I want to use IPv6 Compatibility feature on Cloudflare and make my ipv4 browwer access ipv6 AWS Origin Server

I have Origin Server on AWS. My environment is that I can access Origin Sever via ipv6 only.
I want to use IPv6 Compatibility feature on Cloudflare and make my ipv4 browwer access ipv6 AWS Origin Server.

Browser---ipv4---Cloudflare---ipv6----AWS Origin Server(www.sunjuntry.xyz)![com|690x357](upload://59R3XiXXekW1UXMxu2A34eIus7d.png)

[email protected]:~ netstat -plnt | grep 443 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp6 0 0 :::443 :::* LISTEN - [email protected]:~ netstat -plnt | grep 80
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::80 :::* LISTEN -
[email protected]:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 02:00:f3:b7:d0:7c
inet addr:172.31.26.73 Bcast:172.31.31.255 Mask:255.255.240.0
inet6 addr: 2406:da18:126:ac00:a392:adda:4c8a:17a6/128 Scope:Global
inet6 addr: fe80::f3ff:feb7:d07c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:6714183 errors:0 dropped:0 overruns:0 frame:0
TX packets:6822771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1362798906 (1.3 GB) TX bytes:1190836649 (1.1 GB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4862 errors:0 dropped:0 overruns:0 frame:0
TX packets:4862 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:279328 (279.3 KB) TX bytes:279328 (279.3 KB)

  • I enabled IPv6 Compatibility feature on Cloudflare.
  • On AWS Access-List, I specify source ::/0 to access Origin Server via 80 and 443 and ICMPv4/ICMPv6.
  • According to ipv6 test(http://ipv6-test.com/validate.php), connection is okay.

<<>>>
My ipv4 brower failed to access ipv6 origin AWS server.

While my ipv4 browser access origin Webserver through Cloudlfare, tcpdump on origin Webserver indicated that no pkt came to origin webserver.
If Cloudflare ipv6 gateway function works, ipv6 pkt should come to origin webserver.

#####tcpdump on origin Sever#########
[email protected]:~$ sudo tcpdump -ni eth0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:36:59.258901 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:09.259020 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:19.259042 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:19.896745 IP6 2600:3c01::f03c:91ff:fe93:48f8 > 2406:da18:126:ac00:a392:adda:4c8a:17a6: ICMP6, echo request, seq 1, length 64
08:37:19.896773 IP6 2406:da18:126:ac00:a392:adda:4c8a:17a6 > 2600:3c01::f03c:91ff:fe93:48f8: ICMP6, echo reply, seq 1, length 64
08:37:20.897610 IP6 2600:3c01::f03c:91ff:fe93:48f8 > 2406:da18:126:ac00:a392:adda:4c8a:17a6: ICMP6, echo request, seq 2, length 64
08:37:20.897637 IP6 2406:da18:126:ac00:a392:adda:4c8a:17a6 > 2600:3c01::f03c:91ff:fe93:48f8: ICMP6, echo reply, seq 2, length 64
08:37:21.897239 IP6 2600:3c01::f03c:91ff:fe93:48f8 > 2406:da18:126:ac00:a392:adda:4c8a:17a6: ICMP6, echo request, seq 3, length 64
08:37:21.897265 IP6 2406:da18:126:ac00:a392:adda:4c8a:17a6 > 2600:3c01::f03c:91ff:fe93:48f8: ICMP6, echo reply, seq 3, length 64
08:37:22.897479 IP6 2600:3c01::f03c:91ff:fe93:48f8 > 2406:da18:126:ac00:a392:adda:4c8a:17a6: ICMP6, echo request, seq 4, length 64
08:37:22.897517 IP6 2406:da18:126:ac00:a392:adda:4c8a:17a6 > 2600:3c01::f03c:91ff:fe93:48f8: ICMP6, echo reply, seq 4, length 64
08:37:23.897448 IP6 2600:3c01::f03c:91ff:fe93:48f8 > 2406:da18:126:ac00:a392:adda:4c8a:17a6: ICMP6, echo request, seq 5, length 64
08:37:23.897475 IP6 2406:da18:126:ac00:a392:adda:4c8a:17a6 > 2600:3c01::f03c:91ff:fe93:48f8: ICMP6, echo reply, seq 5, length 64
08:37:24.908486 IP6 fe80::f3ff:feb7:d07c > fe80::61:8cff:fefe:592c: ICMP6, neighbor solicitation, who has fe80::61:8cff:fefe:592c, length 32
08:37:24.908732 IP6 fe80::61:8cff:fefe:592c > fe80::f3ff:feb7:d07c: ICMP6, neighbor advertisement, tgt is fe80::61:8cff:fefe:592c, length 32
08:37:29.259106 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:39.259165 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:49.259232 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:37:59.259272 IP6 fe80::61:8cff:fefe:592c > ff02::1: ICMP6, router advertisement, length 56
08:38:00.335992 IP6 fe80::f3ff:feb7:d07c.546 > ff02::1:2.547: dhcp6 renew
08:38:00.336590 IP6 fe80::61:8cff:fefe:592c.547 > fe80::f3ff:feb7:d07c.546: dhcp6 reply

-> Only icmpv6 pkt is seen. No ipv6 tcp pkt.

May I know whether there is some missing config on AWS or Cloudflare or why my ipv4 browser can not access origin Webserver through Cloudlfare?

Error message on my ip4 brower was Error 522 connection time out.

ipv6 test(http://ipv6-test.com/validate.php) is okay.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.