vgk/ungleich-staticcms
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'dns64-vpn' into 'master'

Browse source 
New article: Proying IPv4 traffic via the ungleich VPN

See merge request ungleich-public/ungleich-staticcms!5
This commit is contained in:
nico14571 2020-02-19 14:15:57 +01:00
commit 3f5f28f5d6
1 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
content/u/blog/2020-02-18-proxying-ipv4-traffic-via-ungleich-vpn/contents.lr Normal file
View file

@ -0,0 +1,42 @@
title: Proying IPv4 traffic via the ungleich VPN
---
pub_date: 2020-02-18
---
author: Timothée Floure
---
_hidden: no
---
_discoverable: yes
---
abstract:
DNS64 is now available for the ungleich VPN, allowing to reach the IPv4
world... on an IPv6-only VPN!
---
body:
We have been offering an [IPv6-capable VPN](https://ungleich.ch/ipv6/vpn/)
alongside our IPv6-only VPS hosting for a while in order to bring IPv6
connectivity to customers stuck in the IPv4 world. The service also allows you
to reach the IPv6-enabled side of global Internet but was not able to connect
to IPv4-only services (such as [github](https://github.com/)!), which can be
painful depending on your use-case.
This shortcoming is no more since we recently deployed two
[DNS64](https://en.wikipedia.org/wiki/IPv6_transition_mechanism#DNS64)
resolvers available to any VPN user. They will generate a synthetic IPv6
address for domains lacking an `AAAA` (i.e. IPv6) DNS record, which will in
turn be routed via our NAT64 gateway. You only have to configure
`2a0a:e5c0:2:12:0:f0ff:fea9:c451` and `2a0a:e5c0:2:12:0:f0ff:fea9:c45d` as DNS
servers when you are connected to the VPN: all the details and instructions are
available on [our
wiki](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Ungleich_IPv6_wireguard_VPN#Proxy-all-traffic-via-the-VPN), although it boils down to two lines in your wireguard configuration.
The above means that ungleich now provides a *fully-fledged* VPN! Note, however, that
direct IPv4 queries (i.e. requests 'bypassing' DNS resolution) won't be routed
though the VPN. Full isolation can be achieved using network namespaces as
described in the [wireguard
documentation](https://www.wireguard.com/netns/#the-new-namespace-solution).
Feel free to [join our
chat](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/CHATting_with_ungleich)
to discuss such (non-trivial) setup in details!