Last active
November 30, 2020 20:57
-
-
Save paulc/2aafa8d57104167af38bb57bd3bf0820 to your computer and use it in GitHub Desktop.
FreeBSD NAT64 (tayga) Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ifconfig -a | |
| vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 | |
| options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> | |
| ether 96:00:00:7f:3b:b0 | |
| inet6 2a01:4f8:c010:26a1::1 prefixlen 128 | |
| inet6 fe80::9400:ff:fe7f:3bb0%vtnet0 prefixlen 64 scopeid 0x1 | |
| inet6 2a01:4f8:c010:26a1:1000::1 prefixlen 128 | |
| inet 168.119.244.209 netmask 0xffffffff broadcast 168.119.244.209 | |
| media: Ethernet 10Gbase-T <full-duplex> | |
| status: active | |
| nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> | |
| lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 | |
| options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> | |
| inet6 ::1 prefixlen 128 | |
| inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 | |
| inet 127.0.0.1 netmask 0xff000000 | |
| groups: lo | |
| nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> | |
| tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 | |
| options=80000<LINKSTATE> | |
| inet6 fe80::9452:35f6:7f9:a912%tun0 prefixlen 64 scopeid 0x3 | |
| groups: tun | |
| nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> | |
| Opened by PID 37151 | |
| pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 | |
| groups: pflog |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # netstat -rn | |
| Routing tables | |
| Internet: | |
| Destination Gateway Flags Netif Expire | |
| default 172.31.1.1 UGS vtnet0 | |
| 127.0.0.1 link#2 UH lo0 | |
| 168.119.244.209 link#1 UHS lo0 | |
| 168.119.244.209/32 link#1 U vtnet0 | |
| 172.31.1.1/32 96:00:00:7f:3b:b0 US vtnet0 | |
| 192.168.255.0/24 tun0 US tun0 | |
| Internet6: | |
| Destination Gateway Flags Netif Expire | |
| ::/96 ::1 UGRS lo0 | |
| default fe80::1%vtnet0 UGS vtnet0 | |
| ::1 link#2 UH lo0 | |
| ::ffff:0.0.0.0/96 ::1 UGRS lo0 | |
| 64:ff9b::/96 tun0 US tun0 | |
| 2a01:4f8:c010:26a1::1 link#1 UHS lo0 | |
| 2a01:4f8:c010:26a1:1000::1 link#1 UHS lo0 | |
| 2a01:4f8:c010:26a1:2000::1 tun0 UHS tun0 | |
| fe80::/10 ::1 UGRS lo0 | |
| fe80::%vtnet0/64 link#1 U vtnet0 | |
| fe80::9400:ff:fe7f:3bb0%vtnet0 link#1 UHS lo0 | |
| fe80::%lo0/64 link#2 U lo0 | |
| fe80::1%lo0 link#2 UHS lo0 | |
| fe80::9452:35f6:7f9:a912%tun0 link#3 UHS lo0 | |
| ff02::/16 ::1 UGRS lo0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set fail-policy drop | |
| # NAT64 | |
| nat on vtnet0 from 192.168.255.0/24 to any -> (vtnet0) | |
| nat-anchor pot-nat | |
| rdr-anchor "pot-rdr/*" | |
| # pass log (all) from any to any | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure default IPv6 interface is configured with prefixlen 128 | |
| ifconfig_vtnet0_ipv6="inet6 2a01:4f8:c010:26a1::1 prefixlen 128" | |
| ipv6_defaultrouter="fe80::1%vtnet0" | |
| # Enable PF | |
| pf_enable="YES" | |
| pflog_enable="yes" | |
| # Enable routing | |
| gateway_enable="yes" | |
| ipv6_gateway_enable="yes" | |
| # Configure NAT64 interfaces/routing | |
| cloned_interfaces="tun0:sticky" | |
| # Ensure IPv6 configured on tun0 | |
| ifconfig_tun0="inet6 -ifdisabled auto_linklocal up" | |
| # Add routes | |
| static_routes="nat64_ip4" | |
| ipv6_static_routes="nat64_ip6 nat64_nat" | |
| route_nat64_ip4="-net 192.168.255.0/24 -iface tun0" | |
| ipv6_route_nat64_ip6="-host 2a01:4f8:c010:26a1:2000::1/128 -iface tun0" | |
| ipv6_route_nat64_nat="-net 64:ff9b::/96 -iface tun0" | |
| # Enable tayga | |
| tayga_enable="YES" | |
| tayga_ipv6_addr="2a01:4f8:c010:26a1:2000::1" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Google public DNS64 | |
| nameserver 2001:4860:4860::6464 | |
| nameserver 2001:4860:4860::64 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # PROVIDE: tayga | |
| # REQUIRE: networking | |
| # rc.conf variables | |
| # ----------------- | |
| # | |
| # tayga_enable="YES" | |
| # tayga_config_file="/usr/local/etc/tayga.conf" | |
| # tayga_tun_device="tun0" | |
| # tayga_ipv4_addr="192.168.255.1" | |
| # tayga_dynamic_pool="192.168.255.0/24" | |
| # tayga_ipv6_addr="" ### Must be set | |
| # tayga_prefix="64:ff9b::/96" | |
| # tayga_data_dir="/var/db/tayga" | |
| # tayga_args="" | |
| . /etc/rc.subr | |
| tayga_precmd () | |
| { | |
| ( | |
| printf 'tun-device %s\n' ${tayga_tun_device} | |
| printf 'ipv4-addr %s\n' ${tayga_ipv4_addr} | |
| printf 'ipv6-addr %s\n' ${tayga_ipv6_addr} | |
| printf 'dynamic-pool %s\n' ${tayga_dynamic_pool} | |
| printf 'prefix %s\n' ${tayga_prefix} | |
| printf 'data-dir %s\n' ${tayga_data_dir} | |
| ) > ${tayga_config_file} | |
| # Check tun device up | |
| ifconfig ${tayga_tun_device} up | |
| } | |
| name=tayga | |
| rcvar=tayga_enable | |
| start_precmd="tayga_precmd" | |
| command="/usr/local/sbin/tayga" | |
| pidfile="/var/run/tayga.pid" | |
| load_rc_config $name | |
| : ${tayga_ipv6_addr?ERROR: Must specifiy tayga_ipv6_addr} | |
| : ${tayga_config_file:=/usr/local/etc/tayga.conf} | |
| : ${tayga_tun_device:=tun0} | |
| : ${tayga_ipv4_addr:=192.168.255.1} | |
| : ${tayga_dynamic_pool:=192.168.255.0/24} | |
| : ${tayga_prefix:=64:ff9b::/96} | |
| : ${tayga_data_dir:=/var/db/tayga} | |
| : ${command_args:="--config ${tayga_config_file} --pidfile ${pidfile} ${tayga_args}"} | |
| run_rc_command "$1" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tun-device tun0 | |
| ipv4-addr 192.168.255.1 | |
| ipv6-addr 2a01:4f8:c010:26a1:2000::1 | |
| dynamic-pool 192.168.255.0/24 | |
| prefix 64:ff9b::/96 | |
| data-dir /var/db/tayga |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment