euantorano
/
ungleich-staticcms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'dns64-vpn' into 'master' 

New article: Proying IPv4 traffic via the ungleich VPN

See merge request ungleich-public/ungleich-staticcms!5
refactoring
nico 3 years ago
parent
fd67fa7c1c 4471662bdb
commit
3f5f28f5d6
1 changed files with 42 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 42
      content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr

42
content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr
Unescape View File

@ -0,0 +1,42 @@
title: Proying IPv4 traffic via the ungleich VPN
---
pub_date: 2020-02-18
---
author: Timothée Floure
---
_hidden: no
---
_discoverable: yes
---
abstract:
DNS64 is now available for the ungleich VPN, allowing to reach the IPv4
world... on an IPv6-only VPN!
---
body:
We have been offering an [IPv6-capable VPN](https://ungleich.ch/ipv6/vpn/)
alongside our IPv6-only VPS hosting for a while in order to bring IPv6
connectivity to customers stuck in the IPv4 world. The service also allows you
to reach the IPv6-enabled side of global Internet but was not able to connect
to IPv4-only services (such as [github](https://github.com/)!), which can be
painful depending on your use-case.
This shortcoming is no more since we recently deployed two
[DNS64](https://en.wikipedia.org/wiki/IPv6_transition_mechanism#DNS64)
resolvers available to any VPN user. They will generate a synthetic IPv6
address for domains lacking an `AAAA` (i.e. IPv6) DNS record, which will in
turn be routed via our NAT64 gateway. You only have to configure
`2a0a:e5c0:2:12:0:f0ff:fea9:c451` and `2a0a:e5c0:2:12:0:f0ff:fea9:c45d` as DNS
servers when you are connected to the VPN: all the details and instructions are
available on [our
wiki](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Ungleich_IPv6_wireguard_VPN#Proxy-all-traffic-via-the-VPN), although it boils down to two lines in your wireguard configuration.
The above means that ungleich now provides a *fully-fledged* VPN! Note, however, that
direct IPv4 queries (i.e. requests 'bypassing' DNS resolution) won't be routed
though the VPN. Full isolation can be achieved using network namespaces as
described in the [wireguard
documentation](https://www.wireguard.com/netns/#the-new-namespace-solution).
Feel free to [join our
chat](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/CHATting_with_ungleich)
to discuss such (non-trivial) setup in details!
Write Preview
Loading…
Cancel
Save