i believe what im trying to do is pretty simple but i cant for the life of me find the right documentation, guides or forum articles about this. im not sure whether squid or haproxy are the right pick for me but ive tried both and i couldnt get it to work
basically im trying to make my own proxies (something like webshare for example) but with ipv6, since i have a subnet of /48 ipv6 proxies on my virtual private server. my server is running arch linux and according to ip addr i have the following under the eth0 interface: inet6 xxxx:xxxx:xxx:xxxx::1/48 scope global. so if im not mistaken that means that i have access to more than a quintillion ipv6 addresses and i would like to be able to make requests through them, whether theyre randomly picked or specified by me through the proxy authentication process (for example when specifying the ip with curl’s -x parameter)
my end goal is basically to be able to either:
run curl -x http://[ipv6ip]:port -6 http://ifconfig.co and get a unique ipv6 address in each response
or be able to specify different ipv6 ips to curl and receive the specified ipv6 address in the response, for example
run curl -x http://[ipv6:ip1:23ex:ampl:eeee]:port -6 http://ifconfig.co and receive ipv6:ip1:23ex:ampl:eeee as the response
and
run curl -x http://[ipv6:ip1:23ex:ampl:ee22]:port -6 http://ifconfig.co and receive ipv6:ip1:23ex:ampl:ee22 as the response
i know these arent proper ipv6 ips but im just trying to get the idea across
i appreciate any help as ive been trying to pull this off for hours but have had no luck
You need to ask your VPS provider. Is the /48 dedicated to you or shared with others?
Be that as it may, as this is not routed but on link you’d have to IPv6-ND those addresses, and doing this for more than a few hundred IP addresses will certainly be considered a layer2 attack against your VPS provider, because it will saturate the neighbour caches on the gateway router.
If you want to use thousands (or more) IPv6 addresses, you need to have your subnet routed towards your VPS, you cannot use on-link addresses for this reason.
If all this is done, I can assure you that haproxy is the wrong tool for the job. Haproxy is a reverse proxy and this setup is unsupported.
ive switched to tinyproxy and have been making some progress so i guess thats the right tool for the job, my main problem right now is that i have to add the address i want to use with ip -6 addr add prefix::suffix/48 dev eth0 to be able to actually use it and theres a limit of 1024 ips i can add through the systemd .network file
Like I said this can be considered a IPv6 neighbor exhaustion attack for which your VPS provider can kick you out, because it can bring down your gateway router if unprotected.
The solution is the have the subnet routed to your VPS.
For example instead of configuring the /48 your VPS provider should configure only a /64 on the link and route the entire /48 to the VPS.
ive discussed this with my provider and theyve been trying to help me with this but even they dont know how i can configure this exactly how i want… ive been told i actually have a /64 subnet not /48 - “the /48 is for you to be able to reach the gateway on /48” ive also regressed and i only get the latest address i added with the ip command when i make the curl request (if i add an address like …::3 and use -x ...::1 with curl i get the …::3 address in the response)
this is what my problem looks like now:
$ curl -x http://[IPV6_PREFIX::1]:8888 -6 http://ifconfig.co
IPV6_PREFIX::1
# this is ok
$ curl -x http://[IPV6_PREFIX::13]:8888 -6 http://ifconfig.co
curl: (7) Failed to connect to IPV6_PREFIX::153 port 8888 after 3046 ms: Couldn't connect to server
# as u can see connecting through IPV6_PREFIX::13 right now doesnt work, and only works after the following command
$ curl -x http://[IPV6_PREFIX::1]:8888 -6 http://ifconfig.co
IPV6_PREFIX::13
# should be ::1
$ curl -x http://[IPV6_PREFIX::13]:8888 -6 http://ifconfig.co
IPV6_PREFIX::13
# this would be ok if ::13 wasnt the response no matter the address i specify in the command