Merge branch 'dns64-vpn' into 'master'
New article: Proying IPv4 traffic via the ungleich VPN See merge request ungleich-public/ungleich-staticcms!5
This commit is contained in:
commit
3f5f28f5d6
1 changed files with 42 additions and 0 deletions
|
|
@ -0,0 +1,42 @@
|
||||||
|
title: Proying IPv4 traffic via the ungleich VPN
|
||||||
|
---
|
||||||
|
pub_date: 2020-02-18
|
||||||
|
---
|
||||||
|
author: Timothée Floure
|
||||||
|
---
|
||||||
|
_hidden: no
|
||||||
|
---
|
||||||
|
_discoverable: yes
|
||||||
|
---
|
||||||
|
abstract:
|
||||||
|
DNS64 is now available for the ungleich VPN, allowing to reach the IPv4
|
||||||
|
world... on an IPv6-only VPN!
|
||||||
|
|
||||||
|
---
|
||||||
|
body:
|
||||||
|
|
||||||
|
We have been offering an [IPv6-capable VPN](https://ungleich.ch/ipv6/vpn/)
|
||||||
|
alongside our IPv6-only VPS hosting for a while in order to bring IPv6
|
||||||
|
connectivity to customers stuck in the IPv4 world. The service also allows you
|
||||||
|
to reach the IPv6-enabled side of global Internet but was not able to connect
|
||||||
|
to IPv4-only services (such as [github](https://github.com/)!), which can be
|
||||||
|
painful depending on your use-case.
|
||||||
|
|
||||||
|
This shortcoming is no more since we recently deployed two
|
||||||
|
[DNS64](https://en.wikipedia.org/wiki/IPv6_transition_mechanism#DNS64)
|
||||||
|
resolvers available to any VPN user. They will generate a synthetic IPv6
|
||||||
|
address for domains lacking an `AAAA` (i.e. IPv6) DNS record, which will in
|
||||||
|
turn be routed via our NAT64 gateway. You only have to configure
|
||||||
|
`2a0a:e5c0:2:12:0:f0ff:fea9:c451` and `2a0a:e5c0:2:12:0:f0ff:fea9:c45d` as DNS
|
||||||
|
servers when you are connected to the VPN: all the details and instructions are
|
||||||
|
available on [our
|
||||||
|
wiki](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Ungleich_IPv6_wireguard_VPN#Proxy-all-traffic-via-the-VPN), although it boils down to two lines in your wireguard configuration.
|
||||||
|
|
||||||
|
The above means that ungleich now provides a *fully-fledged* VPN! Note, however, that
|
||||||
|
direct IPv4 queries (i.e. requests 'bypassing' DNS resolution) won't be routed
|
||||||
|
though the VPN. Full isolation can be achieved using network namespaces as
|
||||||
|
described in the [wireguard
|
||||||
|
documentation](https://www.wireguard.com/netns/#the-new-namespace-solution).
|
||||||
|
Feel free to [join our
|
||||||
|
chat](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/CHATting_with_ungleich)
|
||||||
|
to discuss such (non-trivial) setup in details!
|
||||||
Loading…
Reference in a new issue