W dniu 24.09.2022 o 15:15, Pierre Dupond pisze:
Hi All, All my question is already in the title. I plan to have an IPv6 only network. I know that with DNS64, Nat64 and pf (af-to) it is easy to connect an IPv6 address to an IPv4 address.What I want to do is the opposite direction. It could be useful occasionally to reach an IPv6 server from an IPv4 address. This is the case, for instance, if the Internet provider filters some ports necessary for establishing a VPN connection but authorizes the most common ports like the standard ports for ssh (or http and https). Is this possible with PF and OpenBSD? Best regards,
NAT64 is easy, because you can fit 32-bit IPv4 address easily in 128-bit IPv6 address. You cannot fit 128-bit IPv6 address in 32-bit IPv4 address.
You could possibly do it on per-server basis, eg connections to 192.0.2.3 are redirected to 2001:db8::dead:beef and connections to 192.0.2.4 are redirected to 2001:db8::c0:ffee. I don't know if pf itself can do it, but you could probably use socat or even relayd to work as a proxy in userspace to achieve that.
Anyway, it sounds like you want IPv6 proxy that is able to connect to IPv4 addresses. If your applications are not proxy-aware, VPN would work too. Put VPN's endpoint on IPv6, then use IPv4 virtual network.
> [...] if the Internet provider filters some ports necessary for establishing a VPN connection but authorizes the most common ports like the standard ports for ssh (or http and https).
Then I'd ask ISP whether I'm paying for access to internet or for access to websites. And VPN on port 443/TCP would solve that problem.
Regards -- Łukasz Moskała
