'tayga' option ipv4_addr '10.64.0.1 ' option ipv6_addr '2001:db8:1234::64' option prefix '64:ff9b::/96 ' option dynamic_pool '10.64.0.0/16'
nat64interface to the
lanzone of the firewall, or a similar zone where the client connection interface will be located. It is important that the firewall does not block FORWARD of packets between zone interfaces.
/etc/init.d/network restart(this is necessary for
netifdto load support for
pingcommand on the IPv4 and / or IPv6 address specified in the configuration.
ping6to translated IPv4 address, for example
The easiest option is to use Google Public DNS64.
config dhcp 'lan6' option interface 'lan6' option ignore '1' # ignore for IPv4 DHCP option ra 'server' # send router announcement option dhcpv6 'server' # offers addresses using DHCPv6 list dns '2001:4860:4860::6464'
estcpdservice, for example using
It only works on Turris 1.x
DNS64 is also available in Unbound validating DNS resolver which is a common part of TurrisOS for Turris 1.x routers. The disadvantage of its use is that it is can only be enabled on a global level. So, after activation, DNS64 is also performed for dual-stack network, which due to the limited performance of NAT64 the TAYGA daemon can lead to suboptimal router performance.
server: module-config: "dns64 validator iterator" dns64-prefix: 64:ff9b::/96
config resolver 'unbound_includes' list include_path '/etc/unbound/unbound-dns64.conf'
It only works on Turris Omnia
DNS64 is also available in the Knot DNS resolver DNS resolver which is a common part of TurrisOS for Turris Omnia routers. The disadvantage of its use is that it is can only be enabled on a global level. So, after activation, DNS64 is also performed for dual-stack network, which due to the limited performance of NAT64 the TAYGA daemon can lead to suboptimal router performance.
Config Resolver 'Kresd' config include_config '/etc/kresd/dns64.conf'
You can also run another DNS64 DNS resolver instance within the LXC container. In this way it is then possible to assign a DNS server with DNS64 functionality only to the IPv6-only network.
Try http://www.test-ipv6.cz. You should get full points and a note that NAT64 has been detected.