21 Jul
2019
21 Jul
'19
8:01 a.m.
On 19/07/19 19:01, Phil Karn wrote:
I like SLAAC for the same
reason. :)
Yep, been there, done that! :D
Yes, that is
standard with home routers. Mine disables IPv4 inbound by
default, but I can either open ports or remove the filter entirely for
specific IPs. Unfortunately, I don't think I can do a whole block,
other than downstream /64s that are part of my /56. So far that hasn't
been an issue for me. I have dropped the filter for a number of my
hosts (all Linux). My Windows host just has any ports I want open. I
could probably open that up too (it does have its own firewall), but I
don't like exposing Windows unnecessarily. ;)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
On 7/19/19 01:04, Tony Langdon wrote:
I think you were a part of those discussions, so that would stand to reason.
IPv6 was discussed in detail a year or two ago in
here. The consensus
was that a 44net like block was unnecessary and may even cause issues.
Instead it was proposed that hams use parts of their (in many cases)
existing IPv6 allocation, and the subnets reserved for ham radio use go
into database that can be used to generate firewall rules.
Yes, that's exactly
my thinking too. As hams are
supposed to be leaders in technology, I would like to see
IPv6 adopted as much as possible. Like the wider world, there's no
reason we can't run dual stack alongside our 44.x IPv4 addresses.
Yup. What
you said.
I think you'd have to use static addressing
or DHCPv6 to assign
addresses if you split a /64 but don't quote me on that. ;)
Probably. I'm
a fan of stateless autoconfiguration mainly because It
Just Works, but DHCPv6 isn't that hard either.
I haven't looked, but I don't see any fundamental reason why stateless
autoconfiguration can't be used with smaller host fields (particularly
one only 48 bits wide).
I could be wrong, but I thought the whole SLAAC standard
was based
around having a 64 bit subnet to play with.
Side question: do you know a good public VPN provider
who supports IPv6?
I'd like to recommend one to those who are stuck behind CGNs or can't
otherwise use HE's tunnel broker.
No, I tend to be a self service kinda guy
when it comes to VPNs. But
for hobbyists (at least in Australia), it might be worth joining APANA
and using the SA region's VPN service. When I got my VPN (for carrying
extra IPv4 addresses), they did offer IPv6 as well, but I declined,
because I already had native IPv6 feeds and multihoming isn't something
I wanted to get into. I know they have native IPv6 available their end,
and it should be a /56.
Could also see what we could do with ZeroTier. I've been using that to
create private virtual LANs, but haven't tried bridging it to a real LAN
yet (it can be done and is documented).
As do I, and
same thing. It just works, it's only if I look up what
address I'm connecting to that I can tell if I'm running IPv4 or IPv6.
Right. And having both IPv4 and IPv6 has saved my bacon more than once.
E.g., if I do something remotely that accidentally breaks an IPv4
interface address, firewall rule or routing entry, I can often get back
in with IPv6 and fix the problem. Or vice versa.
The requirement that every interface support multiple IPv6 addresses can
also come in very handy here. It's one of the reasons I still use my HE
tunnels alongside native Spectrum IPv6 addresses.
Good point. I used to do that
with a SiXXS tunnel that I had on my VPS,
so I could rack up my brownie point. That tunnel stayed up until SiXXS
closed down, even though the VPS got native IPv6 shortly afterwards.
From memory, I had to do a little policy routing to
ensure that the
traffic went out the correct route for the packet's source
address, so I
didn't fall foul of any egress filtering that might be in use upstream.
Australia still lags behind at the ISP customer
level, but there are
ISPs (like mine!) who offer IPv6 and have it enabled by default. Pity
they don't enable it by default on the routers they provide. Easily
done fr us tech people though. If IPv6 is on ovver, I will enable it on
both my equipment and those of others I help out.
I have long built all my own
routers from scratch with Linux, so I don't
closely track commercially available home routers. But I'm pleased to
see that the newer ones among friends and family members do support IPv6
-- but only if it's enabled. Often the only real problem is getting the
firewall rules set properly since by default many disable inbound
sessions to provide the same sort of false security as IPv4 NAT...