With the Turris router you can easily create a network that uses only IPv6. Access to IPv4 Internet is solved by translation mechanism NAT64 combining with DNS64 creates an illusion availability of all content over IPv6. For example, on an IPv6-only network, you can test how different devices on the network behave, which is out of date does not support IPv4.

The manual assumes the Turris router with IPv6 connectivity.

1. Add a new interface definition to the /etc/config/network:

   /etc/config/network

   config interface 'lan6'
           option type 'bridge'
           option therefore 'static'
           option ip6assign '60 '
           option ip6hint '6660' # optional - part of the address
           option 'igmp_snooping' 0 # disables multicast filtering
   traffic inside the bridge will solve some problems

2. Add new ESSIDs to your wireless network configuration:

   /etc/config/wireless

   config wifi-iface 'wlan5'
           option device 'radio0'
           option network 'lan6'
           option mode 'ap'
           option ssid 'turris-nat64'
           option encryption 'psk2'
           option key 'IPv6IsDaShit'

3. You can optionally configure some of the wired interfaces, see Dividing the network into different VLANs
4. Add the lan6 interface to the lan zone in the firewall or similar zone.
5. Set router notification:

   /etc/config/dhcp

   config dhcp 'lan6'
           option interface 'lan6'
           option ignore '1' # ignore for IPv4 DHCP
           option ra 'server' # send router announcement
           option dhcpv6 'server' # offers addresses using DHCPv6

6. Use ifup lan6 to start the interface.
7. Restart the appcpd service, for example using /etc/init.d/odhcpd restart
8. Use wifi to restart Wi-Fi

Now there should be a Wi-Fi network that only supports IPv6, without any service support on IPv4. For example, try the page www.nebezi.cz - information should be displayed that you are connected to a network that does not support the older IPv4 protocol.

1. Install package tayga, for example with opkg install tayga
2. Insert a new section into the configuration file /etc/config/network. Address range 10.64.0.0/16 can be arbitrarily selected, but should not overlap with addresses in other networks. Address 2001:db8:1234::64 should be an address that is routed to your router and is not yet allocated.

   /etc/config/network

   config interface 'nat64'
           option therefore 'tayga'
           option ipv4_addr '10.64.0.1'
           option ipv6_addr '2001:db8:1234::64'
           option prefix '64:ff9b::/96'
           option dynamic_pool '10.64.0.0/16'

3. Add the nat64 interface to the lan zone of the firewall, or a similar zone where the client connection interface will be located. It is important that the firewall does not block FORWARD of packets between zone interfaces.
4. Restart the router, or at least the network subsystem /etc/init.d/network restart (this is necessary for netifd to load support for tayga)
5. Verify that TAYGA runs with the ping command on the IPv4 and / or IPv6 address specified in the configuration.
6. Verify translation functionality with ping6 to translated IPv4 address, for example ping6 64:ff9b::8.8.8.8

The easiest option is to use Google Public DNS64.

1. To use Google Public DNS64, just add its address to the configuration file:

   /etc/config/dhcp

   config dhcp 'lan6'
           option interface 'lan6'
           option ignore '1' # ignore for IPv4 DHCP
           option ra 'server' # send router announcement
           option dhcpv6 'server' # offers addresses using DHCPv6
           list dns '2001:4860:4860::6464'

2. Restart the estcpd service, for example using /etc/init.d/odhcpd restart

DNS64 is also available in Unbound validating DNS resolver which is a common part of TurrisOS for Turris 1.x routers. The disadvantage of its use is that it is can only be enabled on a global level. So, after activation, DNS64 is also performed for dual-stack network, which due to the limited performance of NAT64 the TAYGA daemon can lead to suboptimal router performance.

1. To activate DNS64 in Unbound, create a new file with the following content:

   /etc/unbound/unbound-dns64.conf

   server:
           module-config: "dns64 validator iterator"
           dns64-prefix: 64:ff9b::/96

2. This file must then be inserted into the configuration:

   /etc/config/resolver

   config resolver 'unbound_includes'
           list include_path '/etc/unbound/unbound-dns64.conf'

3. Restart resolver

DNS64 is also available in the Knot DNS resolver DNS resolver which is a common part of TurrisOS for Turris Omnia routers. The disadvantage of its use is that it is can only be enabled on a global level. So, after activation, DNS64 is also performed for dual-stack network, which due to the limited performance of NAT64 the TAYGA daemon can lead to suboptimal router performance.

1. To activate DNS64 in Unbound, create a new file with this content:

   /etc/kresd/dns64.conf

   modules.load('dns64')
   dns64.config('64:ff9b::')

2. This file must then be inserted into the configuration:

   /etc/config/resolver

   Config Resolver 'Kresd'
           option include_config '/etc/kresd/dns64.conf'

3. Restart resolver

You can also run another DNS64 DNS resolver instance within the LXC container. In this way it is then possible to assign a DNS server with DNS64 functionality only to the IPv6-only network.

Try http://www.test-ipv6.cz. You should get full points and a note that NAT64 has been detected.