ungleich-staticcms/content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr

title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks
---
pub_date: 2019-10-17
---
author: Nico Schottelius
---
twitter_handle: NicoSchottelius
---
_hidden: no
---
_discoverable: yes
---
abstract:
We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks
---
body:

Have you ever been in an IPv6 only network and wanted to reach IPv4
sites without NAT64?

Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to
give it a try, whether we can easily expose some IPv4 only sites with
a proxy to the IPv6 Internet.

Turns out, using a bit of nginx magic and an
[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is
actually not too hard.

## How it works

First of all, all sites are enabled on a site-by-site basis, so this
is not a generic IPv6-to-IPv4 proxy.

For every "site", be it Hackernews, Twitter or Reddit, I created a
subdomain below **via-ipv6.com** like:

* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)
* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)
* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)

Each of the sites have their own SSL certificate, not the one used by
the actual site. The reason for this is that I needed the client to
access the proxy instead of failing to access the site (like
reddit.com) by not finding an AAAA entry.

The disadvantage of this is that I have to decrypt and re-encrypt the
traffic. So while I am not interested in your data, I advise to use
this service knowing that the TLS connection is decrypted and
reencrypted on the path.

## List of sites

You find the current list of sites on
[via-ipv6.com](https://via-ipv6.com). If you would like to have
another site added, just ping me on [IPv6.chat](https://IPv6.chat).
blog for ipv6 only networks 2019-10-17 19:05:42 +02:00			`title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks`
			`---`
			`pub_date: 2019-10-17`
			`---`
			`author: Nico Schottelius`
			`---`
			`twitter_handle: NicoSchottelius`
			`---`
			`_hidden: no`
			`---`
			`_discoverable: yes`
			`---`
			`abstract:`
			`We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks`
			`---`
			`body:`

			`Have you ever been in an IPv6 only network and wanted to reach IPv4`
			`sites without NAT64?`

			`Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to`
			`give it a try, whether we can easily expose some IPv4 only sites with`
			`a proxy to the IPv6 Internet.`

			`Turns out, using a bit of nginx magic and an`
			`[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is`
			`actually not too hard.`

			`## How it works`

			`First of all, all sites are enabled on a site-by-site basis, so this`
			`is not a generic IPv6-to-IPv4 proxy.`

			`For every "site", be it Hackernews, Twitter or Reddit, I created a`
			`subdomain below via-ipv6.com like:`

			`* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)`
			`* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)`
			`* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)`

			`Each of the sites have their own SSL certificate, not the one used by`
			`the actual site. The reason for this is that I needed the client to`
			`access the proxy instead of failing to access the site (like`
			`reddit.com) by not finding an AAAA entry.`

			`The disadvantage of this is that I have to decrypt and re-encrypt the`
			`traffic. So while I am not interested in your data, I advise to use`
			`this service knowing that the TLS connection is decrypted and`
			`reencrypted on the path.`

			`## List of sites`

			`You find the current list of sites on`
			`[via-ipv6.com](https://via-ipv6.com). If you would like to have`
			`another site added, just ping me on [IPv6.chat](https://IPv6.chat).`