Access to GitHub with IPv6 only
I have my ASN for near a month now and I am migrating some of my workload on it.
A problem I quickly saw it is that GitHub is not IPv6-ready, it only have IPv4 except for github.io where we can have IPv6.
Solutions
I had three solutions. The first one is to give an IPv4 to all my machine and use my public home ISP IP, or create a proxy with dual stack and override GitHub records with my IPv6 locally, or use an existing Github proxy.
Implementation
I obviously preferred to use the most difficult option and I really don’t want to give credentials to a random 3rd party server without any affiliation to GitHub or me.
So I created a VM in my homelab with IPv4 and 6 IPv6 (one per GitHub site).
Here is the plan:
Update the OS
Configure DNS to not take DHCP one
Install nginx and the stream module
Set the nginx configuration file
Add the DNS records on the router
See if it works
Configure DNS to not take DHCP one
Add public DNS servers on your IPv4 interface, as I am using netplan:
<truncated>
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8
- 1.0.0.1
- 8.8.4.4
- 2606:4700:4700::1111
- 2606:4700:4700::1001Install nginx and stream module
apt install nginx libnginx-mod-stream -y &&\
systemctl restart nginxConfigure nginx proxy
You might need to add github.githubassets.com to your super proxy to let GH ui to fetch JS and CSS files.
stream {
server {
listen [2001:0db8::a]:22 fastopen=100 ipv6only=on;
proxy_pass github.com:22;
}
server {
listen [2001:0db8::a]:443 fastopen=100 ipv6only=on;
proxy_pass github.com:443;
}
server {
listen [2001:0db8::b]:443 fastopen=100 ipv6only=on;
proxy_pass api.github.com:443;
}
server {
listen [2001:0db8::c]:443 fastopen=100 ipv6only=on;
proxy_pass codeload.github.com:443;
}
server {
listen [2001:0db8::d]:443 fastopen=100 ipv6only=on;
proxy_pass ghcr.io:443;
}
server {
listen [2001:0db8::e]:443 fastopen=100 ipv6only=on;
proxy_pass pkg.github.com:443;
}
server {
listen [2001:0db8::f]:443 fastopen=100 ipv6only=on;
proxy_pass uploads.github.com:443;
}
}Add the DNS records on the router
On PFSense → Services → DNS resolver → host override, you need to have this:
See if it works
$ dig aaaa github.com @<your local DNS server>
; <<>> DiG 9.18.39-0ubuntu0.24.04.1-Ubuntu <<>> aaaa github.com @<your local DNS server>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45000
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;github.com. IN AAAA
;; ANSWER SECTION:
github.com. 3600 IN AAAA 2001:0db8::a
;; Query time: 1 msec
;; SERVER: <your local DNS server>#53(<your local DNS server>) (UDP)
;; WHEN: Thu Sep 25 22:53:32 UTC 2025
;; MSG SIZE rcvd: 67
$ git clone https://github.com/ungarscool1/llama-web.git
Cloning into 'llama-web'...
remote: Enumerating objects: 1744, done.
remote: Counting objects: 100% (446/446), done.
remote: Compressing objects: 100% (233/233), done.
remote: Total 1744 (delta 330), reused 221 (delta 211), pack-reused 1298 (from 2)
Receiving objects: 100% (1744/1744), 691.87 KiB | 6.47 MiB/s, done.
Resolving deltas: 100% (846/846), done.