You are not logged in.

#1 2018-02-28 10:02:15

Registered: 2016-04-26
Posts: 3

Accessing a server with a IPv6 only adress from a IPv4 network

Hello everybody!
For educational pruposes I have got a server at home, where different software is hosted for my students (nextcloud, mediawiki, different blogs). It is a proxmox host with different Arch instances. My ISP is giving me a (almost) static IPv6 /64 net only. I have no public IPv4 adress - I had to share it with a thousends of other people. So every virtual machine has got a static IPv6, a AAAA record on the domain and everything is working finde except you are in a network which is not supporting IPv6 - and that is exactly my problem.

Users in IPv4-only networks can't reach the services. Much telephone-providers (or sub-providers, or sub-sub...-providers) doesn't support IPv6 on UMTS or HSDPA-connections in germany. I had to find a solution for a problem which would not exist, if those providers had read the IPv6 specifications a single time since 1998...

One solution is to use one of those portmapper-services. But in that case I only get a single port, so I had to go to https://domain.tld:12345 - which doesen't seems to be professional and no user could remember different ports for different services (and the user has to find out if he is in a IPv4 only network). Not nice!

I thought I could rent a small virtual server with a static IPv4 adress. Add a A-record to every domain pointing to those virtual-IPv4-server, and install something like Apache to "catch" from which domain the call is coming and use

ProxyPass "/" "https://IPv6-Adress of the home server"
ProxyPassReverse "/" "https://IPv6-Adress of the home server"

But this gives me a loooot of problems: The connection between client and IPv4 server should be secured. On every single IPv6 host is a certificate for HTTPS (Letsencrypt) installed. I had to copy those certificates to the IPv4-Server every time they are new generated. Furthermore the connection between IPv4-Server and IPv6-Server should be secured to - but the certificate is not valid for a IP-Adress.

Has anybody a better idea to solve my problem? Are my thoughts on the right way (or is it the best way)?
If you have read to this sentence - THANK YOU!



#2 2018-02-28 15:27:26

From: Pasadena, CA
Registered: 2009-07-13
Posts: 15,534

Re: Accessing a server with a IPv6 only adress from a IPv4 network

My first suggestion would be to run Squid on your rented VM and reverse proxy in IPv6 mode back to your server.
Or Pound

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
How to Ask Questions the Smart Way


#3 2018-02-28 15:39:11

Registered: 2012-05-17
Posts: 2,700

Re: Accessing a server with a IPv6 only adress from a IPv4 network

You can probably also try snip or sniproxy. That way you don't have to put SSL keys on your v4/v6 bridge.

Edit: With more work you can maybe even translate all incoming ipv4 adresses to a specific ipv6 in a custom a /96 subnet, so that your servers still get unique ips for all clients. (I'm not completely sure, maybe you'd need kernel support to specify a source address when connecting?) … e-connect/

Last edited by progandy (2018-02-28 16:14:08)


Board footer

Powered by FluxBB