From 261add8a53202af2a0015d775a0be62a99be3c75 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 17 Oct 2019 19:05:42 +0200 Subject: [PATCH] blog for ipv6 only networks --- .../contents.lr | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr diff --git a/content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr b/content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr new file mode 100644 index 0000000..8383aa5 --- /dev/null +++ b/content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr @@ -0,0 +1,55 @@ +title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks +--- +pub_date: 2019-10-17 +--- +author: Nico Schottelius +--- +twitter_handle: NicoSchottelius +--- +_hidden: no +--- +_discoverable: yes +--- +abstract: +We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks +--- +body: + +Have you ever been in an IPv6 only network and wanted to reach IPv4 +sites without NAT64? + +Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to +give it a try, whether we can easily expose some IPv4 only sites with +a proxy to the IPv6 Internet. + +Turns out, using a bit of nginx magic and an +[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is +actually not too hard. + +## How it works + +First of all, all sites are enabled on a site-by-site basis, so this +is not a generic IPv6-to-IPv4 proxy. + +For every "site", be it Hackernews, Twitter or Reddit, I created a +subdomain below **via-ipv6.com** like: + +* [reddit.via-ipv6.com](https://reddit.via-ipv6.com) +* [twitter.via-ipv6.com](https://twitter.via-ipv6.com) +* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com) + +Each of the sites have their own SSL certificate, not the one used by +the actual site. The reason for this is that I needed the client to +access the proxy instead of failing to access the site (like +reddit.com) by not finding an AAAA entry. + +The disadvantage of this is that I have to decrypt and re-encrypt the +traffic. So while I am not interested in your data, I advise to use +this service knowing that the TLS connection is decrypted and +reencrypted on the path. + +## List of sites + +You find the current list of sites on +[via-ipv6.com](https://via-ipv6.com). If you would like to have +another site added, just ping me on [IPv6.chat](https://IPv6.chat).