IPv6,4&6 ??
- Thread starter royarcher
- Start date
ColinTaylor
Part of the Furniture
Tech9
Part of the Furniture
Don’t enable IPv6, if you don’t need it. It’s disabled by default.
heysoundude
Part of the Furniture
and then @royarcher , go to ipv6.he.net/certification and spend an hour or two getting the first two or 3 levels of their free-of-charge online course.
sfx2000
Part of the Furniture
Tech9
Part of the Furniture
Because why enable it, if it isn't needed and adds no benefits, but potential issues? Most VPN client software blocks IPv6 to prevent leaks, DNS filtering may not work, IPv6 addresses are total gibberish, LAN devices may get exposed without you knowing... it is disabled by default for a reason.
Crimliar
Very Senior Member
By normal IP address, I guess you mean local IP address such as 192.168.1.1 which is no good as a real address because the world and its dog use the same address on their local networks!
Think of the internet as a single long street, and your address is just that IP4 address. Well, that used to be all well and good but a whole load more people, devices, servers, and bots have now moved in. There now comes a point when you end up having to share that IPv4 address with not only your uncle Frank but also with Karen from the gun club! So in order to still have your own address, a whole load of new numbers needed to be added - so many new numbers that a new (and somewhat incompatible) format was needed to hold the numbers.
sfx2000
Part of the Furniture
Actually none of those are valid reasons for not using IPv6
What potential issues?
VPN - if you don't control both ends, it's not private, so what's the point? (yes, to unlock content, which is why most use it)
DNS filtering - it does work, what is a problem is https for adblocking, which is a problem for ipv4 as well
LAN devices getting exposed - come on, the firewall is in place, you're behind it, unless you port forward or put the lan device into the DMZ...
So basically, you just don't like IPv6, I get it, but that is no reason to tell others not to use it because you don't like it
If people don't use IPv6, then bug reports are not filed, and those bugs are not fixed.
Tech9
Part of the Furniture
Correct. And I have explained why in this thread, with examples and provided information from developers.
Dual Stack home network pros and cons
Here, let's discuss the pros and cons of dual stack IPv4 and IPv6 home network. I personally have IPv6 disabled on my firewall for easier control and security reasons. My ISP provides 2x external IPv4 addresses as well as 4x IPv6 addresses. I would like to hear the benefits of running dual...
www.snbforums.com
I don't like forced technologies. You use it and report the bugs. Let me know when it's ready for prime time.
Don't blame people. Contact hardware manufacturers. All home routers I know come with IPv6 disabled by default.
royarcher
Very Senior Member
What does it do?
royarcher
Very Senior Member
Tech9
Part of the Furniture
For you and right now - nothing. Australia has 47,573,248 IPv4 addresses for ~25mln population. You can keep IPv6 disabled for 10 more years.
royarcher
Very Senior Member
Cool stuff thanks, again PS I think we got about 28 mill now but your point is still very valid
Tech9
Part of the Furniture
Keep in mind one public IPv4 address is good for your entire family network. If you were in India, I would give you a different advice. Here in Canada even mobile operators assign public IPv4 addresses. My Telus mobile phone doesn't have IPv6 address, for example. Not needed, not used.
royarcher
Very Senior Member
Thanks for taking the time to explain that. I sort of thought that it was something like that but not positive. Like when I have to update my IP address while using my VPN providers DNS servers ( my ddns should update it manually when it changes but is a bit slow sometimes) on the dynu page I have noticed that the IP4 address has never changed unlike my IP address
Last edited:
This argument ignores the security advantage of being behind a NAT translation layer, which doesn't exist (or at least is highly deprecated) in the IPv6 world. Firewall filtering is good, but if an attacker can't even route unwanted packets to your machine, that's even better. I like defense-in-depth, so I'm in zero hurry to adopt IPv6 for my network.
sfx2000
Part of the Furniture
You will have it sooner or later - my bet is it will be sooner - for 5G, IPv6 is mandatory
Telus has IPv6 in their broadband networks already...
Tech9
Part of the Furniture
Better and needed in theory and not implemented for many, many years. My ISP has IPv6 support from 2020. Some still don't have it. That means the theory was a bit wrong. And some security ideas were downgraded from mandatory to optional to accommodate some other things. I understand the need, but I don't like the solution. We still ride on IPv4 and carry spare IPv6 tire size 91ee:4dd2:08f0:f9f0:782f:7c7d:2eb3:24b3. Don't worry, it fits.
heysoundude
Part of the Furniture
The last point @sfx2000 makes is the most important, and to @Tech9 's, that means each home/business connection might be covered, but if people want more mobile devices not connected to those...
It's (IPv6) coming, and sooner than later; the code is evolving. and will continue to.
If people are brave enough now to be beta testers/early adopters, IPv6's arrival and the growing pains of our 20+ yr old internet connections can be accepted as part of the process, we will be more prepared for the adulthood that awaits every internet user...and IPv4 can make way for them, and sail off into it's sunset/retirement to let the young'uns do the work now.
What needs to happen to address the NAT concern, is for people to (through hardware manufacturers' firmware) migrate to NPT (Network Prefix Translation) in NAT's place, for routers to provide the same protection/obfuscation as NAT does in v4: Public WAN and Private LAN addresses. Our routers support it, it's ipv6pt if you check the General > Tools > SysInfo > Features list in the GUI.
I'm speculating and hoping/dreaming, but WireGuard (also on Asus' roadmap, coming in well under a year if RMerlin's hints play out - I'm not sure the Asus dev people are up to speed or on the same page with this though, but they may be forced to update themselves and change their perspective) as a server/peer would make every "router" with NPT and IPv6 privacy protocols (to rip MAC addresses out of/block them from the WAN address for non-SLAACers, after the prefix) "private servers," and make them look to be the same as any other device on the internet...especially if you've configured your own DNS on the equipment in this scenario with something like unbound (and moot Dot/DoH, and firewalls as well, potentially). And then it would get down to the radios in what we call routers...our $200 home servers could change the internet as we know it.
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
|
Firing ddns-start on IPv6 only event! | Other LAN and WAN | 0 |