Overview
When trying to set up IPv6-only devices to enable communication over the IPv4-only Internet Service Provider (ISP), the NAT64 and DNS64 mechanisms can be used. It can help to translate IPv6-only addresses to IPv4.
This article provides information about Kerio Control compatibility with such technologies.
Solution
NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). The NAT64 gateway is a translator between IPv4 and IPv6 protocols, for which function it needs at least one IPv4 address and an IPv6 network segment comprising a 32-bit address space.
DNS64 describes a DNS server that when asked for a domain's AAAA records, but only finds A records, synthesizes the AAAA records from the A records. The first part of the synthesized IPv6 address points to an IPv6/IPv4 translator and the second part embeds the IPv4 address from the A record. The translator in question is usually a NAT64 server.
Kerio Control does not support NAT64 and DNS64 mechanisms. You can submit a feature request on the GFI forums website.
As a workaround, you can use IPv6 Tunnel. To establish an IPv6 (6to4) tunnel, such as from Tunnel Broker, on any network interface, connect to your Kerio Control instance via SSH and execute the following commands:
- cd /opt/kerio/winroute
- ./tinydbclient "update Interfaces_v2 set IPv6TunnelEndpoint=<Remote IPv4 Endpoint>' where Name='IPv6WAN'"
- ./tinydbclient "update Interfaces_v2 set IPv6Addresses='<Local IPv6 Address>/<Prefix Length>' where Name='IPv6WAN'"
- ./tinydbclient "update Interfaces_v2 set IPv6Gateway='<IPv6 Gateway>' where Name='IPv6WAN'"
- ./tinydbclient "update Interfaces_v2 set IPv6Mode='Tunnel' where Name='IPv6WAN'"
Confirmation
The configuration is in place in /opt/kerio/winroute/winroute.cfg
file.