NEWS Earn Money with Onidel Cloud! Affiliate Program Details - Check it out
Back to Blog

How to Deploy an IPv6‑Only Ubuntu 24.04 VPS and Reach IPv4 with NAT64/DNS64 + CLAT

Introduction

As IPv4 address exhaustion continues to drive innovation in networking, many organizations are transitioning to IPv6-only infrastructure. However, the internet still heavily relies on IPv4 services, creating a challenge for IPv6-only deployments. This tutorial addresses the problem of enabling IPv6-only servers to communicate with IPv4-only services using NAT64/DNS64 translation mechanisms combined with CLAT (Customer-side Translator).

By the end of this guide, you’ll have a fully functional IPv6-only Ubuntu 24.04 VPS that can seamlessly access both IPv6 and IPv4 resources on the internet. We’ll configure NAT64/DNS64 for outbound connectivity and implement CLAT for applications that require IPv4 socket support.

Prerequisites

Before starting this tutorial, ensure you have:

  • An IPv6-only VPS running Ubuntu 24.04 LTS
  • Root access or sudo privileges
  • Basic understanding of IPv6 addressing and Linux networking
  • At least 1GB RAM and 10GB storage space
  • Access to a NAT64/DNS64 service provider or ability to configure your own

Note: This tutorial assumes your VPS provider supports IPv6-only deployments. Cloud providers like Onidel VPS in Singapore offer advanced IPv6 configurations with their EPYC Milan processors.

Step-by-Step Tutorial

Step 1: Verify IPv6 Connectivity

First, confirm your server has proper IPv6 connectivity:

# Check IPv6 configuration
ip -6 addr show

# Test IPv6 connectivity
ping6 -c 4 google.com

# Verify DNS resolution over IPv6
nslookup google.com

If IPv6 connectivity fails, contact your VPS provider to ensure proper IPv6 routing configuration.

Step 2: Configure DNS64 Resolver

Configure your system to use a public DNS64 resolver that provides IPv6 addresses for IPv4-only services:

# Backup existing DNS configuration
sudo cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.backup

# Edit resolved configuration
sudo nano /etc/systemd/resolved.conf

Add the following DNS64 configuration:

[Resolve]
DNS=2001:67c:2b0::4 2001:67c:2b0::6
FallbackDNS=2606:4700:4700::64 2606:4700:4700::6400
DNSSEC=allow-downgrade

Restart the DNS resolver:

# Restart systemd-resolved
sudo systemctl restart systemd-resolved

# Verify DNS64 is working
nslookup ipv4.google.com

You should see an IPv6 address with the well-known prefix 64:ff9b::/96 for IPv4 services.

Step 3: Install and Configure Tayga (CLAT)

Tayga provides CLAT functionality, translating between IPv4 and IPv6 at the customer premise:

# Update package repository
sudo apt update

# Install Tayga and required dependencies
sudo apt install tayga iptables-persistent -y

Create Tayga configuration:

# Create configuration directory
sudo mkdir -p /etc/tayga

# Create main configuration file
sudo nano /etc/tayga/tayga.conf

Add the following configuration:

# Tayga CLAT configuration
tun-device nat64
ipv4-addr 192.0.2.1
prefix 64:ff9b::/96
dynamic-pool 192.0.2.0/24
data-dir /var/spool/tayga

Step 4: Configure Network Interfaces

Set up the virtual network interface for IPv4-IPv6 translation:

# Create data directory
sudo mkdir -p /var/spool/tayga
sudo chown tayga:tayga /var/spool/tayga

# Create and start NAT64 interface
sudo tayga --mktun
sudo ip link set nat64 up
sudo ip addr add 192.0.2.1/24 dev nat64
sudo ip route add 192.0.2.0/24 dev nat64

Configure IPv6 routing for the NAT64 prefix:

# Add IPv6 route for NAT64 prefix
sudo ip -6 route add 64:ff9b::/96 dev nat64

Step 5: Start Tayga Service

Create a systemd service for automatic startup:

# Create systemd service file
sudo nano /etc/systemd/system/tayga.service

Add the service configuration:

[Unit]
Description=Tayga NAT64 daemon
After=network.target

[Service]
Type=forking
ExecStartPre=/usr/bin/tayga --mktun
ExecStartPre=/bin/ip link set nat64 up
ExecStartPre=/bin/ip addr add 192.0.2.1/24 dev nat64
ExecStartPre=/bin/ip route add 192.0.2.0/24 dev nat64
ExecStartPre=/bin/ip -6 route add 64:ff9b::/96 dev nat64
ExecStart=/usr/bin/tayga
ExecStopPost=/usr/bin/tayga --rmtun
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start the service:

# Enable and start Tayga
sudo systemctl daemon-reload
sudo systemctl enable tayga
sudo systemctl start tayga

# Check service status
sudo systemctl status tayga

Step 6: Test Connectivity

Verify both IPv4 and IPv6 connectivity works:

# Test IPv4 connectivity through NAT64
curl -4 http://httpbin.org/ip

# Test IPv6 connectivity
curl -6 http://httpbin.org/ip

# Test dual-stack application behavior
curl http://httpbin.org/ip

Warning: If connectivity tests fail, verify your NAT64 service configuration and firewall rules.

Best Practices

Performance Optimization

For optimal network performance in production environments:

  • Monitor translation overhead: NAT64/DNS64 adds latency compared to native IPv6
  • Use IPv6-native services: Prioritize services with native IPv6 support
  • Implement caching: Configure local DNS caching to reduce DNS64 lookup times
  • Resource allocation: Allocate sufficient bandwidth for translation overhead

Security Considerations

Implement these security measures for your IPv6-only infrastructure:

  • Configure ip6tables rules to restrict unnecessary traffic
  • Regularly update Tayga and system packages for security patches
  • Monitor translation logs for suspicious activity
  • Implement proper access controls for the NAT64 interface
# Basic IPv6 firewall rules
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo ip6tables -A INPUT -p icmpv6 -j ACCEPT
sudo ip6tables -A INPUT -j DROP

# Save firewall rules
sudo netfilter-persistent save

Monitoring and Troubleshooting

Set up monitoring for your NAT64/DNS64 deployment:

# Check Tayga status and logs
sudo journalctl -u tayga -f

# Monitor network interfaces
watch -n 1 'ip -s link show nat64'

# Debug DNS64 resolution
dig @2001:67c:2b0::4 ipv4.google.com AAAA

Conclusion

You’ve successfully deployed an IPv6-only Ubuntu 24.04 VPS with full IPv4 reachability through NAT64/DNS64 and CLAT technologies. This configuration enables your server to participate in the modern IPv6 internet while maintaining compatibility with legacy IPv4 services.

Key benefits of this setup include reduced IPv4 address dependency, future-proof networking infrastructure, and simplified network management. The combination of DNS64 for name resolution and CLAT for application compatibility provides a comprehensive solution for IPv6-only deployments.

For production deployments requiring high availability and performance, consider exploring advanced VPS solutions that offer native IPv6 support with enterprise-grade networking features. Modern cloud infrastructure providers can help streamline your transition to IPv6-first architectures while maintaining service reliability.

Ready to implement IPv6-only infrastructure for your applications? The networking landscape continues evolving toward IPv6 adoption, and early implementation positions your infrastructure for future growth and simplified management.

Share your love

Related Posts

  • Copyright © 2025 Onidel Pty Ltd. ABN 67 662 357 397.