#Hack4Glarus - Summer 2018

July 8th 2018

Andrés (Evilham)



Proxying IPv6-only services for IPv4 clients

Why proxy IPv6 services for IPv4 clients?

Why IPv6?

"[…] Without IPv6 you are locked and leave it up for the big companies to change the world.

IPv6 gives you, hackers, developers, small and middle-sized companies, and sysadmins the freedom to choose.[…]"

Why proxy IPv6 services for IPv4 clients?

What did we do?

What did we do?

Set up one dual-stack server (proxy)

Two IPv6-only backend servers (web1, web2)

41 A records to proxy

20 AAAA records to web1 and web2 each.

What did we do?

We proxy HTTP and HTTPS requests from proxy to backend.

There is a management API for the host whitelist.

Certificates are generated on-the-fly on both proxy and backend.

They are valid because we use Let's Encrypt.

What did we do?

The implementation is mostly protocol-independent.

It relies on HTTP(s) proxying for TLS Certificate generation.

Can be expanded to other protocols.

Was it worth it?

Maybe not?

Nginx may be able to do it and proxies SMTP(S) and IMAP(S)

OTOH, it was fun and maybe this is more flexible

Thank you!

Slides and code are available online



Give Twisted Python a go!