Squid is using ipv4 for non-ssl connections

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid is using ipv4 for non-ssl connections

Joshua Bazgrim
Hi there,

I'm still fairly new to squid. Hoping someone can help me out.
I have a tcp_outgoing_address for ipv6 that routes to nftables to give me a rotating ipv6 address.

However, on non-ssl calls, it uses ipv4 instead.
Is there a way to have squid use ipv6 for non-ssl calls?

curl -L -x PROXYIP:3128 http://api6.ipify.org # This returns an ipv4 address through squid
curl -L -x PROXYIP:3128 https://api6.ipify.org   # This returns an ipv6 address through squid

If I don't use the squid proxy, it properly returns an ipv6 for non-ssl connections.

squid 4.9
The squid.conf file is default besides tcp_outgoing_address

Any ideas?

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid is using ipv4 for non-ssl connections

Amos Jeffries
Administrator
On 23/06/20 9:14 am, Joshua Bazgrim wrote:
> Hi there,
>
> I'm still fairly new to squid. Hoping someone can help me out.
> I have a tcp_outgoing_address for ipv6 that routes to nftables to give
> me a rotating ipv6 address.
>

Hint: you cannot talk to IPv4 servers using IPv6 address.


> However, on non-ssl calls, it uses ipv4 instead.
> Is there a way to have squid use ipv6 for non-ssl calls?
>
> curl -L -x PROXYIP:3128 http://api6.ipify.org # This returns an ipv4
> address through squid
> curl -L -x PROXYIP:3128 https://api6.ipify.org   # This returns an ipv6
> address through squid
>
> If I don't use the squid proxy, it properly returns an ipv6 for non-ssl
> connections.
>
> squid 4.9
> The squid.conf file is default besides tcp_outgoing_address
>
> Any ideas?
>

Tried investigating yet?
<https://wiki.squid-cache.org/KnowledgeBase/DebugSections>

The domain you mention has a mix of both IPv6 and IPv4 addresses. Squid
should be using whichever it can connect to. There is a small bias
towards IPv6, but no guarantee.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid is using ipv4 for non-ssl connections

Eliezer Croitoru-3

Just to clear out the doubts about the subject.

 

The decision on what IP version to use for outgoing connections is based on:

  • DNS A and AAAA records
  • Reachability:  Ping? Icmp? Happy Eyeballs?

 

I am not sure what was the situation but,
some tests were done to run an IPv6 only network with IPv6 to IPv4 Gateways.

However I am not sure what happen with these trials.

As far as I remember the decision was to run full Dual Stack networking for a period of time until IPv4 will “die”.

 

The domain webpage has a notification:

“Oct 1, 2020 the A record for api6.ipify.org will be removed to make the subdomain only for IPv6 requests. For universal access please use api64.ipify.org.”

 

So.. there is time until you can test with this specific domain.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

 

From: [hidden email]
Sent: Tuesday, June 23, 2020 10:28 AM
To: [hidden email]
Subject: Re: [squid-users] Squid is using ipv4 for non-ssl connections

 

On 23/06/20 9:14 am, Joshua Bazgrim wrote:

> Hi there,

>

> I'm still fairly new to squid. Hoping someone can help me out.

> I have a tcp_outgoing_address for ipv6 that routes to nftables to give

> me a rotating ipv6 address.

>

 

Hint: you cannot talk to IPv4 servers using IPv6 address.

 

 

> However, on non-ssl calls, it uses ipv4 instead.

> Is there a way to have squid use ipv6 for non-ssl calls?

>

> curl -L -x PROXYIP:3128 http://api6.ipify.org # This returns an ipv4

> address through squid

> curl -L -x PROXYIP:3128 https://api6.ipify.org   # This returns an ipv6

> address through squid

>

> If I don't use the squid proxy, it properly returns an ipv6 for non-ssl

> connections.

>

> squid 4.9

> The squid.conf file is default besides tcp_outgoing_address

>

> Any ideas?

>

 

Tried investigating yet?

<https://wiki.squid-cache.org/KnowledgeBase/DebugSections>

 

The domain you mention has a mix of both IPv6 and IPv4 addresses. Squid

should be using whichever it can connect to. There is a small bias

towards IPv6, but no guarantee.

 

 

Amos

_______________________________________________

squid-users mailing list

[hidden email]

http://lists.squid-cache.org/listinfo/squid-users

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users