IPv4

Regex IPv4 & IPv6

Regex is cool. But have you ever tried to grep IPv4 / IPv6 Adresses from a File or extract from a bunch of data ? Did you use Google Search and found lot of Links, Tip’s and Examples ? And non of them worked well ?

I can highly recommend CyberChef for stuff like that … https://gchq.github.io/CyberChef/

Regex from CyberChef

If you wanna use Regex in your own Scripts, here is a little Extract from Cyberchef.

Wireguard with Public IP behind NAT

… or how to host a Dualstacked Public Website behind a IPv4 NAT Box without Reverse Proxy, Portforwarding and other ugly stuff …

inspired by the following Post, i started a little project and redesigned the connectifity for my Hamster’s Webserver :)

i wrote a mail to the guys from tetaneutral.net and asked them for the wireguard vpn service with public ipv4/ipv6 adresses for my server. as i didn’t get any feedback, i had to implement the “Server” on my own.

Gluerecords

https://serverfault.com/questions/142344/how-to-test-dns-glue-record

Check GlueRecords

host:~ $ dig +short ch. NS
c.nic.ch.
a.nic.ch.
h.nic.ch.
f.nic.ch.
g.nic.ch.
b.nic.ch.
e.nic.ch.

host:~ $ dig +norec @a.nic.ch. noflow.ch. NS

; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;noflow.ch. IN  NS

;; AUTHORITY SECTION:
noflow.ch.  3600  IN  NS  ns3.noflow.ch.
noflow.ch.  3600  IN  NS  ns2.noflow.ch.
noflow.ch.  3600  IN  NS  ns1.noflow.ch.

;; ADDITIONAL SECTION:
ns3.noflow.ch.  3600  IN  A 45.32.159.233
ns2.noflow.ch.  3600  IN  A 193.36.36.130
ns1.noflow.ch.  3600  IN  A 45.15.80.202

;; Query time: 12 msec
;; SERVER: 2001:620:0:ff::56#53(2001:620:0:ff::56)
;; WHEN: Wed Aug 26 23:09:52 CEST 2020
;; MSG SIZE  rcvd: 140

you can see, there are three gluerecords with (A) and none with (AAAA). need to talk with my domain hosting provider as i’d like to have AAAA as well …

Tunnel IPv4 over IPv6

let’s do the opposite. you have some ipv6 connectifity and need to transport ipv4

Host A (IPv6 only)

root@hosta ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:e5
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1
        inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604627 vltime 2591827
        inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 86046 vltime 172537

root@hosta ~# i3
IPv4: !NETWORK
IPv6: 2a05:f480:1400:7b6:446d:acb7:5fe4:450f

Host B (Ipv6 only)

root@hostb ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:f4
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9df4%vio0 prefixlen 64 scopeid 0x1
        inet6 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb prefixlen 64 autoconf pltime 604403 vltime 2591603
        inet6 2001:19f0:6801:1e3b:e6f:24db:27f7:de37 prefixlen 64 autoconf autoconfprivacy pltime 85502 vltime 171928

root@hostb ~# i3
IPv4: !NETWORK
IPv6: 2001:19f0:6801:1e3b:e6f:24db:27f7:de37

Configure GIF Interfaces

Host A

ifconfig gif0 inet6 tunnel 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb
ifconfig gif0 inet alias 10.0.0.1 10.0.0.2

Host B

ifconfig gif0 inet6 tunnel 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c
ifconfig gif0 inet alias 10.0.0.2 10.0.0.1

or make them persistent

Tunnel IPv6 over IPv4

let’s assume you need ipv6 connectifity somewhere … You can use some Tunnelbrokers or your run OpenBSD on your Boxes and want todo it on your own. Here some hints.

Server with DualStack

you need a Maschine out in the Internet which is DualStacked

stoege@dualstack$ i3
IPv4: 11.22.33.44
IPv6: 2001:db8:100::100

Host with IPv4 only

stoege@ipv4 host ~# i3
IPv4: 55.66.77.88
IPv6: !NETWORK

and you want to bring IPv4 to the second host

Configure GIF Interfaces

Server

cat << 'EOF' > /etc/hostname.gif0
# IPv4 Tunnel to Host
tunnel 11.22.33.44 55.66.77.88
inet6 alias 2001:db8::1 128
dest 2001:db8:::2
EOF

sh /etc/netstart gif0

IPv4 Host

cat << 'EOF' > /etc/hostname.gif0
# IPv4 Tunnel to Dualstack
tunnel 55.66.77.88 11.22.33.44
inet6 alias 2001:db8::2 128
dest 2001:db8:::1
!route -n add -inet6 default 2001:db8:::1
EOF

sh /etc/netstart gif0

Enable IPv4 and IPv6 Forwarding

you know, the sysctl stuff and so ..

Multicast

/etc/mrouted.conf

name LOCAL 239.255.0.0/16
phyint em1 disable

forward multicast

sysctl.conf
net.inet.ip.mforwarding=1

enable and start Service

rcctl enable multicast
rcctl start multicast
rcctl enable mrouted
rcctl start mrouted

useful commands

netstat -g
map-mbone
mrinfo
mtrace

https://felix-kling.de/blog/2019/sonos-dedicated-vlan.html


Any Comments ?

sha256: 8f43d20c9f3186346dfab5fb16a3de63b780d414c608ce12f0d096089fbf9642

Dualstack

DualStack & Prefix Delegation with OpenBSD

OS: OpenBSD 6.5

Hint: wide-dhcpv6-20080615p9 was not working fine. So, i gave a try with dhcpcd

Install Package

pkg_add dhcpcd-7.1.1p4

Configure dhcpcd

/etc/dhcpcd.conf
ipv6only
noipv6rs
duid
persistent
option rapid_commit
require dhcp_server_identifier

# disable running any hooks; not typically required for simple DHCPv6-PD setup
script ""

# List interfaces explicitly so that dhcpcd doesn't touch others
allowinterfaces em1 vlan108 vlan110 vlan112

interface em1
    # the following two lines tell dhcpcd to do router solicitation
    # itself. don't use them if using "inet6 autoconf" (slaacd)
    ipv6rs
    ia_na 1

    # request prefixes from the provider to use for downstream networks
    ia_pd 2 vlan108/1 vlan110/2 vlan112/3

Enable and Start Service

rcctl enable dhcpcd
rcctl restart dhcpcd

You sould now get a ip address on your public interface. adjust the pf.conf accordingly for ipv6 !