What's new

Dual Stack home network pros and cons

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@heysoundude, with IPv6 disabled you can do exactly the same thing without I think and I hope part. If you have one of those Rogers modem/routers in bridge mode, LAN ports 3/4 provide IPv6 address only. Plug in your router there and see how much your network depends on IPv4. In Canada, you have opened just another path in/out of your network with own issues you have to deal with. There is no speed benefits, just the opposite - your DNS queries may be delayed as a result. What Diversion, Skynet and AiProtection are doing with IPv6 enabled? I don’t know. Do you know?
I don't, but nothing is "broken" as best I can tell.
TSI DSL here...native v6. bridged their modem/router and rely on Merlin/asus and scripts - the people who build these are much smarter than I'll ever be
Canada / Canadian ISPs aren't in any danger of running out of IPv4 addresses anytime soon, so don't expect us to try to become another Japan in terms of IPv6 adoption

My signature is out of date; currently I have dual-stack enabled on my Teksavvy/RCable connection - but that's more for "fun" and to "play with" rather than actually use.
In other words, I have IPv6 disabled on my mother's router.
see my "we have the technology..." quote. Having is one thing, using it is quite another. Frankly, we should be using it else we're in danger of appearing to be luddites - hewers of wood and drawers of water; we're better than that. let's stop being boring here. let's get on the train, or ahead of the curve.
 
let's stop being boring here.

@heysoundude, you run DNS/IP-blocking scripts not really necessary for average user security and in the same time you have opened another access to your network without knowing if your IPv4 level of security applies to IPv6. There are smarter people out there indeed. Someone may come see you uninvited. Is your Internet experience any different with IPv6 enabled?
 
Off topic: If your internet connection is behind CG-NAT and you still need to access your computers behind it, you can use a solution like Tailscale or Zerotier
 
@heysoundude, you run DNS/IP-blocking scripts not really necessary for average user security and in the same time you have opened another access to your network without knowing if your IPv4 level of security applies to IPv6. There are smarter people out there indeed. Someone may come see you uninvited. Is your Internet experience any different with IPv6 enabled?
Thank you for bringing this up. I was naively playing around having IPv6 enabled without thinking much about it. IPv4 works pretty well for me, so now that I'm aware of security and privacy concerns of IPv6, I've disabled it.
 
This is the major concern - we don't know what's broken. I did enable IPv6 on AC86U router yesterday to test, stock Asuswrt firmware. The router is in double NAT behind my ISP router, so IPv6 Passthrough configuration. OpenDNS IPv4 servers, OpenDNS IPv6 servers. The syslog was filled immediately with "kernel protocol 0800 is buggy", non-stop. I had to Google to find how to stop it. Turns out NAT acceleration is the issue. With NAT acceleration disabled the syslog is quiet. I don't know what exactly is buggy. Now I have a Gigabit router limited to 300Mbps WAN-LAN with IPv6. :rolleyes:
There is a lack of kernel support in regards to nat and ipv6 with many of these older kernel setups. Any newer routers that have the newer kernels that support the extra ipv6 support do not have the options enabled and lack the internal integration as well.
 
Is this the case with newer HND platform routers with 4.1.x kernel, @SomeWhereOverTheRainBow?
Correct. The options can be enabled and the correct iptables versions can be used. All of it would require testing. The problem, and the hesitancy of asus would be the need to over-hall alot of the internals. I can see why this has yet to happen. Codebase consistency with older kernels. Why change something that may bring more security concerns.
 
I was naively playing around having IPv6 enabled without thinking much about it.

I'm not saying the security is not working. I'm saying I don't know if it's working. Questions in post #12 not answered yet.

Correct. The options can be enabled and the correct iptables versions can be used.

Okay, and what enabling IPv6 means in current Asuswrt firmware? Sounds like basic compatibility and hope for the best to me.
 
I'm not saying the security is not working. I'm saying I don't know if it's working. Questions in post #12 not answered yet.



Okay, and what enabling IPv6 means in current Asuswrt firmware? Sounds like basic compatibility and hope for the best to me.
Yep, not all kernel options are used for ipv6. It is implemented in the way the original thinkers of ipv6 would have done it. Turn it on and forget it.
 
Turn it on and forget it.

I don't know what's enabled on FreeBSD 12.2, the pfSense base. IPv6 is an entire chapter in Netgate Docs with Warnings, Notes and See Also. There is no turn on and forget about it. There is only turn off and forget about it. This is what I'm using currently. :)
 
I'm not saying the security is not working. I'm saying I don't know if it's working. Questions in post #12 not answered yet.

Yes, that's what I understood from post #12. Not knowing if it is working qualifies as concerning for me.
 
I don't know what's enabled on FreeBSD 12.2, the pfSense base. IPv6 is an entire chapter in Netgate Docs with Warnings, Notes and See Also. There is no turn on and forget about it. There is only turn off and forget about it. This is what I'm using currently. :)
I have had fun playing around with it on openwrt. I just prefer not to have to redo my entire setup every time there is a firmware upgrade.
 
I'm kinda surprised no one referenced https://www.asus.com/uk/support/FAQ/1013638 on setting up the IPv6 firewall.
That is basically the case the ipv6 firewall is only good at filtering inbound outbound traffic. Nothing is truly blocked unless the user specifies directly everything else is subject to a light drop policy. This form of ipv6 management is stateless firewalling as apposed to stateful firewalling.
 
That is basically the case the ipv6 firewall is only good at filtering inbound outbound traffic. Nothing is truly blocked unless the user specifies directly everything else is subject to a light drop policy. This form of ipv6 management is stateless firewalling as apposed to stateful firewalling.
This of course doesn't mean that unsolicited inbound traffic isn't being blocked by default.
 
will be good for everyone enabling IPv6 on Asus routers to know what happens with:

I would think at a minimum that the Broadcom SDK for HND should be ok with IPv6 - it would be more the verticals (AIProtect, OpenVPN, AI Cloud, Adaptive QOS, Samba, etc..) that might be more of a challenge, and also perhaps the Script contributions...

With the HND platform, Asus is not the only player using it, there are others, and not a lot of chatter either for or against dual-stacking so far - if there were a significant issue, the regulars here would know of it.

If AsusWRT is solid enough, there still is the need for more testing on the scripting contribs so that folks can gain confidence in the IPv6 space.
 
Similar threads
Thread starter Title Forum Replies Date
O Easymesh home network facing connectivity issues! Routers 0
T Home Network Ethernet Wiring Routers 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top