decoderman
commented
5 years ago pixelserv-tls does not support IPv6. Use :: to direct blocked domains to the IPv6 null address in your blocking list. I use this in Diversion if the protocol is enabled.
Closed Fwirt closed 4 years ago
decoderman
commented
5 years ago pixelserv-tls does not support IPv6. Use :: to direct blocked domains to the IPv6 null address in your blocking list. I use this in Diversion if the protocol is enabled.
Fwirt
commented
5 years ago I think I found a workaround: Set pixelserv-tls to listen on an alternate port, and then use socat to "pipe" IPv6 requests into IPv4 requests. I don't know if the syntax is 100% correct, but
pixelserv-tls 192.168.1.1 -p 81 -k 444
socat TCP6-LISTEN:80,reuseaddr,fork TCP4:192.168.1.1:81
socat TCP6-LISTEN:443,reuseaddr,fork TCP4:192.168.1.1:444
seems to work for me. (Daemonized of course.) Looks like you'll have to generate a cert for your IPv6 address if you want to visit it locally and don't want your browser to complain.
imTHAI
commented
5 years ago @Fwirt It can be solved at the dns server level rather than at pixelserv level. If using dnsmasq, you can set it to only return A records for blocked domains using the address=/../ syntax to define the blocked domains.
kvic-z
commented
4 years ago If your network is still dual stacks (both IPv6 & IPv4). It's preferred to run pixelserv-tls on IPv4 (because pixelserv-tls atm only supports IPv4 & IPv4 has decades of optimization behind it). The only problem is to limit your DNS server resolve to IPv4 addresses only for the blocked domains - the solution as also suggested by imTHAI as well as decoderman.
Any other workaround to redirect IPv6 traffics to IPv4 is not recommended because I believe it's less efficient, meaning speedy in getting a response from pixelserv-tls (do let me know if otherwise, I'm always joyful to learn surprises:)
So lack of support of IPv6 only becomes a problem if your network is pure IPv6. But so far it seems this scenario is still eons away.
pixelserv-tls won't bind to an IPv6 socket. If started with default options, netstat reveals that it's only listening for IPv4 connections. The same behavior occurs if started with the hostname of the device running pixelserv-tls, which has a valid IPv6 address and connectivity. The same also happens if told to listen on an interface that has both IPv4 and IPv6 addresses. If passed an IPv6 address, it exits with "getaddrinfo: Address family for hostname not supported".
I'm running on a router running DD-WRT. Otherwise pixelserv is working great, but since my network is dual IPv4/IPv6, any domains that resolve to an IPv6 address aren't getting processed by pixelserv. IPv6 configuration seems to be correct, all other services are running fine, and pinging IPv6 addresses from the router works fine.