blog for ipv6 only networks

content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr

@@ -0,0 +1,55 @@
+title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks
+---
+pub_date: 2019-10-17
+---
+author: Nico Schottelius
+---
+twitter_handle: NicoSchottelius
+---
+_hidden: no
+---
+_discoverable: yes
+---
+abstract:
+We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks
+---
+body:
+
+Have you ever been in an IPv6 only network and wanted to reach IPv4
+sites without NAT64?
+
+Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to
+give it a try, whether we can easily expose some IPv4 only sites with
+a proxy to the IPv6 Internet.
+
+Turns out, using a bit of nginx magic and an
+[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is
+actually not too hard.
+
+## How it works
+
+First of all, all sites are enabled on a site-by-site basis, so this
+is not a generic IPv6-to-IPv4 proxy.
+
+For every "site", be it Hackernews, Twitter or Reddit, I created a
+subdomain below **via-ipv6.com** like:
+
+* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)
+* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)
+* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)
+
+Each of the sites have their own SSL certificate, not the one used by
+the actual site. The reason for this is that I needed the client to
+access the proxy instead of failing to access the site (like
+reddit.com) by not finding an AAAA entry.
+
+The disadvantage of this is that I have to decrypt and re-encrypt the
+traffic. So while I am not interested in your data, I advise to use
+this service knowing that the TLS connection is decrypted and
+reencrypted on the path.
+
+## List of sites
+
+You find the current list of sites on
+[via-ipv6.com](https://via-ipv6.com). If you would like to have
+another site added, just ping me on [IPv6.chat](https://IPv6.chat).