Re: [v6ops] Status of CLAT implementation on iPhone? (IPv4 apps on IPv6-only PDP type)

Tore Anderson <tore@fud.no> Mon, 23 February 2015 12:54 UTC

Return-Path: <tore@fud.no>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD8781A1A57 for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 04:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44NBPy5G0OW5 for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 04:54:49 -0800 (PST)
Received: from greed.fud.no (greed.fud.no [IPv6:2a02:c0:1001:100::145]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 493C81A03A1 for <v6ops@ietf.org>; Mon, 23 Feb 2015 04:54:49 -0800 (PST)
Received: from [2a02:c0:2:4:6666:17:0:1001] (port=54611 helo=echo.ms.redpill-linpro.com) by greed.fud.no with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from <tore@fud.no>) id 1YPsX9-0000Xa-K4; Mon, 23 Feb 2015 13:54:47 +0100
Date: Mon, 23 Feb 2015 13:54:21 +0100
From: Tore Anderson <tore@fud.no>
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>
Message-ID: <20150223135421.4efe73ea@echo.ms.redpill-linpro.com>
In-Reply-To: <54EB1F2F.4000604@gmail.com>
References: <54EB1F2F.4000604@gmail.com>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/_rgEd5N2eLT1-15xym6kzar0Vac>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Status of CLAT implementation on iPhone? (IPv4 apps on IPv6-only PDP type)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 12:54:51 -0000

* Alexandru Petrescu <alexandru.petrescu@gmail.com>

> Hello participants to v6ops WG,
> 
> What is the status of a CLAT implementation on iPhone?  Any hint in that
> direction?

No idea. It wouldn't surprise me if they'll just assume operators will
eventually start supporting IPV4V6 though, which doesn't seem too far
fetched now that LTE is rolling out in several economies.

> I am asking because in private conversation I have noticed doubts
> about this being done.  Or, since the iPhone relies on a bsd
> derivative, it would be technically feasible to implement CLAT on it;
> it is nothing more than some iptables address translation plus a bit
> of python scripting in case.

You can'ẗ implement a CLAT using iptables, since the IPv4 and IPv6
versions of iptables don't really mix. So you can't take an IPv4 packet
as input and output and IPv6 packet or vice versa. You can do it with a
user space daemon like TAYGA though. You'll find an CLAT implementation
for Linux using Perl/TAYGA on my Github page, it's probably not too
hard to adapt it to work on *BSD if you want to.

That said, I've always wondered if it couldn't simply be implemented as
an app. In principle a CLAT doesn't operate much differently than a
regular VPN client, and there are plenty of VPN apps AFAIK.

Tore