From 4471662bdbc0a0bb18caaa710fd0755ea776b820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 18 Feb 2020 14:58:33 +0100 Subject: [PATCH] New article: Proying IPv4 traffic via the ungleich VPN --- .../contents.lr | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr diff --git a/content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr b/content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr new file mode 100644 index 0000000..050cfc8 --- /dev/null +++ b/content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr @@ -0,0 +1,42 @@ +title: Proying IPv4 traffic via the ungleich VPN +--- +pub_date: 2020-02-18 +--- +author: Timothée Floure +--- +_hidden: no +--- +_discoverable: yes +--- +abstract: +DNS64 is now available for the ungleich VPN, allowing to reach the IPv4 +world... on an IPv6-only VPN! + +--- +body: + +We have been offering an [IPv6-capable VPN](https://ungleich.ch/ipv6/vpn/) +alongside our IPv6-only VPS hosting for a while in order to bring IPv6 +connectivity to customers stuck in the IPv4 world. The service also allows you +to reach the IPv6-enabled side of global Internet but was not able to connect +to IPv4-only services (such as [github](https://github.com/)!), which can be +painful depending on your use-case. + +This shortcoming is no more since we recently deployed two +[DNS64](https://en.wikipedia.org/wiki/IPv6_transition_mechanism#DNS64) +resolvers available to any VPN user. They will generate a synthetic IPv6 +address for domains lacking an `AAAA` (i.e. IPv6) DNS record, which will in +turn be routed via our NAT64 gateway. You only have to configure +`2a0a:e5c0:2:12:0:f0ff:fea9:c451` and `2a0a:e5c0:2:12:0:f0ff:fea9:c45d` as DNS +servers when you are connected to the VPN: all the details and instructions are +available on [our +wiki](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Ungleich_IPv6_wireguard_VPN#Proxy-all-traffic-via-the-VPN), although it boils down to two lines in your wireguard configuration. + +The above means that ungleich now provides a *fully-fledged* VPN! Note, however, that +direct IPv4 queries (i.e. requests 'bypassing' DNS resolution) won't be routed +though the VPN. Full isolation can be achieved using network namespaces as +described in the [wireguard +documentation](https://www.wireguard.com/netns/#the-new-namespace-solution). +Feel free to [join our +chat](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/CHATting_with_ungleich) +to discuss such (non-trivial) setup in details!