Testing CLAT for IPv6-only mobile networks

As many have noticed, in some circumstances some mobile networks have started handing out only IPv6 network addresses, such as on the Xperia 10iii with your SIM in slot 1. This isn’t as dramatic as it sounds - these networks also implement DNS64 to translate IPv4 into a v6 subnet that’s routed to the v4 internet through a NAT64 host, so for the most part you wouldn’t notice. However, for connecting to literal IPv4 addresses or supporting a v4 subnet for tethering/hotspot, that’s not enough.

That’s where CLAT comes in. It’s a mechanism for detecting when DNS64 is present, and translating IPv4 into IPv6 addresses on the NAT64 subnet, so IPv4 is available. This mechanism is implemented on later Android and iOS devices, but hasn’t been on Connman on SailfishOS, until now. Thanks to a monumental effort from Jussi, we now have an experimental new plugin for Connman which, along with a new package of Tayga, can detect NAT64 networks and create a CLAT interface that can be used for tethering. It’s not yet complete but is in a fit state for testing by brave community members.

NAT64 is a feature of only certain mobile providers, none of which are in Finland which makes testing difficult. I’m on one of those networks myself (Orange F) and can report it works well so far for me. But other networks may have different expectations that we’re don’t meet yet, so we need some broader testing.

If you would like to try out these beta packages, I’ve built it on the community OBS for aarch64 devices. Add this repository to your SSU config (with ssu ar <name> <url>) and update. If you’re not familiar with how to do that, then please don’t try this. It probably won’t brick your device but you could end up having to reflash.

Don’t forget to remove the repo (with ssu rr) before the next release. It will be removed from the OBS at some point, and you don’t want broken repos in your config.

If this works for you, please let us know. If not then some logs would be appreciated to help us improve this so we can get it into the next release. To enable logging for CLAT and related components in the journal, this needs to be in /etc/sysconfig/connman:

SYSCONF_ARGS=-d plugins/clat.c -d src/tethering.c -d src/technology.c -d src/network.c -d src/nat.c

Then this script should collect the relevant info from your device and pack it up into an archive that you can send to us. Ask how on IRC, Telegram or here and we’ll figure something out. Run it at the point where everything should be working. Using USB networking is the best way to do this over ssh when your WLAN is off.

#!/bin/bash

TMPDIR="/tmp/clat/$(date +%Y%M%d_%H%M%S)"
ARCHIVE="$TMPDIR.tar.bz"
CLATCONF="/etc/connman/clat.conf"

echo "Gathering CLAT logs to $TMPDIR"

mkdir -p "$TMPDIR"

# journal
journalctl -b -u connman > "$TMPDIR/clat.connman.log"

# route info:
route -n > "$TMPDIR/clat.route"
route --inet6 -n > "$TMPDIR/clat.route6"

# device info:
ip addr show clat &> "$TMPDIR/clat.device"

# iptables:
iptables -L -v -n > "$TMPDIR/clat.iptables.filter"
iptables -t nat -L -v -n > "$TMPDIR/clat.iptables.nat"
ip6tables -L -v -n > "$TMPDIR/clat.ip6tables.filter"

# clat conf
if [ -f "$CLATCONF" ] ; then cp /etc/connman/clat.conf "$TMPDIR/" ; fi

tar cjf "$ARCHIVE" "$TMPDIR" 2>/dev/null

echo "Done"
echo "Send archive $ARCHIVE"

Just a FYI for people willing to test this: we haven’t had time to implement everything here. Most notably these following ones are not done in the full extent yet but are going to be part of the follow-up work:

• Prefix query to ipv4only.arpa is done every 10 minutes. This should be changed to follow AAAA DNS record TTL-10s schedule as RFC7050 states. In case of timeouts the query is repeated every 10 seconds for 1 minute to avoid shutting down because of network glitches.
• IPv6 address generation for CLAT is rather simple than complete. This needs to be improved to avoid collisions etc. Now the clat uses a suffix ::c1a7 for its IPv6 derived from the transport’s IPv6.
• As of now the IPv6 prefix is always the global prefix (64:ff9b::/96, see RFC7050) for CLAT as parsing is not complete.

We may update the download repository at times when we see something important that needs to be fixed. I hope this implementation of CLAT support helps many with their tethering issues on IPv6 only network.

I just gave this a quick test. I only get an IPv6 address with my Xperia 10iii(this was not the case with the XA2 with the same sim). The clat network shows up using IP 192.0.0.1. Hotspot is still not working. But for example the SFOS Forum Viewer seems to work much better than before, also i am able to fetch emails using the Jolla Email programm, which doesn’t work reliable before using mobile data.

I will test this a few days and report back. I also could provide some logs via mail or irc.

I think it’s good to add this feature for the future when more and more provider will stop giving out ipv4 addresses to mobile devices, but now it would be better if ofono gets fixed on the 10iii.

Hi!

Thanks for testing and feedback. In some early tests we did notice that hotspot did work only after the device was booted after installing the new version. It is not yet fully known what causes that behavior.

I’m not sure if there’s anything broken here. When my network does provide an IPv4 (e.g. when slot 2 is used or when roaming), it’s a private 10.x.x.x address NAT’d address that seems to me to be provided for compatibility. These networks are already trying to switch to IPv6 only where they can, using NAT64 and expecting CLAT to be present.

Thanks for the clarification and for your work!

I will give it a try on my next reboot.

After rebooting and enabling hotspot it WORKED. I’m writing this post using my laptop with the 10iii as the hotspot. Thank you guys.

Wonderful! And thank you for testing and letting us know. If you encounter any issues during your continued testing we’d appreciate the logs collected with the script detailed in the 1st message. Also, it wouldn’t hurt to see what kind of output there is in successful cases, too.

I’ve everything set up to collect the logs. I just need to know what would be the best way(what to enable after a fresh reboot before taking a log) and where to send it.

You could do the preparations before a new boot so the full progress is shown in the logs.

Personally I’d recommend adding a new journald configuration to not to do rate limiting but this is not absolutely necessary. This can be done by

mkdir -p /etc/systemd/journald.conf.d/
cat <<EOF >/etc/systemd/journald.conf.d/debug.conf
[Journal]
Storage=persistent
RateLimitIntervalSec=0s
RateLimitBurst=0
SystemMaxUse=100M
RuntimeMaxUse=2M
EOF

And then add the sysconf args for ConnMan (since this works, I guess clat.c and nat.c from the 1st post suffice):

cat <<EOF >/etc/sysconfig/connman
SYSCONF_ARGS=-d plugins/clat.c -d src/nat.c
EOF

Changes will be effective after the services are restarted or the device is rebooted.

The resulting archive can be then sent to connman-debug@jolla.com

After taking the logs you can just simply remove the created files.

rm /etc/systemd/journald.conf.d/debug.conf
rm /etc/sysconfig/connman

Can we get some kind of notification when the worst bugs have been ironed out? I’m affected by this bug and I’d really like to try it once it is good enough to not require a reflash in case of problems.

If it is not working, just remove the added repo, remove tayga and reinstall the updated rpms.
These were installed on my 10iii

connman connman-plugin-vpn-l2tp connman-plugin-vpn-openconnect connman-plugin-vpn-openvpn connman-plugin-vpn-pptp connman-plugin-vpn-vpnc connman-vpn-scripts

Email is on its way.

Hi! We have ironed out the bugs we know and can test with the resources we have. For example, this is not possible to test in Finland as AFAIK none of the operators support CLAT yet (Telia has IPv6 in planning, DNA supports apparently DUAL mode well as so does Elisa). Please correct me if I’m wrong about the current state. Most of the internal process of the CLAT implementation has been simulated with unit tests but those cannot cover any real world situations in the full extent. Therefore, we are asking community to give us feedback.

This does not affect the core functionality as much that there is a risk of bricking the device. Tayga is started by ConnMan only in the situation when mobile data (cellular) is connected and is the default communication medium (or, service) in use and hasn’t gotten an IPv4 address but IPv6 address exists.

If you want to be really cautious you can download the current version packages of ConnMan prior to adding the repository. Copy the packages somewhere that package managers cannot remove them.

One would need to download (with pckon or zypper):
connman connman-plugins-vpn-{l2tp,openconnect,openvpn,pptp,vpnc} connman-vpn-scripts (and connman-tools if this was installed). And install them after disabling the repository by allowing downgrade.

Installed and tried it today on my freshly flashed 10III. Today at noon hotspot also worked perfectly, tested with an XA2 and Steam Deck. Unfortunately it’s no longer possible right now. Just get limited connection with no internet as before
My provider is Deutsche(german) Telekom

Have you tried rebooting the phone?

Yes I have, especially when it was no longer possible. Have also restarted the network via the utility or tried turning airplane mode on and off

Just tested it myself, Hotspot didn’t work anymore. After a reboot it was back working again. Which apn settings do you use for Telekom?

Unfortunately not for me