IPv6 tunnel

[klmhsb42]

Could you offer a HTTPS 4to6 tunnel? For which the user

• Can buy (you decide the price) one activation per year (as one time product) in your store for same syncloud.it account

• The activation availability is checked then in syncloud.it account with expiration date

• Has then just one ON/OFF button under [devicename].syncloud.it which appears if IPv6 is used/available and the activation availability was bought

• If the button is ON, all IPs are checked if they are compatible, if not, ONLY then traffic is over your server

• You could use https://github.com/wojtekka/6tunnel

An alternative idea would be to have decentralized peer-to-peer system by syncloud app. This could be interesting:

• https://github.com/vanrein/6bed4

• https://www.cs.cornell.edu/home/rvr/papers/ipv6.pdf

[klmhsb42]

To offer tunnel service could be maybe also a solution for users who have Carrier-grade NAT at home (no public ip, neither v4 nor v6)? Correct me if I'm wrong.

[SebastGG]

Hello all together, i changed my ISP and now i only have DS lite. Only ipV6 adress. Is there a way to use syncloud?

[klmhsb42]

You can access from any device in your private network (connected by WiFi) or from extern with IPv6. E.g. mobile ISPs (in Germany) like Telekom or Vodafone. Telefonica (O2) doesn't offer IPv6. You can test with https://ipv6-test.com/

[SebastGG]

alright, thanks. I've upgraded my contract. Now i have a normal ipv4 address.

[klmhsb42]

@cyberb I would be open to rent a small vserver for testing and try socat (in combination with the OpenVPN app) as it allows UDP (as 6tunnel supports only TCP, which is not working with OpenVPN). I would follow this tutorial (sorry it's in German). As the OpenVPN app has then to take the IPv4 address of the vserver, do you think it would work if I just enable External access button of the syncloud device and put the public IPv4 address of the vserver into it (and maybe re-activate the device)? Could I access also the syncloud domain then from IPv4 only without using the OpenVPN app?

[klmhsb42]

https://syncloud.discourse.group/t/cloudflare-tunnel-configuration/280

[cyberb]

If you just want to access 4 only network from 6 only network and vise versa 6tunnel may work.

All you need is a VM (proxy) which has both networks 4 and 6 (any cloud vm should work these days). Where you would simply listen on port 443 and tunnel to your device IP port 443. Then enable external access on your device with that proxy IP.

I think OpenVPN is not related, unless you actually want a private network between you and the device across ip4/6 networks.

[cyberb]

If that does not work you can try haproxy with a single backend (ssl passthrough) https://www.ssltrust.co.uk/help/setup-guides/haproxy-reverse-proxy-setup-guide

But any tunneling tool should work here.

[cyberb]

While CGNAT obviously requires device initiated connection outside, but even this case is not very difficult, all you need is to run ssh which supports tunnel from device to proxy vm.

On device:

ssh -f -N -T -R443:localhost:443 proxy

This tunnel actually also actually works in regular (non CGNAT) network. Also this is more secure as it does not require opening device itself to public only proxy vm.

https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work

[klmhsb42]

Alright, your answers are good for documentation here. I do not personally need it anymore. We can close this if no one needs it.

[cyberb]

Ok, this may become a premium feature at some point if there is a demand for it. A checkbox on access page to enable a proxy mode so Syncloud automatically creates a tunnel from the cloud for you.

[dumblob]

As a side note - ssh is TCP but more importantly has flawed protocol latency-wise (throughput is OK though). So it will feel slow. Modern wireguard shall be a better alternative for all sorts of tunelling scenarios.