Have you ever been in an IPv6 only network and wanted to reach IPv4 sites without NAT64?
Inspired by talks at RIPE79, I decided to give it a try, whether we can easily expose some IPv4 only sites with a proxy to the IPv6 Internet.
Turns out, using a bit of nginx magic and an IPv6 only VM with NAT64 this is actually not too hard.
First of all, all sites are enabled on a site-by-site basis, so this is not a generic IPv6-to-IPv4 proxy.
For every "site", be it Hackernews, Twitter or Reddit, I created a subdomain below via-ipv6.com like:
Each of the sites have their own SSL certificate, not the one used by the actual site. The reason for this is that I needed the client to access the proxy instead of failing to access the site (like reddit.com) by not finding an AAAA entry.
The disadvantage of this is that I have to decrypt and re-encrypt the traffic. So while I am not interested in your data, I advise to use this service knowing that the TLS connection is decrypted and reencrypted on the path.