ungleich-staticcms/content/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/contents.lr

56 lines
1.7 KiB
Text
Raw Permalink Normal View History

2019-10-17 17:05:42 +00:00
title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks
---
pub_date: 2019-10-17
---
author: Nico Schottelius
---
twitter_handle: NicoSchottelius
---
_hidden: no
---
_discoverable: yes
---
abstract:
We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks
---
body:
Have you ever been in an IPv6 only network and wanted to reach IPv4
sites without NAT64?
Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to
give it a try, whether we can easily expose some IPv4 only sites with
a proxy to the IPv6 Internet.
Turns out, using a bit of nginx magic and an
[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is
actually not too hard.
## How it works
First of all, all sites are enabled on a site-by-site basis, so this
is not a generic IPv6-to-IPv4 proxy.
For every "site", be it Hackernews, Twitter or Reddit, I created a
subdomain below **via-ipv6.com** like:
* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)
* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)
* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)
Each of the sites have their own SSL certificate, not the one used by
the actual site. The reason for this is that I needed the client to
access the proxy instead of failing to access the site (like
reddit.com) by not finding an AAAA entry.
The disadvantage of this is that I have to decrypt and re-encrypt the
traffic. So while I am not interested in your data, I advise to use
this service knowing that the TLS connection is decrypted and
reencrypted on the path.
## List of sites
You find the current list of sites on
[via-ipv6.com](https://via-ipv6.com). If you would like to have
another site added, just ping me on [IPv6.chat](https://IPv6.chat).