7

I am still confused about the purpose of IPv4 mapped IPv6 addresses and would like some enlightenment.

I have a server client pair of machines and I intend to connect them via Openvpn. The server has an IPv6 address, while the client an IPv4 only address. When I ping the client's IPv4 mapped IPv6 address, there is a response. However, when I configured the client to connect to the server's IPv6 address, I was unable to connect. I have included the client's IPv4 mapped IPv6 address into the Openvpn client configuration file -- local

Let's switch the pair. Now, the server has an IPv4 address (with a IPv4 mapped IPv6 address) and the client as an IPv6 address. I am also unable to establish an Openvpn connection by connecting to the server's IPv4 mapped IPv6 address.

In this case, What good is here when it comes to Openvpn connections while IPv4 mapped IPv6 address?

TLDR: For instance, I have an IPv4 only machine with IP 126.10.13.2 and it has an IPv4 mapped IPv6 address of ::ffff:7e0a:d02. I have another IPv6 machine with IP 2a04::dead:beef:5802:A. How am I able to connect both of them via Openvpn? I cannot seem to connect the IPv6 address of both machines together.

Improve this question
4
  • Can you give examples (by editing your question) of addresses? I'm unsure what you mean by this mapping. Commented Jun 1, 2022 at 13:09
  • For instance, I have an IPv4 only machine with IP 126.10.13.2 and it has an IPv4 mapped IPv6 address of ::ffff:7e0a:d02. I have another IPv6 machine with IP 2a04::dead:beef:5802:A. How am I able to connect both of them via Openvpn? I cannot seem to connect the IPv6 address of both machines together. Commented Jun 1, 2022 at 13:21
  • Can you post the output of your OS tools for network config (ip -4 addr; ip -6 addr or ipconfig for windows, etc). Commented Jun 1, 2022 at 13:47
  • IPv4-Mapped addresses are not IPv6 addresses, they are IPv4 addresses represented in a specific IPv6 format. This allows a single store, e.g. database, to hold both IPv4 and IPv6 addresses in a common format. These addresses cannot be used as source or destination addresses on IP packets, nor can they be routed, and the are reserved by IPv6 itself, they are only for representing IPv4 addresses in the IPv6 format. Commented Jun 1, 2022 at 17:15

2 Answers 2

Reset to default
15

These mapped addresses cannot be used to make IPv6 connections. They are only usable to represent IPv4 connections in IPv6 software.

Say that you have a machine that is dual stacked with both IPv4 and IPv6. On that machine you could run software that is written just for IPv6 (because it’s easier to support only one protocol than two). If the software listens on the :: IPv6 address it can still accept connections from IPv4 clients. Because the software is only written for IPv6 it can only deal with IPv6 addresses, and the kernel uses ::ffff:aabb:ccdd to represent IPv4 address aa.bb.cc.dd.

That doesn’t mean the protocol on the network is IPv6. The protocol is IPv4, with a mapping that makes it usable for IPv6-only software.

It is therefore impossible to use these mapped addresses to communicate with aan IPv6 system, because internally to the system they are still IPv4 connections.

Improve this answer
2
  • Thanks for your answer! I have a question. You mentioned in paragraph two that the IPv6 address on the software that is written just for IPv6 can still accept connections from IPv4 clients. However, in your last paragraph, you mentioned that it is therefore impossible to use these mapped addresses to communicate with an IPv6 system. Can you explain a little the difference between these two sentences. In the case of Openvpn, if I were to open an IPv6 address to listen to connections on the server, can I connect an IPv4 client to it? Or will there have to be changes made. Commented Jun 2, 2022 at 1:25
  • That's a nice answer. Could you point to documentation or more information? I'm trying to see if I can disable this feature (just for learning/understanding). Commented Oct 27, 2022 at 22:40
1

Mapped IPv4 addresses are useful when you want to have a listener that accepts connections (and also a UDP socket that should be capable of receiving packets) over both IPv4 and IPv6.

When you have an IPv4 socket (created with AF_INET), you can only receive IPv4 packets, not IPv6.

When you have an IPv6 socket (created with AF_INET6), you can configure it to receive either only IPv6 (and not IPv4), or both IPv6 and IPv4. For that you have a socket option on the IPPROTO_IPV6 level named IPV6_ONLY; when this option is set to 1, your socket is exclusively IPv6, when to 0, it's dual-stack. Note that this option has "some default value" defined by the system and potentially it can be also modified in runtime, so in order to stay safe you should always set this option to a certain value before you bind to the IPv6 "any address" ("::").

Now, when you use it, and when you accept a socket off such configured listener, and you configured your listener socket dual-stack, the accepted socket will still be of IPv6 domain, but when the connection has come from an IPv4 caller, the peer address will be reported as "IPv6-mapped IPv4" address, not anyhow IPv4 address.

That's the situation in which you can't "avoid" having this kind of mapped address. The same also you can do to make IPv4 connections and use an IPv6 socket for it, although that don't make no sense.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.