What's new

ipv6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Fyew-jit-tiv

Regular Contributor
Hi all,

Trying to get my head around the ipv6 protocol. The one thing i keep reading is ipv6 isn't as secure as ipv4. As you all know the internet is always awash with opinions of all kinds. So i thought i'd come to my trusted source and ask.

Is ipv6 safe? Should i be activating ipv6 on my router Ax88u. Thanks for your feedback.
 
IPv6 may be regarded as less secure than IPv4 because it does away with the need for NAT and emphasises end-to-end network design (like the original internet). So if you don't have an IPv6 firewall blocking unsolicited incoming connections potentially every device on your LAN could be accessible from the internet and would need their own individual firewalls or access restrictions (something that many IoT devices do not have).

IMHO IPv6 was created by people with an astonishingly naive view of the internet. An internet of happy unicorns, where every device on the planet is directly accessible (and uniquely identifiable) from everywhere and everyone is nice to each other and there are no bad people. Obviously the real world is not like this and there then followed a whole bunch of RFCs and amendments to try and stick a privacy/security band-aid on the protocol.

TLDR; Make sure your IPv6 firewall is enabled and you should be OK.
 
Hi all,

Trying to get my head around the ipv6 protocol.
If your ISP provides you with native IPv6 connectivity, I'm of the opinion that you should not avoid using it. You may or may not agree. So trust us but verify for yourself; only you can do your own research. This should help: ipv6.he.net/certification
It's a free course. most people should only need the first 2-3 levels, and that should only take about the same number of hours.

Caution: as you slide down this rabbit hole, you may soon feel the need to change firmware on your router to Merlin's alternative to Asus' offering to take advantage of certain scripts to enhance your network's privacy and security. You may then discover that you can't fathom how you lived life on the interweb without it, and that you have become a fixture on the forums here, similarly stuffed with knowledge and opinions as the rest of the fixtures.
 
Trying to get my head around the ipv6 protocol.

Longer conversation with pros and cons here:


TLDR; If you don't need IPv6, keep it disabled.
 
Thanks for all your replys.

@Tech9 the thread you mentioned is pretty dam good. Thanks for the recommendation.

To everyone else thumbs up for the input. This is why i come to SNBForums. :)
 
You guys continue testing. When my router or firewall comes with default internal IP address FE80::903A:1C1A:E802:11E4... I may think about it. So far they come with 192.168.x.x and work perfectly fine with WAN and LAN. I prefer to stay behind NAT and know what exactly device has specific simple IP.
 
Keep it disabled to slow down ipv6 worldwide implementation. But hey I agree that Asus ipv6 support should be far better.

"Asus and every other networking vendor pv6 support should be far better" may be an even more positive message.
I personally have a love/hate relationship with IPv6. Love the concept, but hate concepts that came to "help" with global deployents!
Mostly I hate NAT624, DSLite, CGN and whatever show name they carry!
That s..t on itself allowed cheap carriers to "enable" IPv6 without actually enabling it. It should push them to use smarter CPE where they can enable firewall at the time they bring in IPv6.
Not dirty tricks they justified in nice powerpoints "we're saving expensive IPv4 and protect the customers".

Did I mention I have a love-hate relationship with IPv6 community?
 
Thanks for all your replys.

@Tech9 the thread you mentioned is pretty dam good. Thanks for the recommendation.

To everyone else thumbs up for the input. This is why i come to SNBForums. :)
If ipv6 is beneficial for you, as if you are behind ipv4 cgnat and need ipv6 to be able to connect back this way (or you just like to tinker), then by all means turn it on and use it. ASUS stateful ipv6 firewall will protect your network properly. Just keep in mind that ipv6 de-centralizes your network so some tasks (like policy based routing) is not practical in the router anymore. This is not a deficiency in the router, more in the ipv6 system.

If you dont have a specific need for it then there will be no specific gain for you by enabling it.

I'm currently running ipv6 in double NAT6 on AC-86U (merlin) where one NAT6 is performed in the ASUS router but it gives absolutely no help with fighting routing and/or dns issues. The problem is not NAT, it is the stateless assignement of ipv6 addresses that makes it impossible to do source-address based routing/NAT. Only entire subnet/prefix is possible to affect.

ASUS (HND) router has support for statefull ip assignement (just as we are used to with ipv4) but currently not all devices support it (Android for example).
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top