Tag: IPv6

What happens if an IPv4 client tries to access an IPv6-only server (SOLVED)

Question:

Hey! The article says that IPv6 is a completely different protocol, I had a question. If my recipient's email works only on IPv6 (that is, his mail server listens only through the IPv6 protocol), does this mean that when sending a letter from a mail server that is connected only to IPv4, the letter simply will not reach the recipient, that is, I will have to choose some kind of mail service whose mail server works with both IPv6 and IPv4 so that my friend can read my letter?

Answer:

The considered situation, when one server has only an IPv4 address, and the second server has only an IPv6 address, is purely theoretical. ISPs that use IPv6 and provide IPv6 addresses to customers also provide IPv4 addresses at the same time.

For example, this router is connected to an ISP that supports IPv6. However, a router has two types of IP addresses:

  • 10.241.24.29
  • 2001:fb1:fc0:135:20e8:31d0:4821:6624

My computer is connected to this router, so it also has two types of IP addresses:

  • 192.168.1.58
  • 2001:fb1:139:20d8:82c0:cb25:b750:24d4

Note that IPv4 and IPv6 are such separate networks that for IPv6, the router has its own DNS server IP – 2001:fb0:100::207:49.

The same is true for hosting providers. For example, ISPs in my country do not support IPv6. But at the same time, hosting providers in my country have been supporting IPv6 for a very long time (for example, I set up IPv6 for SuIP.biz back in 2016, while one rented VPS server came with one free IPv4 and 3 free IPv6).

You can search for websites with IPv6 support and look at their DNS records – you will see that in addition to the AAAA record (IPv6 address of the site), there is also an A record for the site (IPv4 address of the site).

That is, yes, if one of the computers (client or server1) is connected only to an IPv4 network, and the second computer (server or server2) is connected only to an IPv6 network, then theoretically it is simply impossible to build a network route between them from the first to the second. But in practice, this problem does not arise simply for the reason that absolutely all clients and servers support IPv4, and some also support IPv6. That is, all possible combinations work according to one of the following options:

  • client and server support IPv6 – IPv6 is used
  • client supports IPv6 and server does not support IPv6 – IPv4 is used
  • client does not support IPv6 and server supports IPv6 – IPv4 is used
  • client does not support IPv6 and server does not support IPv6 – IPv4 is used

However, it is possible to isolate an IPv6-enabled server from an IPv4 network, which is what I talk about in the section “How to configure SSH to work with IPv6 only”.

In short: IPv4 and IPv6 are two different networks, even though they run on the same wires and on the same hardware.

If you're interested in a specific error, when you try to open an IPv6-only site from an IPv4-only client, you get the “Network is unreachable” error.

Another example of an error: if you try to run the following command from an IPv6-enabled network:

sudo nmap -6 suip.biz

then the host suip.biz will be scanned.

If you run the same command from a network without IPv6 support, an error will be displayed: “setup_target: failed to determine route to suip.biz (2a02:f680:1:1100::3d60)”.

See also detailed IPv6 guides:

Online services with IPv6 support:

How to configure Squid to use IPv4

Because the IPv6 Internet is as fast or faster than the IPv4 Internet for most networks, Squid prefers to connect to websites over IPv6.

The “dns_v4_first on” option changes the order of preference so that Squid will first bind to dual-stack websites over IPv4. Squid will still do both IPv6 and IPv4 DNS queries before connecting.

A WARNING. This parameter limits the situations in which IPv6 connectivity is used (and tested). This hides network problems that would otherwise have been detected and warned about.

So, to switch to IPv4, add the following option to the config file:

dns_v4_first on

Now the request on port 24004 will print the IPv4 address:

curl --proxy localhost:24004 https://w-e-b.site/ip/

But the fact is that requests to ports 24000-24003 will also display IPv4 addresses, since the remote host uses both of them, and IPv4 is now selected by default.

That is, in essence, this option is a switch between IPv4 and IPv6. This is not very convenient and a little illogical. You need to remember this, because using different IP addresses on the same proxy server, you can get confused about which one is actually used.

Starting with version 5 of Squid, the dns_v4_first option will be removed. Instead of obeying the dns_v4_first setting, the IP family is now largely controlled by the DNS response time: if the AAAA DNS response comes first while Squid is waiting for IP addresses, then Squid will use the first received IPv6 addresses. For previously cached IP addresses, Squid tries IPv6 addresses first. To manage the family of IP addresses used by Squid, administrators must use firewalls, recursive DNS resolver configuration, and/or --disable-ipv6. When planning configuration changes, keep in mind that the upcoming improvements to Happy Eyeballs will facilitate faster TCP connections while reducing the impact of DNS resolution times.

The fifth version implements the “Happy Eyeballs” algorithm, which uses the received IP as soon as it is needed. Firewall rules that deny IPv6 TCP connections remain the preferred configuration method for “disconnecting” IPv6 connections, with a recursive DNS resolver configuration.

See also the Squid setup guide: How to create and configure a Squid proxy server

How to check if my router supports IPv6

How to open a site on IPv6

The fastest and easiest way to find out if a router can work with IPv6 is to check if it can open a site with an IPv6 address. Use the service “Do I have IPv6”. This website allows you to connect to it in a variety of ways – just follow the link and you will see if you can connect to IPv6 addresses. If you have an IPv6 address, this automatically means that your router supports this protocol.

But if this site writes that you do not use IPv6, then this does not mean that your router is not IPv6 enabled – it is quite possible that the whole point is in the Internet provider, many of which do not yet know how to work with IPv6.

Take a look at the settings of your router

You can go to the control panel of your router and if you see the settings for IPv6 there, it means that there is support.

This router has an “IPv6” tab and even an assigned IPv6 address. But in fact, IPv6 addresses from fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff are local addresses. That is, the router creates a local IPv6 network, but due to the fact that this Internet service provider does not support IPv6, it is impossible to connect to IPv6.

Global addresses currently can only begin with 2 or 3 (others are simply not being distributed yet).

How to check on the command line if the router can work with IPv6

If the router supports IPv6, then during automatic network configuration, the network interfaces of your computer also receive settings for IPv6. Therefore, even if you did not specifically configure and even if your ISP does not support IPv6, your network interfaces will have IPv6 addresses.

On Windows, run the following command at the command prompt:

ipconfig

This screenshot shows both global IPv6 addresses (starting with 2 or 3) and local ones, ranging from fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff. If you also have it, it means that both your router and your ISP support IPv6.

In the next screenshot, only local IPv6 is visible – this means that the router supports this type of addresses, but the Internet service provider does not.

If you do not see IPv6 addresses at all, then your router does not support them, or they are disabled in its settings.

On Linux, to view IPv6 addresses, run the command:

ip -6 a

This screenshot shows both global IPv6 addresses (starting with 2 or 3) and local ones, ranging from fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff. This means that both the router and the ISP support IPv6.

In the following screenshot, only local IPv6 is present – this means that the router supports this type of addresses, but the Internet service provider does not.

If you do not see IPv6 addresses at all, then your router does not support them, or they are disabled in its settings, or in the operating system settings – this is also possible.

Loading...
X