Thursday, February 01, 2024

IPV6 readiness

A blog post about AWS charging for IPV4 addresses -

We could use AAAA records (IPV6) instead of A records (IPV4) to avoid these charges, since Cloudflare would proxy to IPV4 and IPV6. In case we need to SSH into the servers, and our ISP / router does not support IPV6, then we might need something like this,
 
A and AAAA are auto generated for cloudflare proxied servers.

But for ssh, we will need to use cloudflare tunnels.
Connect private networks · Cloudflare Zero Trust docs 
 
 
According to https://aws.amazon.com/blogs/networking-and-content-delivery/dual-stack-ipv6-architectures-for-aws-and-hybrid-networks/:

    1. Go to your VPC settings and assign a /56 prefix.
    2. Go to subnet settings within the VPC and assign a /64 to the subnet.
    3. Go to the instance's network interface settings and enable IPv6 address assignment. 

Full howto:
 
How to connect to ssh without ipv6, from Amazon console instead of Cloudflare -
(could not try out since my account doesn't have the required permissions.)
 
On Azure it seems to be fairly straightforward to add IPV6
 
Created an ssh tunnel with

Then connect with warp using
 
Probably we don't need warp, only need to make sure the tunnel is to 2222 and not 22.
checking config files as per
change port at ~/.cloudflared/config.yml

But no, we don't have those config files because we created from dashboard - 

Example config at
which is live at
 
There, they talk of a browser rendered terminal.
 

Logged in success with browser-rendered terminal on Edge browser on Windows 11. 
 
Possible pain point - Note is that for each login (with a timeout of 24 hours as the default), we have to copy-paste the private key, in PEM format, into the authentication form. PEM format for the private key is a must. OpenSSH format doesn't work - Browser SSH Private Keys not working - Zero Trust / Access - Cloudflare Community.
 
 
 
 
 
 

Posted by on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)