Running an IPv6-only VPS Gotchas! - Printable Version +- Post4VPS Forum | Free VPS Provider (https://post4vps.com) +-- Forum: VPS Discussion (https://post4vps.com/Forum-VPS-Discussion) +--- Forum: Tutorials (https://post4vps.com/Forum-Tutorials) +--- Thread: Running an IPv6-only VPS Gotchas! (/Thread-Running-an-IPv6-only-VPS-Gotchas) |
Running an IPv6-only VPS Gotchas! - fChk - 03-25-2020 I think it's time to document my experience with the free EUServ VPSs from the perspective of being IPv6-only. Running an IPv6-only VPS in today's still predominantly IPv4-based has challenges of its own. Of course, the degree will vary depending on your situation's specifics. Thus, I'll not try in anyway to be exhaustive but just document my steps at addressing them, given my own use-cases, starting with the most important in this OP. Connecting you to an IPv6-only VPS: not that easy! First things first; it happens that my ISP connectivity is still IPv4-only and, to make matters worse, it's heavily using NAT (Network Address Translation). In this situation you're already running into your first problem of not being able to reach your VPS. IPv4 and IPv6 are 2 incompatible protocols, but there are ways that try to make them communicate with each other. IPv4/IPv6 interoperability is a large subject that I won't get into here. Suffice it to say that there are two ways to address the issue in my own situation:
Code: ifconfig teredo I won't get into the details but just saying that the Teredo IPv6 address is recognizable by its 2001:0 prefix and the 53aa:64c part is mapped to the Teredo server IPv4 address while the rest is user's related (IPv4 address + ports used.) So now we've finally did it and logged into this IPv6-only VPS; then what?! Connecting IPv6-only VPS to the IPv4-Internet : This part was easy to sort out, thanks to @'Hidden Refuge' tip in his OP of the free EUServ VPSs Offer. From the links he provided, I ended up here (Public NAT64 service) and here (NAT64/DNS64 public test.) My systemd-resolved config file @'/etc/systemd/resolved.conf' looked like this: Code: [Resolve] Using a NAT64/DNS64 gateway is a matter of redirecting your traffic via their routers by simply using their nameservers. Now that this is out-of-the-way, what about running a Web server? Running a Web Server: Not much of a difference configuration-wise, just make sure to make HTTPD/Nginx listen to the adhoc-interfaces that are IPv6-enabled and let CloudFlare (CF) do the routing of the IPv4-traffic for you, because in this case nothing else work, AFAIK. Thus, you'll need to use both CF DNS and proxying services for your website to be universally accessible. I'm assuming that this is trivial knowledge, thus I won't dwell on it much longer. For a TLS-enabled website, I always opt for the full strict option when it comes to CF-enabled websites. One important issue I faced in the case of Nginx is that OCSP Stapling fails on IPv6-only hosts!!.. Code: 2020/03/25 09:52:20 [error] 7371#0: unexpected response for ocsp.int-x3.letsencrypt.org The cause is Nginx prioritizing IPv4 addresses over IPv6: Code: [root@ipv6VPS ~]# host ocsp.int-x3.letsencrypt.org The fix: Code: server { For more on this issue, please see 'OCSP stapling non-functional on IPv6-only host' I'll stop at this point, and may add other IPv6-specific issues when they come to light, so can anyone else who has found something of his own. Please share! RE: Running an IPv6-only VPS Gotchas! - rudra - 03-25-2020 Miredo code is old. Windows has teredo client implementation inbuilt. can be set up from command line. did you know that ? also Microsoft has free teredo servers in Seattle. many others provide that too. RE: Running an IPv6-only VPS Gotchas! - fChk - 03-25-2020 (03-25-2020, 03:23 PM)rudra Wrote: Miredo code is old.The question is does it implement RFC-4380 or not?.. Of course if the RFC is frozen and the technology is being slowly phased out due to an increasingly widespread deployment of IPv6, then there is no incentive in doing anything with the already existing code unless keeping its dependencies up-to-date, which is the case for miredo, hence it's still running and got the job done! (03-25-2020, 03:23 PM)rudra Wrote: Windows has teredo client implementation inbuilt. can be set up from command line. did you know that ?Of course!... Did you know that it's MS engineers that wrote the first draft of the Teredo protocol, in the first place ? :-) Check this post: https://post4vps.com/Thread-Up-to-3x-free-IPv6-only-VPS-by-EUserv?pid=34504#pid34504 (03-25-2020, 03:23 PM)rudra Wrote: also Microsoft has free teredo servers in Seattle. many others provide that too.I highly doubt that!.. I've only come across one that's still working, ie teredo.remlab.net. But it would be nice if you provide some working examples of Teredo servers, M$'s or otherwise. I think the majority has phased out their service. |