When operating in an IPv6-only environment like Freifunk routers running OpenWRT, accessing IPv4 resources becomes nontrivial. The specific case involves:
- No DNS resolution available in router configuration
- Target server (downloads.openwrt.org) only has IPv4 addressing
- Need for package installation via
opkgrequires network access
There are several potential solutions to bridge IPv6-to-IPv4 connectivity:
1. DNS64 with NAT64
The most elegant solution involves using DNS64 (RFC 6147) combined with NAT64 (RFC 6146):
# Configure DNS64 in /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option noresolv '1'
option server '2001:67c:2b0::4' # Public NAT64+DNS64 server
option server '2001:67c:2b0::6'
2. Manual /etc/hosts Entry
For static resolution when you know the NAT64 gateway:
# /etc/hosts entry using NAT64 prefix
64:ff9b::c0a8:0101 downloads.openwrt.org
Where 64:ff9b::/96 is the well-known NAT64 prefix and c0a8:0101 represents the IPv4 address 192.168.1.1 in hexadecimal.
3. Using a Proxy Server
Configure an HTTP proxy with IPv6 access:
# opkg.conf modification
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option http_proxy http://[2001:db8::1]:3128
For OpenWRT routers specifically, the recommended approach would be:
- Identify a public DNS64+NAT64 service (like those from Google or Cloudflare)
- Configure the DNS settings to use these servers
- Test connectivity with ping6 to a synthesized address
Example test command:
ping6 -c 4 downloads.openwrt.org
- Verify that your IPv6 connectivity is working first
- Check that DNS resolution is functioning with
nslookup - Examine firewall rules that might block NAT64 traffic
- Consider using tcpdump to analyze network traffic
If DNS64/NAT64 isn't feasible:
- Set up a local IPv6-enabled mirror of the packages
- Use a VPN service that provides IPv4 access over IPv6
- Configure a local NAT64 gateway if you control network infrastructure
When running OpenWRT routers in an IPv6-only environment like Freifunk networks, accessing IPv4 resources becomes problematic. The specific case involves trying to reach downloads.openwrt.org which currently only has IPv4 addresses, while our routers can only communicate via IPv6.
The fundamental issue is that:
- The domain
downloads.openwrt.orgresolves only to IPv4 addresses (93.115.24.205) - Our IPv6-only routers cannot directly communicate with IPv4 endpoints
- We need a way to make IPv4 resources accessible via IPv6
Here are two effective approaches:
1. DNS64 with NAT64 Gateway
The most robust solution is to implement DNS64 with a NAT64 gateway. This automatically synthesizes IPv6 addresses for IPv4-only hosts.
For OpenWRT, add these entries to /etc/config/network:
config interface 'nat64'
option proto 'static'
option ip6addr '64:ff9b::/96'
option ip6prefix '64:ff9b::/96'
Then configure your DNS resolver to use a DNS64 server like Google's:
config dnsmasq
option server '2001:4860:4860::6464'
option server '2001:4860:4860::64'
2. Manual IPv6-to-IPv4 Proxy
For specific domains, you can set up a manual proxy:
config hosts
option name 'downloads.openwrt.org'
option ip '64:ff9b::5db1:18cd'
Where 5db1:18cd is the hexadecimal representation of 93.115.24.205.
After applying changes, test with:
ping6 downloads.openwrt.org
opkg update
Some OpenWRT mirrors support IPv6. Check if one is available in your region:
opkg set-mirror http://[2001:678:2::1]/attitude_adjustment/12.09/ar71xx/generic/packages/
- DNS64/NAT64 may introduce slight latency
- Some protocols (like FTP) may not work perfectly through NAT64
- Always test package installations after configuration changes