From 0b6cc0d9091ffe0a8709a47fbf88cac71e54e976 Mon Sep 17 00:00:00 2001
From: Yves Rutschle <yves.rutschle@mdal.fr>
Date: Fri, 22 Jan 2016 11:25:53 +0100
Subject: [PATCH] Added a note on configuring transparent proxying for both
 IPv4 and IPv6

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index dabb757..a6c50de 100644
--- a/README.md
+++ b/README.md
@@ -304,6 +304,24 @@ This will not work:
 
 	sslh --listen 192.168.0.1:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4443
 
+Transparent proxying means the target server sees the real
+origin address, so it means if the client connects using
+IPv6, the server must also support IPv6. It is easy to
+support both IPv4 and IPv6 by configuring the server
+accordingly, and setting `sslh` to connect to a name that
+resolves to both IPv4 and IPv6, e.g.:
+
+        sslh --transparent --listen <extaddr>:443 --ssh insideaddr:22
+
+        /etc/hosts:
+        192.168.0.1  insideaddr
+        201::::2     insideaddr
+
+Upon incoming IPv6 connection, `sslh` will first try to
+connect to the IPv4 address (which will fail), then connect
+to the IPv6 address.
+
+
 Fail2ban
 --------