Proying IPv4 traffic via the ungleich VPN

Posted on 2020-02-18 by Timothée Floure

We have been offering an IPv6-capable VPN alongside our IPv6-only VPS hosting for a while in order to bring IPv6 connectivity to customers stuck in the IPv4 world. The service also allows you to reach the IPv6-enabled side of global Internet but was not able to connect to IPv4-only services (such as github!), which can be painful depending on your use-case.

This shortcoming is no more since we recently deployed two DNS64 resolvers available to any VPN user. They will generate a synthetic IPv6 address for domains lacking an AAAA (i.e. IPv6) DNS record, which will in turn be routed via our NAT64 gateway. You only have to configure 2a0a:e5c0:2:12:0:f0ff:fea9:c451 and 2a0a:e5c0:2:12:0:f0ff:fea9:c45d as DNS servers when you are connected to the VPN: all the details and instructions are available on our wiki, although it boils down to two lines in your wireguard configuration.

The above means that ungleich now provides a fully-fledged VPN! Note, however, that direct IPv4 queries (i.e. requests 'bypassing' DNS resolution) won't be routed though the VPN. Full isolation can be achieved using network namespaces as described in the wireguard documentation. Feel free to join our chat to discuss such (non-trivial) setup in details!