Using the Internet without IPv4 Connectivity
I recently experienced a frustrating outage with my ISP's IPv4 connectivity, which left me unable to access many websites. Fortunately, I had a Hetzner VPS server with both static IPv4 and IPv6 addresses that came to the rescue.
Before we dive into the details of how I fixed the issue, let's take a step back and understand what Network Address Translation (NAT) is. Internet Protocol (IP) addresses are used to specify the source and destination of IP traffic. NAT alleviates this by having several devices share one IP address.
However, IPv4 addresses are only 32 bits, which gives us only ~3.7 billion possible public IPv4 addresses. With almost everyone having at least an Internet-connected mobile phone and possibly several computers connected at the same time, there simply aren't enough addresses available to directly address every device on the Internet.
NAT alleviates this by having several devices share one IP address. For example, your home router might be assigned only one public IPv4 address, shared by all devices. When the router receives a packet from one of your devices, it replaces the source IP address with its public one.
C Carrier Grade NAT (CG-NAT)
ISPs often apply CG-NAT internally to increase the availability of IPv4 addresses. This process might be repeated for several levels of hierarchy - e.g., for different regions that the ISP covers.
This process caused the outage to only affect IPv4, somewhere inside the Carrier Grade NAT hierarchy, the packets were not being NATed correctly, leading to the issue I experienced.
Solving the Issue with WireGuard
I was able to fix the issue by using WireGuard, a popular VPN solution that supports port forwarding and tunneling.
First, I set up my Hetzner VPS server to run WireGuard. This involved creating two interfaces - "foo" for the WireGuard connection and "bar" for the NATed case.
NATed Case
In this case, I used a network namespace called "vo_none_none" to isolate the WireGuard interface from the rest of the system. This allowed me to configure the DNS settings for the namespace using a separate resolv.conf file.
I also had to hack around a Docker issue that prevented me from running containers within the network namespace. However, this was resolved by unsharing the /sys mount and binding it to the host's /sys.
Connection Issues
After connecting to my work VPN using WireGuard, I encountered some issues with page loading. The issue turned out to be due to a high MTU setting on my local WireGuard interface.
I was able to fix this by setting a lower MTU for the interface, which ensured that packets were not being dropped by routers along the path.
Linux Saved the Day
Despite the challenges I faced, Linux proved to be a reliable solution. Its "fix it yourself" approach allowed me to troubleshoot and resolve issues independently, without relying on external support.
This experience has made me consider getting an OpenWRT router for managing my own network configuration and running WireGuard directly on the device.
Alternative Solutions
If you're interested in exploring alternative solutions, I recommend checking out VPN providers like AirVPN, ProtonVPN, or AzireVPN that support port forwarding and traffic spoofing. These services can provide an additional layer of security and flexibility for your online activities.
This experience has taught me the importance of understanding network configurations and troubleshooting issues independently. With Linux as my trusted companion, I'm confident in my ability to overcome any technical challenge that comes my way.