What's new

Dual Stack home network pros and cons

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Slaac addressing still has a part of the device identifier generated per device and part of the isp identifier in the address. Not that you are wrong though.

SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
 
SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
Then we should also remove this as a valid criticism when it was used as a justification to not enable IPv6. Thats what I think the real point was here. Earlier in this thread or maybe in the other thread, it was stated that your privacy is better with IPv4 behind NAT because your individual IP's are not exposed. But, in reality, you are more exposed under NAT since the one IP coming from your network can still be tracked and its usage lasts for a longer period.

If you are concerned about this and are diligently using a VPN, then it doesn't matter either way. However, ff you are not using a VPN, can't use a VPN, or forget to turn it on, your situation improves with IPv6.
 
Last edited:
SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
Wasn't aimed at being a criticism at all, just that it is not actually private and the fact that it makes more outgoing connections than ipv4 leaves your foot print in more places. And by the way it is a common myth that privacy extensions solve all ipv6 slaac privacy concerns. Privacy extention is created in addition of slaac and not in replacement of slaac. It should also be noted they are horrible in regards to where network management is concerned because of how often they change.while this may make it hard to track devices, unchanging IIDs can be used to identify and track a given device.
 
Last edited:
Then we should also remove this as a valid criticism when it was used as a justification to not enable IPv6. Thats what I think the real point was here. Earlier in this thread or maybe in the other thread, it was stated that your privacy is better with IPv4 behind NAT because your individual IP's are not exposed. But, in reality, you are more exposed under NAT since the one IP coming from your network can still be tracked and its usage lasts for a longer period.

If you are concerned about this and are diligently using a VPN, then it doesn't matter either way. However, ff you are not using a VPN, can't use a VPN, or forget to turn it on, your situation improves with IPv6.
I agree the fact that slaac was brought up in regards to whether one should enable ipv6 or not is irrelevant.
 
@heysoundude, you run DNS/IP-blocking scripts not really necessary for average user security and in the same time you have opened another access to your network without knowing if your IPv4 level of security applies to IPv6. There are smarter people out there indeed. Someone may come see you uninvited. Is your Internet experience any different with IPv6 enabled?
my understanding of v6 is that by design, openings in the firewall must be mindfully, deliberately opened, whereas in v4 there's a lot of plugging that needs doing by default. completely bass-ackwards if you're asking my opinion.
as far as user experience, I'd need to be able to tell if I'm using 6 or 4 first before I can possibly evaluate...but I do know ipv6.google.com loads quicker.
I've a trust of the people who make it possible to run the scripts I do, because I assume they run them themselves on their networks for more specific reasons than I have - why would they self-sabotage?
 
I don't know everything about how my Asus router handles IPv6; therefore it must be a security risk

No. We are trying to find what we gain and what we lose, if we enable IPv6 just to test it. For people who need IPv6 - no choice. Since the forum folks mostly use Asus routers, the focus shifted on Asuswrt IPv6 support.

Diversion automatically enables or disables IPv6 support when the router settings change

Does it increase the workload by increasing the blocklist size when IPv6 is enabled? It was @dave14305 observation in previous discussion.
 
-Parental Controls: This works with IPv6. I wouldn't expect it to break since ASUS uses MAC address for enforcement and not IP

It identifies the client, but does it identify the traffic?

-NAT acceleration: Works as normal

I've got kernel buggy errors with NAT acceleration on AC86U router, Asuswrt 45956 firmware. Had to disable it to stop the error log.
 
I've a trust of the people who make it possible to run the scripts

Well, @RMerlin and @thelonelycoder ISP's don't support IPv6. Skynet does nothing with IPv6. OpenVPN was IPv4 only yesterday. You are the one to test.

my understanding of v6 is that by design, openings in the firewall must be mindfully, deliberately opened

Not really. Don't count on grain of sand on the beach theory. IPv6 clients scanning techniques already exist and quite effective. Shodan sees you.
 
How do you track this?
As stated earlier, I had a pfSense VM in-between the ASUS and the T-Mobile gateway. During another period, I had all IPv4 traffic running through the pfSense while IPv6 traffic was routing through the ASUS. With these two setups I had other goals than collecting the data. But, when I had these two setups I did check and most of my traffic is IPv6. Thats not really a surprise to me since most of the services that I use also support IPv6.

You can also use DNS logs. That won't really tell you how much traffic. But, it will tell you who offers IPv6 and who doesn't. For the usage in my house, even DNS shows a high lookup hit for IPv6. Its hard to say if there's more DNS for IPv6 over IPv4. But, for the traffic, IPv6 is definitely exceeding IPv4 traffic from my house. BTW, I use IPv6 DNS servers.
 
I'm not having this issue on my AC-5300 running IPv6.

Confirmed on non-HND router, RT-AC1900P. Must be HND related.

Here is my guinea pig certificate: :D

20211230_161925000_iOS.png
 
To whom, and are they a threat to me?

I don't know. Some people use Parental Controls to filter content. Also, I need to experiment with filtering DNS filtering services. With IPv6 enabled no more category filtering with popular OpenDNS, for example. This is a serious drawback. Other similar services are paid.
 
I don't know. Some people use Parental Controls to filter content. Also, I need to experiment with filtering DNS filtering services. With IPv6 enabled no more category filtering with popular OpenDNS, for example. This is a serious drawback. Other similar services are paid.
That is a good concern though. How well does the traffic properly get identified.
 
Does it increase the workload by increasing the blocklist size when IPv6 is enabled? It was @dave14305 observation in previous discussion.
The Diversion blocklists line count doubles with IPv6 enabled. That means Dnsmasq uses more memory. The workload increase is marginal during normal router operations. However, the cpu load and read/write actions are higher during an update of said lists, compared to a non v6 update. Nothing I would be worried about.
 
Similar threads
Thread starter Title Forum Replies Date
O Easymesh home network facing connectivity issues! Routers 0
T Home Network Ethernet Wiring Routers 10
C VyOS for Home Routers 8

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top