Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
hazzey

IPv6

Recommended Posts

hazzey

With all of the recent podcasts about networking, I don't remember hearing a single mention of IPv6.  Is there anyone out there that has it working on their home network?

 

I have had IPv6 connectivity since the last World IPv6 day. (Before that if you count tunnels.)  My isp (Comcast) activated it permanently then, and once I worked out a few issues with Tomato, it has been running flawlessly. (That is if you can call something that is purely superfluous at this time "flawless".)

 

Only a few websites are accessible via IPv6, and even fewer default to it.  I believe that google and facebook are two that I consistently get via IPv6. I haven't yet bothered to see how stable my IPv6 address is.  If it is stable, I might use it to access my various home servers directly without forwarding ports in my firewall and accessing them though DynDNS.

 

What other experiences are out there?

Share this post


Link to post
Share on other sites
jmwills

Mainly that it can be a PITA.  Is it needed, right now, no.  In the future, absolutely and the more you are prepared to make the switch you will be that much further ahead of the curve.

Share this post


Link to post
Share on other sites
ikon

I agree with jmwill; there just isn't any compelling reason for IP6 on a LAN ATM. The day will come when IP6 will take over; just not yet.

 

There are issues to be addressed before IP6 will be ready for primetime. For example, almost all of us are protected today, pretty much by accident. When it became clear that IP4 addresses would run out in just a few years, the IETF implemented Private Ranges and Network Address Translation (NAT). These 2 things have extended the lifespan of IP4 tremendously, but they have also inadvertently provided us all with significant protection.

 

Because of NAT, no one can simply force their way onto our LANs. Like vampires, we have to invite them in. And, just like vampires, bad guys use tricks to get invited in, and they cause all kinds of havoc if we let down our guards. But, if we didn't have NAT, the situation would be infinitely worse.

 

Something similar will need to be implemented for IP6. I have to admit I have not kept up with IP6 developments, so I do not know if something has been developed. if you know, please post. If nothing has been developed, perhaps the answer will be to simply implement IP6 private ranges.

Share this post


Link to post
Share on other sites
hazzey

ikon, I understand the side effects of using NAT, but that really is nothing more than a working firewall. The exact same thing can be done with a working stateful firewall on IPv6. In fact this gave me a reason to test the openness of my network.  Tomato seems to be set up to block unrequested incoming IPv6 connections by default.  That is a sensible default that all home routers should have whether on v4 or v6.

 

Now none of this actually points to a benefit of spending the time to deal with the configuration and setup.  I would be interested to hear if any of the untangle or pfsense people have tested out how IPv6 works on those platforms.

Share this post


Link to post
Share on other sites
ikon

I don't agree that it's the same thing as a firewall. Without some form of NAT, it would be possible for attackers to try to get packets directly inside our LANs. Imagine what could happen if all our home PCs had routable IPs. I contend the attack surface would be larger.

 

Obviously, a good firewall is essential. And I'm very pleased to hear that Tomato blocks unsolicited traffic. I totally agree it would be a sensible default for all home routers. The real question is whether, with IP6, we would even have routers.

 

Remember, one of the ideas people have talked about is that, with IP6, no one needs a router in their home (like it used to be years ago with IP4); we would just all have real, routable IPs, eventually for every device in our home. That seems downright scary to me. :(

Share this post


Link to post
Share on other sites
ImTheTypeOfGuy

So why is this not required for everyone to enable now? Is there an implementation schedule out there?

Share this post


Link to post
Share on other sites
jmwills

No one can really require it now.  The key will be when ISP's enforce it and then you will be required to get an IPv6 capable router.  Nothing will ever change on your internal LAN.

Share this post


Link to post
Share on other sites
ikon

That's 1 of the options being discussed. Frankly, I think it's one of the best. As I said, the idea of running my LAN without a NAT and firewall is not appealing at all. Now, that said, one of the supposed advantages of IP6 is that it's not possible to hide your location. This would mean that the bad guys couldn't do some of the things they do now. I'm not entirely convinced it will work out that way.

Share this post


Link to post
Share on other sites
Guest no-control

Sorry I've been ignoring the forums for reasons of sanity....pretty much what these guys have said already.

 

The reason you do not hear me talking about it is its a non issue. I don't see why I would implement IPv6 on ANY LAN. IPv6 to my router is fine but I'll do NAT and IPv4 conversion at the perimeter. Even at work we're totally not interested in switching over. IPv6 makes sense for ISPs and maybe mobile thats about it.

Share this post


Link to post
Share on other sites
ikon

Agreed. For the foreseeable future virtually all LANs will stay on IP4. It's only when the IETF mandates the use of IP6 that we'll need to be concerned, if they ever actually do that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...