How to use IPV6 when using HTTPS

Question

Hello.
I am having difficulties with IPV6 when using HTTPS.

A user's host has both IPV4 and IPV6 addresses.

1. Is Rebex connected with ipv4 address first? Is there a way to try ipv6 first?

2. Does Rebex have a function to automatically connect to ipv6 when ipv4 connection fails?

3. When the domain is aaa.com, if I try to force a connection with ipv6, what should I do?
   Should I replace the address of ipv6 instead of aaa.com?

Thank you.
Best regards.

BooKyung Oh.
OpenBoxLab Inc.

Answer 1

Hello,

Rebex HTTPS resolves a domain name to both IPv4/IPv6, and picks the first IPv4 address. In case there is no IPv4 address, it picks the first IPv6 address. It then tries connecting to the picked address. Currently, this process is not configurable, although there are several possible workarounds.

Would an option to prever IPv6 to IPv4 be sufficient for your needs? We already had plans to add one.

Comments

Thanks for the reply.

I don't need any other options or features.

I'm going to try to connect to all addresses returned by the GetHostAddresses function using CustomSocket.

Always be healthy and happy.

---

I tried to connect to multiple addresses using Custom Socket, but it's not easy.
If the socket fails to connect, it cannot be reconnected with a new address.
I'll have to find another way.

public class MutipleIpSocket : ProxySocket, ISocket
{
    public MutipleIpSocket()
    {
    }
    void ISocket.Connect(string serverName, int serverPort)
    {
        IPHostEntry entry = Dns.GetHostEntry(serverName);
        IPAddress[] addresses = null;
        try
        {
            addresses = Dns.GetHostAddresses(serverName);
        }
        catch
        {
            throw;
        }

        Exception lastEx = null;
        foreach (var address in addresses)
        {
            try
            {
                Connect(new IPEndPoint(address, serverPort));
                return;
            }
            catch (Exception ex)
            {
                lastEx = ex;
            }
        }
        throw lastEx;
    }
}

---

In my test environment, the IPv4 address is incorrect, the IPv6 address is correct, and the server is running.
In my case, the IPv6 address appears first when I call Dns.GetHostAddresses.
When the IPv4 address is incorrect or the server for IPv4 does not work,
The HTTP connection in Rebex fails, but the .Net HTTP connection succeeds.
So, I would like to be able to set the Resolve order to Default, IPv4 First, IPv6 First, etc. The default is to just connect to [0] in Dns.GetHostAddresses.

---

Multiple IPs are set in one domain.

192.168.0.2 aaa -> fake address
192.168.0.3 aaa -> fake address
192.168.0.4 aaa -> real address

When I connect with .Net Http, the connection with 192.168.0.4 is successful.
If you look at Wireshark, it tries to connect sequentially from 192.168.0.2 and succeeds.
Rebex connects to 192.168.0.2 and immediately returns an error.

---

If multiple IPEndPoints are passed to the Connect function of ProxySocket, ProxySocket attempts to connect sequentially using multiple IPEndPoints,
It would be nice to have a function that returns a successful IPEndPoint on success.

class ProxySocket
{
     public IPEndPoint Connect(IPEndPoint[] endPoints);
}


void ISocket.Connect(string serverName, int serverPort)
{
IPAddress[] addresses = Dns.GetHostAddresses(serverName);

List<IPEndPoint> list = new List<IPEndPoint>();
foreach (var address in addresses)
{
list.Add(new IPEndPoint(address, serverPort));
}

var successIpEndPoint = Connect(list.ToArray());
LOG($"Success IP : {successIpEndPoint.Address.ToString()}");
}

---

Thanks for your feedback! We actually arrived at a slightly different (and much more versatile) solution that will make it easily possible to implement this kind of custom Connect function as well, but also allow for even more customization to accommodate for different needs as well. I'll send you a link to an enhanced built to try shortly.

---

This is really exciting news.

I looked up the .Net source.

https://referencesource.microsoft.com/#system/net/System/Net/ServicePoint.cs,629163399e233013

Referring to the source code, .Net Http caches DNS information and tries all IP addresses. Also, it is supposed to try this full function twice.

Because of these features, they seem to connect well in a variety of situations.
Even if the port forwarding settings are twisted in many router settings, or there is a problem with the router settings on your Synology device, it seems to work because of the double try function.

Then we will wait for the patch version.
Thank you.

---

Rebex HTTPS does not actually aim to replicate the behavior of .NET HttpWebRequest 1:1, and our developers are not even supposed to look into related .NET source code - we don't want any copyright infringement! Instead, Rebex HTTPS aims to provide a drop-in replacement that supports TLS 1.2 and 1.3 on legacy platforms, and which is stable, usable and behaves in a predictable way. So far, this approach has worked very well for most of our clients, and I hope you and the rest will be satisfied with the next release, which will make the connection establishment process much more customizable. I just sent you the link to the enhanced version.

---

The test version you sent me works very well.
It seems that many parts of my code can be effectively improved with this Bind function.
Thank you very much for your support.
I apologize for my whining.

---

Thanks! And no need to be sorry - we appreciate any kind of feedback! :-)
The Bind method will be available in Rebex Total Pack R6.3.

---

Rebex Total Pack R6.3 has just been published: https://www.rebex.net/total-pack/history.aspx#R6.3