#Hack4Glarus - Summer 2018
2018-07-08
Outline
Proxying IPv6-only services for IPv4 clients
- Why?
- What did we do?
- Was it worth it?
Why proxy IPv6 services for IPv4 clients?
Why IPv6?
"[…] Without IPv6 you are locked and leave it up for the big companies to change the world.
IPv6 gives you, hackers, developers, small and middle-sized companies, and sysadmins the freedom to choose.[…]"
Why proxy IPv6 services for IPv4 clients?
- Pragmatism
- Money
- Best of two worlds for users?
What did we do?
What did we do?
Set up one dual-stack server (proxy)
Two IPv6-only backend servers (web1, web2)
41 A records to proxy
20 AAAA records to web1 and web2 each.
What did we do?
We proxy HTTP and HTTPS requests from proxy to backend.
There is a management API for the host whitelist.
Certificates are generated on-the-fly on both proxy and backend.
They are valid because we use Let's Encrypt.
What did we do?
The implementation is mostly protocol-independent.
It relies on HTTP(s) proxying for TLS Certificate generation.
Can be expanded to other protocols.
Was it worth it?
Maybe not?
Nginx may be able to do it and proxies SMTP(S) and IMAP(S)
OTOH, it was fun and maybe this is more flexible
Thank you!
Slides and code are available online
https://evilham.com/en/slides/2018-Hack4Glarus-summer
https://github.com/evilham/proxy426
Give Twisted Python a go!