ungleich redmine: Issueshttp://localhost:3000/http://localhost:3000/favicon.ico?16699092332021-07-17T19:43:13Zungleich redmine
Redmine Open Infrastructure - Task #9516 (New): Add proxy protocol support for IPv4<->IPv6 proxies to ena...http://localhost:3000/issues/95162021-07-17T19:43:13ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>Based on <a class="external" href="https://www.haproxy.com/blog/haproxy/proxy-protocol/">https://www.haproxy.com/blog/haproxy/proxy-protocol/</a></li>
<li>Needs support in the backend</li>
<li>Need to check whether we can enable it <strong>per</strong> backend as an option <del>or</del> whether we make it a per proxy setting</li>
</ul> Open Infrastructure - Task #9401 (New): Building an IPv6 only Matrix networkhttp://localhost:3000/issues/94012021-06-07T20:10:21ZNico Schotteliusnico.schottelius@ungleich.ch
<a name="Objective"></a>
<h2 >Objective<a href="#Objective" class="wiki-anchor">¶</a></h2>
<p>Have a test case of an IPv6 only Matrix network or rooms. Servers/client that want to join are required to have IPv6.</p>
<a name="Implementation-core-network"></a>
<h2 >Implementation core network<a href="#Implementation-core-network" class="wiki-anchor">¶</a></h2>
<ul>
<li>Synapse running IPv6 only</li>
<li>No outgoing NAT64/DNS64</li>
<li>Possibly using the domain "ipv6.social" for the matrix domains (i.e. ungleich could run on @xyz:ungleich.ipv6.social, anyone joining can select a DNS name of their choice)
<ul>
<li>Only if of interest for a common view towards outside</li>
</ul>
</li>
<li>Only incoming IPv6
<ul>
<li>No proxies or similar to bridge from the IPv4 world</li>
</ul>
</li>
<li>Maybe removing A records from DNS</li>
</ul>
<a name="Implementation-federation-other-Servers"></a>
<h2 >Implementation federation / "other Servers"<a href="#Implementation-federation-other-Servers" class="wiki-anchor">¶</a></h2>
<ul>
<li>Other servers can be IPv6 only on dual stack
<ul>
<li>Need to define whether the federation should accept dual stack or not</li>
</ul></li>
</ul> Open Infrastructure - Task #8537 (New): Check whether we can support DNS wildcard with our ipv4/i...http://localhost:3000/issues/85372020-10-26T13:38:02ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Request:</p>
<pre>
Hi, I have a ipv6only vm have just set up a ipv4 to ivp6 proxy but it does not really work for my subdomain. is it needed that every subdomain is also included in the forwarding or is it possible that you set a wildcard?
</pre>
<p>We should be able to support this. We are currently using:</p>
<pre>
# HTTPS
use-server www.ungleich.ch if { req_ssl_sni -i www.ungleich.ch }
# HTTP
use-server ungleich.ch if { hdr(host) -i ungleich.ch }
</pre>
<p>Need to lookup how to match "ungleich.ch" and '*.ungleich.ch'</p> Open Infrastructure - Task #6762 (New): Allow IPv6 only hosts to properly send emails to IPv4 onl...http://localhost:3000/issues/67622019-06-03T16:18:42ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Currently IPv6 only hosts get NAT64'ed to one of our IPv4 addresses. When there is a mail server running on an IPv6 only host that connects to an IPv4 host using the source address 185.203.114.1 .</p>
<p>This again is reverse DNS based mapped to 185-203-114-1.legacy.ipv4.at.ungleich.ch and usually does not fit the EHLO message of the mail server.</p>
<p>We need to find a nice fix for this problem short term so that people can run their mail server in IPv6 only networks</p>