wget to an IPv4 server from IPv6-only VPS
I have a CentOS 7 VPS which does not have IPv4, and only has IPv6 networking. I've opened up Port 443 for accepting all TCP connections.
When I attempt to wget https://www.litespeedtech.com/packages/6.0/lsws-6.0RC1-ent-x86_64-linux.tar.gz
,
it throws an error (which I believe is because https://litespeedtech.com/ is not IPv6 enabled):
Resolving www.litespeedtech.com (www.litespeedtech.com)... 52.55.120.73
Connecting to www.litespeedtech.com (www.litespeedtech.com)|52.55.120.73|:443... failed: No route to host.
When attempting the same for Google (which is IPv6 enabled) wget https://google.com
, it succeeds:
Resolving www.google.com (www.google.com)... 2a00:1450:4016:805::2004, 172.217.23.68
Connecting to www.google.com (www.google.com)|2a00:1450:4016:805::2004|:443... connected.
HTTP request sent, awaiting response... 200 OK
How can I connect to IPv4 servers from my IPv6-only VPS? I've heard about TunnelBroker but I'm a complete newbie and have no idea on what I should do to configure it.
Solution 1:
IPv6 and IPv4 are different protocols. If you only have IPv6 address in Internet space, you cannot connect directly to IPv4 only services. It's really short answer - "no, you can't".
TunnelBroker and other free services offers only tunnels in other directions, i.e. from IPv4 to IPv6 and not vice-versa as far as I know. You can set up your own tunnel on another host running dual-stack (both IPv4 and IPv6) or try to find some commercial service for that purpose, but this is out of scope of Server Fault and I doubt that this is what you need.
For downloading a file you can use other PC and just transfer it to your IPv6 box over SSH.
Solution 2:
The solution was to change to Debian 10 (although this should also work for Ubuntu) and replace nameservers in /etc/resolv.conf
to use this Public NAT64 handoff service:
search blue.kundencontroller.de
options rotate
nameserver 2a00:1098:2b::1
nameserver 2a00:1098:2c::1
nameserver 2a01:4f8:c2c:123f::1
nameserver 2001:67c:2b0::4
nameserver 2001:67c:2b0::6
Please note that the resolv.conf is specifically for EUServ VPS-es. If you're using some other VPS, copy and paste only the nameservers
This allowed the VPS to (quite magically) access the IPv4 internet (yes, even installing packages from IPv4 vendor sites).
This service is run by a single individual, who also has access to all of your IPv4 traffic and all of your DNS traffic. If you are passing sensitive data or are making a serious website, I think the best bet is to get a IPv4 supported VPS as of now. You can also use this to download some package you weren't able to, and then revert back to your original nameservers.
Solution 3:
Using direct Wget is not the only solution to get installation packages to your server. As the IPv6 only network works perfectly fine for your use case (a site behind Cloudflare), I wouldn't try and use any hacks for getting IPv4 connectivity even temporarily, but use other ways to transfer the data:
-
Use an intermediate server with both IPv4 and IPv6 connectivity and mirror the packate there.
user@intermediate:/var/www$ wget https://ipv4only.example.com/packages/install.tar.gz user@vps:~$ wget https://intermediate.example.net/install.tar.gz
-
If you already have SSH connection to the server, you could probably also use SFTP (SSH File Transfer Protocol) for uploading the package instead of directly downloading it.
-
Configure your Wget to use a HTTPS proxy in
~/.wgetrc
(or global/etc/wgetrc
):https_proxy = http://[Proxy_Server]:[port]
You could use any proxy that supports IPv6 and HTTPS and you are willing to trust. However, I would still check the integrity of the file by comparing MD5 sums (
md5sum install.tar.gz
).