via-ipv6.com: enabling IPv4 sites for IPv6 only networks

via-ipv6.com: enabling IPv4 sites for IPv6 only networks

written by Nico Schottelius on 2019-10-17

Have you ever been in an IPv6 only network and wanted to reach IPv4 sites without NAT64?

Inspired by talks at RIPE79, I decided to give it a try, whether we can easily expose some IPv4 only sites with a proxy to the IPv6 Internet.

Turns out, using a bit of nginx magic and an IPv6 only VM with NAT64 this is actually not too hard.

How it works

First of all, all sites are enabled on a site-by-site basis, so this is not a generic IPv6-to-IPv4 proxy.

For every "site", be it Hackernews, Twitter or Reddit, I created a subdomain below via-ipv6.com like:

Each of the sites have their own SSL certificate, not the one used by the actual site. The reason for this is that I needed the client to access the proxy instead of failing to access the site (like reddit.com) by not finding an AAAA entry.

The disadvantage of this is that I have to decrypt and re-encrypt the traffic. So while I am not interested in your data, I advise to use this service knowing that the TLS connection is decrypted and reencrypted on the path.

List of sites

You find the current list of sites on via-ipv6.com. If you would like to have another site added, just ping me on IPv6.chat.