- Privex·Last edited by Someguy123 on Feb 13, 2021Linked with GitHubContributed by
${toc}
Install Tayga
apt update
apt install -y tayga
Configure sysctl / ensure IPv4 and IPv6 forwarding is enabled
For Tayga to work properly, you must have both IPv4 and IPv6 forwarding enabled.
Since the NAT64 server will also function effectively like a router, the sysctl config that's generated below will:
- Disables most IPv6 router advertisement settings (SLAAC)
- Disables the main
accept_raswitch - Disables accepting default route advertisements
- Disables interface IPv6 auto-configuration
- Enables accepting MTU size advertisements, since MTU is very important
- Disables the main
- Disables IPv4/v6 redirects
- Adjusts the IPv6 MTU for the primary interface to match the VPN's MTU (1420 for wireguard).
Manually enable forwarding
# Not necessary, but you may wish to run the below commands to enable IPv4 / IPv6 forwarding immediately.
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv4.conf.all.forwarding=1
sudo sysctl -w net.ipv4.ip_forward=1
Generating a sysctl config (95-privexnet.conf)
# DEFAULT_IFACE should be set to the name of your PRIMARY INTERFACE, i.e. the one
# with the server's public IPv4/v6 address(es).
# IFACE_MTU should be set to match your VPN's MTU. For wireguard, this is typically 1420
DEFAULT_IFACE="eth0"
IFACE_MTU="1420"
sudo tee /etc/sysctl.d/95-privexnet.conf <<EOF
#########
# Privex SYSCTL Config Options
#########
# Enable IP forwarding for IPv4 and IPv6
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.forwarding=1
net.ipv6.conf.${DEFAULT_IFACE}.forwarding=1
net.ipv4.conf.${DEFAULT_IFACE}.forwarding=1
net.ipv4.ip_forward=1
####
# Disable IPv6 router advertisements that could potentially cause problems
####
# Main "accept router advertisements" flag - affects all other RA settings
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.${DEFAULT_IFACE}.accept_ra=0
# DO NOT accept advertisements for default router
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.${DEFAULT_IFACE}.accept_ra_defrtr=0
# DO NOT attempt to auto-configure via SLAAC or RA's
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.${DEFAULT_IFACE}.autoconf=0
# ACCEPT MTU advertisements from RA's - since MTU is very important
net.ipv6.conf.all.accept_ra_mtu=1
net.ipv6.conf.${DEFAULT_IFACE}.accept_ra_mtu=1
####
# Misc. Network Settings
####
# do not accept redirects
net.ipv6.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.eth0.accept_redirects=0
net.ipv4.conf.eth0.accept_redirects=0
# adjust default iface to use same MTU as wireguard for IPv6
net.ipv6.conf.${DEFAULT_IFACE}.mtu=${IFACE_MTU}
EOF
Importing / reloading the sysctl configs
# Load all sysctl configs
sudo sysctl -p
# Ensure sysctl actually read the privexnet config by specifying it
sudo sysctl -p /etc/sysctl.d/95-privexnet.conf
Configuration Files
default/tayga
/etc/default/tayga
# Defaults for tayga initscript
# sourced by /etc/init.d/tayga
# installed at /etc/default/tayga by the maintainer scripts
# Change this to "yes" to enable tayga
RUN="yes"
# Configure interface and set the routes up
CONFIGURE_IFACE="yes"
# Configure NAT44 for the private IPv4 range
CONFIGURE_NAT44="yes"
# Additional options that are passed to the Daemon.
DAEMON_OPTS=""
# IPv4 address to assign to the NAT64 tunnel device
IPV4_TUN_ADDR="192.168.255.1"
# IPv6 address to assign to the NAT64 tunnel device
IPV6_TUN_ADDR="2a07:e01:ffff::2"
tayga.conf
/etc/tayga.conf
tun-device nat64
# Tayga's IPv4 address (doesn't really matter)
ipv4-addr 192.168.255.1
# Tayga's IPv6 address (to be routed to)
ipv6-addr 2a07:e01:ffff::2
# V6 Prefix to use for the IPv4 internet
prefix 64:ff9b::/96
dynamic-pool 192.168.0.0/16
data-dir /var/spool/tayga
Networking Config
/etc/netplan/50-cloud-init.yml
network:
version: 2
ethernets:
# eth0 = Public Internet adapter
# Must have IPv4, but doesn't require IPv6
eth0:
addresses:
- 185.130.44.60/27
gateway4: 185.130.44.33
accept-ra: no
match:
macaddress: 1a:76:89:d4:09:b1
nameservers: &id001
addresses:
- 2a07:e00::333
- 8.8.4.4
- 1.1.1.1
search:
- privex.bz
set-name: eth0
# eth1 - NAT64 IPv6 Gateway Adapter
# Should have both a "public" IPv6 address (::1), used for accessing the server
# and the "gateway" IPv6 (::2) used for routing the NAT64 prefix into
eth1:
addresses:
- 2a07:e01:ffff::1/64
- 2a07:e01:ffff::2/64
gateway6: 2a07:e01:ffff::f
match:
macaddress: a6:08:61:c3:e5:e1
nameservers: *id001
set-name: eth1
Enabling and starting Tayga
systemctl enable tayga
systemctl restart tayga
Adding routes
Cisco
ipv6 route 64:FF9B::/96 2A07:E01:FFFF::1 name NAT64
ipv6 route 64:FF9B::/96 2a07:e02:10ff::2 name NAT64-CA
Linux CLI
ip -6 route add 64:ff9b::/96 via 2a07:e02:10ff::2 dev br0 metric 10 pref high
ip -6 route add 64:FF9B::/96 via 2a07:e00::64:64 dev eth0
Netplan
NOTE: On our Vultr regions, the route should be added to /etc/netplan/30-bridge.yaml
routes:
# 64:ff9b::/96 via 2a07:e02:10ff::2 dev br0 metric 10 pref high
- to: 64:ff9b::/96
via: 2a07:e02:10ff::2
metric: 10
Read more
Cryptocurrency Guide
Foreigners / Customers Russians / Artists / Vendors
Mar 10, 2022Important/most useful bash settings (including error handling settings)
# Error handling set -e     # Exit immediately if a command exits with a non-zero status. set -u     # Treat unset variables as an error when substituting. set -E     # If set, the ERR trap is inherited by shell functions. set -o pipefail   # the return value of a pipeline is the status of the last command to exit with                   # a non-zero status, or zero if no command exited with a non-zero status
Feb 2, 2021Quagga Route Server on Ubuntu
Setting up your real physical Cisco router to send un-altered routes to your Quagga server cisco core router config for sending routing data to quagga ip access-list standard DENY-ALL-IPV4   deny   any exit ipv6 access-list DENY-ALL-IPV6   deny ipv6 any any exit
Feb 2, 2021Creating a btrfs volume
# create btrfs FS on sda partition 3 mkfs.btrfs /dev/sda3 Mounting btrfs and Creating a sub-volume mkdir /mnt/myfs mount /dev/sda3 /mnt/myfs cd /mnt/myfs
Jan 11, 2021
HackMD