[squid-users] IPv6 only network

[Amos Jeffries]

On 31/10/17 18:34, xpro6000 wrote:
> Unfortunately my ISP does not provide an IPv6 IP, I need to create an 
> only IPv6 network so I can test an iphone app as required by the Apple store
> 
> https://developer.apple.com/support/ipv6/ 
> <https://developer.apple.com/support/ipv6/>
> 

Squids' default behaviour is to follow BCP 177. So any use of IPv4 is a 
strong indication that the server used by your app is having IPv6 
connectivity issues.

see "Limitations of Local Testing" at 
<https://developer.apple.com/library/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html#//apple_ref/doc/uid/TP40010220-CH213-SW1>.


> What I did was, I created a VPS with IPv6 support, I added the following 
> to squid.conf
> 
> http_port 3001
> acl port1 myport 3001

Use "myportname" ACL type. 'myport' is deprecated.

> tcp_outgoing_address 2001:19f1:9232:d4d:b757:3535:1910:412e port1
> server_persistent_connections off

Why disabling persistence? it has nothing to do with IPv4 vs IPv6.

> 
> The config above works fine. If the website supports IPv6, it does use 
> that IPv6 IP. But Squid uses IPv4 if the website does not support IPv6
> 
> Is there anyway to prevent Squid to use IPv4 for outgoing connections?
> 

IPv4 is not yet an optional protocol so technically no. But there are 
several ways to safely achieve IPv6-only traffic:

* some DNS resolvers can be configured not to deliver A records.

* ensure the NIC of the machine running Squid has no IPv4 addresses.

* ensure that IPv4 space is all non-routable.

* ensure your Squid machines firewall is configured to reject (_not_ 
drop) IPv4 packets.


Notice how all of those are things you would need to do to make your 
network *actually* IPv6-only and have nothing directly to do with Squid.

Amos