Files for running a NAT64 daemon

## etc_default_tayga
# Defaults for tayga initscript
# sourced by /etc/init.d/tayga
# installed at /etc/default/tayga by the maintainer scripts

# Change this to "yes" to enable tayga
RUN="yes"

# Configure interface and set the routes up
CONFIGURE_IFACE="yes"

# Configure NAT44 for the private IPv4 range
CONFIGURE_NAT44="yes"

# Additional options that are passed to the Daemon.
DAEMON_OPTS=""

# IPv4 address to assign to the NAT64 tunnel device
IPV4_TUN_ADDR=""

# IPv6 address to assign to the NAT64 tunnel device
IPV6_TUN_ADDR=""

## etc_netplan_01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    ens160:
      addresses:
          - 23.152.160.4/26
          - 2620:13b:0:1000::4/64
      gateway4: 23.152.160.1
      gateway6: 2620:13b:0:1000::1
      nameservers:
          search: [ phirephly.design ]
          addresses:
              - "8.8.8.8"
              - "1.1.1.1"

## etc_quagga_bgpd.conf
!
! Zebra configuration saved from vty
!   2019/02/03 15:05:17
!
!
router bgp 4264646464
 bgp router-id 23.152.160.4
 neighbor 2620:13b:0:1000::1 remote-as 7034
 neighbor 2620:13b:0:1000::1 description BGP session back to core1
 no neighbor 2620:13b:0:1000::1 activate
!
 address-family ipv6
 network 64:ff9b::/96
 neighbor 2620:13b:0:1000::1 activate
 neighbor 2620:13b:0:1000::1 prefix-list nat64-only out
 exit-address-family
 exit
!
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
!
line vty
!

## etc_quagga_zebra.conf
!
! Zebra configuration saved from vty
!   2019/02/03 15:05:17
!
hostname kwfnat64
password zebra
enable password zebra
!
interface ens160
!
interface lo
!
interface nat64
!
ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
!
ip forwarding
ipv6 forwarding
!
!
line vty
!

## etc_sysctl.conf
# ... SNIP the rest of this file except the two important lines

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

## etc_tayga.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1
# TUN device that TAYGA will use to exchange IPv4 and IPv6 packets with the
# kernel.  You may use any name you like, but `nat64' is recommended.

tun-device nat64

# TAYGA's IPv4 address.  This is NOT your router's IPv4 address!  TAYGA
# requires its own address because it acts as an IPv4 and IPv6 router, and
# needs to be able to send ICMP messages.  TAYGA will also respond to ICMP
# echo requests (ping) at this address.
#
# This address can safely be located inside the dynamic-pool prefix.
#
# We're using the pool 100.65.0.0/16, so lets take the first addr in that pool
#
# Mandatory.
#
ipv4-addr 100.65.0.1

#
# TAYGA's IPv6 address.  This is NOT your router's IPv6 address!  TAYGA
# requires its own address because it acts as an IPv4 and IPv6 router, and
# needs to be able to send ICMP messages.  TAYGA will also respond to ICMP
# echo requests (ping6) at this address.
#
# Optional if the NAT64 prefix is specified, otherwise mandatory.  It is also
# mandatory if the NAT64 prefix is 64:ff9b::/96 and ipv4-addr is a private
# (RFC1918) address.
#
# This is set to our system's public IP address to match /etc/netplan/01-netcfg.yaml

ipv6-addr 2620:13B:0:1000::4

#
# The NAT64 prefix.  The IPv4 address space is mapped into the IPv6 address
# space by prepending this prefix to the IPv4 address.  Using a /96 prefix is
# recommended in most situations, but all lengths specified in RFC 6052 are
# supported.
#
# This must be a prefix selected from your organization's IPv6 address space
# or the Well-Known Prefix 64:ff9b::/96.  Note that using the Well-Known
# Prefix will prohibit IPv6 hosts from contacting IPv4 hosts that have private
# (RFC1918) addresses, per RFC 6052.
#
# The NAT64 prefix need not be specified if all required address mappings are
# listed in `map' directives.  (See below.)
#
# Optional.
#
# 64:ff9b is the standard prefix used by public DNS64 servers
prefix 64:ff9b::/96

#
# Dynamic pool prefix.  IPv6 hosts which send traffic through TAYGA (and do
# not correspond to a static map or an IPv4-translatable address in the NAT64
# prefix) will be assigned an IPv4 address from the dynamic pool.  Dynamic
# maps are valid for 124 minutes after the last matching packet is seen.
#
# If no unassigned addresses remain in the dynamic pool (or no dynamic pool is
# configured), packets from unknown IPv6 hosts will be rejected with an ICMP
# unreachable error.
#
# Optional.
#
# We picked this out of the carrier grade NAT 100.64.0.0/10 pool.
#   Not that it particularly matters. This pool of addresses never leaves this host
#
dynamic-pool 100.65.0.0/16

#
# Persistent data storage directory.  The dynamic.map file, which saves the
# dynamic maps that are created from dynamic-pool, is stored in this
# directory.  Omit if you do not need these maps to be persistent between
# instances of TAYGA.
#
# Optional.
#
data-dir /var/spool/tayga

## ip_route_sanity_check
kenneth@kwfnat64:~$ ip route
default via 23.152.160.1 dev ens160 proto static
23.152.160.0/26 dev ens160 proto kernel scope link src 23.152.160.4
100.65.0.0/16 dev nat64 scope link
kenneth@kwfnat64:~$ ip -6 route
64:ff9b::/96 dev nat64 metric 1024 pref medium
2620:13b:0:1000::/64 dev ens160 proto kernel metric 256 pref medium
2620:13b:0:1000::/64 dev ens160 proto ra metric 1024 pref medium
fe80::/64 dev ens160 proto kernel metric 256 pref medium
fe80::/64 dev nat64 proto kernel metric 256 pref medium
default proto static metric 1024
	nexthop via 2620:13b:0:1000::1 dev ens160 weight 1
	nexthop via fe80::209:7bff:fe9f:580 dev ens160 weight 1
	# Defaults for tayga initscript
	# sourced by /etc/init.d/tayga
	# installed at /etc/default/tayga by the maintainer scripts

	# Change this to "yes" to enable tayga
	RUN="yes"

	# Configure interface and set the routes up
	CONFIGURE_IFACE="yes"

	# Configure NAT44 for the private IPv4 range
	CONFIGURE_NAT44="yes"

	# Additional options that are passed to the Daemon.
	DAEMON_OPTS=""

	# IPv4 address to assign to the NAT64 tunnel device
	IPV4_TUN_ADDR=""

	# IPv6 address to assign to the NAT64 tunnel device
	IPV6_TUN_ADDR=""
	# This file describes the network interfaces available on your system
	# For more information, see netplan(5).
	network:
	version: 2
	renderer: networkd
	ethernets:
	ens160:
	addresses:
	- 23.152.160.4/26
	- 2620:13b:0:1000::4/64
	gateway4: 23.152.160.1
	gateway6: 2620:13b:0:1000::1
	nameservers:
	search: [ phirephly.design ]
	addresses:
	- "8.8.8.8"
	- "1.1.1.1"
	!
	! Zebra configuration saved from vty
	! 2019/02/03 15:05:17
	!
	!
	router bgp 4264646464
	bgp router-id 23.152.160.4
	neighbor 2620:13b:0:1000::1 remote-as 7034
	neighbor 2620:13b:0:1000::1 description BGP session back to core1
	no neighbor 2620:13b:0:1000::1 activate
	!
	address-family ipv6
	network 64:ff9b::/96
	neighbor 2620:13b:0:1000::1 activate
	neighbor 2620:13b:0:1000::1 prefix-list nat64-only out
	exit-address-family
	exit
	!
	ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
	!
	line vty
	!
	!
	! Zebra configuration saved from vty
	! 2019/02/03 15:05:17
	!
	hostname kwfnat64
	password zebra
	enable password zebra
	!
	interface ens160
	!
	interface lo
	!
	interface nat64
	!
	ipv6 prefix-list nat64-only seq 5 permit 64:ff9b::/96
	!
	ip forwarding
	ipv6 forwarding
	!
	!
	line vty
	!
	# ... SNIP the rest of this file except the two important lines

	net.ipv4.ip_forward=1
	net.ipv6.conf.all.forwarding=1
	# Uncomment the next line to enable packet forwarding for IPv4
	net.ipv4.ip_forward=1
	# Uncomment the next line to enable packet forwarding for IPv6
	net.ipv6.conf.all.forwarding=1
	# TUN device that TAYGA will use to exchange IPv4 and IPv6 packets with the
	# kernel. You may use any name you like, but `nat64' is recommended.

	tun-device nat64

	# TAYGA's IPv4 address. This is NOT your router's IPv4 address! TAYGA
	# requires its own address because it acts as an IPv4 and IPv6 router, and
	# needs to be able to send ICMP messages. TAYGA will also respond to ICMP
	# echo requests (ping) at this address.
	#
	# This address can safely be located inside the dynamic-pool prefix.
	#
	# We're using the pool 100.65.0.0/16, so lets take the first addr in that pool
	#
	# Mandatory.
	#
	ipv4-addr 100.65.0.1

	#
	# TAYGA's IPv6 address. This is NOT your router's IPv6 address! TAYGA
	# requires its own address because it acts as an IPv4 and IPv6 router, and
	# needs to be able to send ICMP messages. TAYGA will also respond to ICMP
	# echo requests (ping6) at this address.
	#
	# Optional if the NAT64 prefix is specified, otherwise mandatory. It is also
	# mandatory if the NAT64 prefix is 64:ff9b::/96 and ipv4-addr is a private
	# (RFC1918) address.
	#
	# This is set to our system's public IP address to match /etc/netplan/01-netcfg.yaml

	ipv6-addr 2620:13B:0:1000::4

	#
	# The NAT64 prefix. The IPv4 address space is mapped into the IPv6 address
	# space by prepending this prefix to the IPv4 address. Using a /96 prefix is
	# recommended in most situations, but all lengths specified in RFC 6052 are
	# supported.
	#
	# This must be a prefix selected from your organization's IPv6 address space
	# or the Well-Known Prefix 64:ff9b::/96. Note that using the Well-Known
	# Prefix will prohibit IPv6 hosts from contacting IPv4 hosts that have private
	# (RFC1918) addresses, per RFC 6052.
	#
	# The NAT64 prefix need not be specified if all required address mappings are
	# listed in `map' directives. (See below.)
	#
	# Optional.
	#
	# 64:ff9b is the standard prefix used by public DNS64 servers
	prefix 64:ff9b::/96

	#
	# Dynamic pool prefix. IPv6 hosts which send traffic through TAYGA (and do
	# not correspond to a static map or an IPv4-translatable address in the NAT64
	# prefix) will be assigned an IPv4 address from the dynamic pool. Dynamic
	# maps are valid for 124 minutes after the last matching packet is seen.
	#
	# If no unassigned addresses remain in the dynamic pool (or no dynamic pool is
	# configured), packets from unknown IPv6 hosts will be rejected with an ICMP
	# unreachable error.
	#
	# Optional.
	#
	# We picked this out of the carrier grade NAT 100.64.0.0/10 pool.
	# Not that it particularly matters. This pool of addresses never leaves this host
	#
	dynamic-pool 100.65.0.0/16

	#
	# Persistent data storage directory. The dynamic.map file, which saves the
	# dynamic maps that are created from dynamic-pool, is stored in this
	# directory. Omit if you do not need these maps to be persistent between
	# instances of TAYGA.
	#
	# Optional.
	#
	data-dir /var/spool/tayga
	kenneth@kwfnat64:~$ ip route
	default via 23.152.160.1 dev ens160 proto static
	23.152.160.0/26 dev ens160 proto kernel scope link src 23.152.160.4
	100.65.0.0/16 dev nat64 scope link
	kenneth@kwfnat64:~$ ip -6 route
	64:ff9b::/96 dev nat64 metric 1024 pref medium
	2620:13b:0:1000::/64 dev ens160 proto kernel metric 256 pref medium
	2620:13b:0:1000::/64 dev ens160 proto ra metric 1024 pref medium
	fe80::/64 dev ens160 proto kernel metric 256 pref medium
	fe80::/64 dev nat64 proto kernel metric 256 pref medium
	default proto static metric 1024
	nexthop via 2620:13b:0:1000::1 dev ens160 weight 1
	nexthop via fe80::209:7bff:fe9f:580 dev ens160 weight 1