I'm using a service provided by NTT Japan called "V6Plus". (https://www.jpne.co.jp/service/v6plus/) This uses a technology called MAP-E (https://tools.ietf.org/html/rfc7597)
It also uses IPoE instead of PPPoE.
I'm using a tp-link A10 Archer router that is specially made for using this service. (https://www.tp-link.com/jp/support/faq/2466/)
There is this following notice when V6Plus internet is enabled: "Note: Since the firmware distributed as of August 2019 has room for optimization, it does not yet support the accompanying functions such as parental control, VPN server / client, ALG, and NAT transfer when connecting v6 Plus."
This means that the SPI firewall options is not enabled while v6plus is running.
Since now all my device have automatically ipv6 addresses and the NAT is not enabled, does that mean that my devices are exposed?
I tried to ping my devices on the ipv6 address but they don't seem to be reachable (which is what i want).
The IPV6 settings on the router are has follow:
Dynamic IP
Addressing type: SLAAC
IPV6 Lan addressing type: NDProxy
I have RADVD and DHCPv6 options but they both cause an error, NDProxy is the default and the only choice
I read on some translated japanese blog, that the NDProxy is actually what is protecting the deviced from outside requests, but as a side-effect. I can't really find any information as this seems ISP setup seems to be kinda of unique to Japan. Apparently NDProxy breaks SLAAC, which would explain why i can't get an ipv6 address on my android phones, but i can on ios.
I'm also a bit confused, If my nat is turned off, how does my devices with ipv6 disabled find their way to the internet? They only have DHCP assigned local internet ip: is it because of the MAP-E Encapsulation?
Does that mean that these devices can never possibly be reached from the internet? (only outgoing traffic)
Sorry for the many questions, I've been reading through tons of Japanese posts and I can't seem to fully grasp everything.
Thank you very much
It also uses IPoE instead of PPPoE.
I'm using a tp-link A10 Archer router that is specially made for using this service. (https://www.tp-link.com/jp/support/faq/2466/)
There is this following notice when V6Plus internet is enabled: "Note: Since the firmware distributed as of August 2019 has room for optimization, it does not yet support the accompanying functions such as parental control, VPN server / client, ALG, and NAT transfer when connecting v6 Plus."
This means that the SPI firewall options is not enabled while v6plus is running.
Since now all my device have automatically ipv6 addresses and the NAT is not enabled, does that mean that my devices are exposed?
I tried to ping my devices on the ipv6 address but they don't seem to be reachable (which is what i want).
The IPV6 settings on the router are has follow:
Dynamic IP
Addressing type: SLAAC
IPV6 Lan addressing type: NDProxy
I have RADVD and DHCPv6 options but they both cause an error, NDProxy is the default and the only choice
I read on some translated japanese blog, that the NDProxy is actually what is protecting the deviced from outside requests, but as a side-effect. I can't really find any information as this seems ISP setup seems to be kinda of unique to Japan. Apparently NDProxy breaks SLAAC, which would explain why i can't get an ipv6 address on my android phones, but i can on ios.
I'm also a bit confused, If my nat is turned off, how does my devices with ipv6 disabled find their way to the internet? They only have DHCP assigned local internet ip: is it because of the MAP-E Encapsulation?
Does that mean that these devices can never possibly be reached from the internet? (only outgoing traffic)
Sorry for the many questions, I've been reading through tons of Japanese posts and I can't seem to fully grasp everything.
Thank you very much