55 lines
1.7 KiB
Markdown
55 lines
1.7 KiB
Markdown
title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks
|
|
---
|
|
pub_date: 2019-10-17
|
|
---
|
|
author: Nico Schottelius
|
|
---
|
|
twitter_handle: NicoSchottelius
|
|
---
|
|
_hidden: no
|
|
---
|
|
_discoverable: yes
|
|
---
|
|
abstract:
|
|
We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks
|
|
---
|
|
body:
|
|
|
|
Have you ever been in an IPv6 only network and wanted to reach IPv4
|
|
sites without NAT64?
|
|
|
|
Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to
|
|
give it a try, whether we can easily expose some IPv4 only sites with
|
|
a proxy to the IPv6 Internet.
|
|
|
|
Turns out, using a bit of nginx magic and an
|
|
[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is
|
|
actually not too hard.
|
|
|
|
## How it works
|
|
|
|
First of all, all sites are enabled on a site-by-site basis, so this
|
|
is not a generic IPv6-to-IPv4 proxy.
|
|
|
|
For every "site", be it Hackernews, Twitter or Reddit, I created a
|
|
subdomain below **via-ipv6.com** like:
|
|
|
|
* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)
|
|
* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)
|
|
* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)
|
|
|
|
Each of the sites have their own SSL certificate, not the one used by
|
|
the actual site. The reason for this is that I needed the client to
|
|
access the proxy instead of failing to access the site (like
|
|
reddit.com) by not finding an AAAA entry.
|
|
|
|
The disadvantage of this is that I have to decrypt and re-encrypt the
|
|
traffic. So while I am not interested in your data, I advise to use
|
|
this service knowing that the TLS connection is decrypted and
|
|
reencrypted on the path.
|
|
|
|
## List of sites
|
|
|
|
You find the current list of sites on
|
|
[via-ipv6.com](https://via-ipv6.com). If you would like to have
|
|
another site added, just ping me on [IPv6.chat](https://IPv6.chat).
|