Language:
switch to room list switch to menu My folders
Go to page: First ... 24 25 26 27 [28]
[#] Tue Jan 16 2024 18:24:52 EST from msgrhys

[Reply] [ReplyQuoted] [Headers] [Print]

My isp does not provide ipv6, heh.

Tue Jan 16 2024 17:17:39 EST from IGnatius T Foobar

I'm actively thinking about how I want to set up my VPN mesh as I shuffle things around.

And yet ... I might not need it at all.  I'm slowly coming to the realization that just about every location has IPv6 now.  My hosting front end has IPv6, my home network has IPv6, and my smartphone is native IPv6 (from which it is derived that my laptop has IPv6 when I tether).

What are the reasons to use a VPN?  Reachability and privacy.  IPv6 solves the reachability issue, and just about every protocol now has its own TLS encryption now anyway.  So I might just go without!



 



[#] Tue Jan 16 2024 19:00:35 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Wouldn't that be the case for anyone who is behind a neighborhood NAT too?  Or at your local coffee shop NAT.

At least effectively, since you cant get in from the outside.. ( or for us old timers, 'in thru the out door'... with luck you all get the reference )

Tue Jan 16 2024 18:24:52 EST from msgrhys

My isp does not provide ipv6, heh.

 


[#] Wed Jan 17 2024 03:12:37 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2024-01-16 19:00 from Nurb432
Wouldn't that be the case for anyone who is behind a neighborhood NAT

too?  Or at your local coffee shop NAT.

At least effectively, since you cant get in from the outside.. ( or
for us old timers, 'in thru the out door'... with luck you all get
the reference )

Chances are, people behind CG-NAT is actually conncting to the Internet over DS-Lite or a similar hellspawned invention.

In DS-Lite your routing gear connects to the ISP using Ipv6 ONLY, then some router upstream gives you a NAT ipv4 tunnel to the outside world.

[#] Wed Jan 17 2024 07:41:21 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

its been a few years, as the 2nd day i moved to fiber i got my dedicated IP ( a previous story )

But i think i had both a v4 and v6 address. I know i had v4 as is that is what i had/have setup for DNS, and of course it failed at first.  Of course only visible to my neighbors ( i assume. i didnt test.. ) This "neighborhood NAT" stuff was new to me so i just called to complain and didnt play with it any.    I guess i should add the v6 address too someday soon? 

Wed Jan 17 2024 03:12:37 EST from darknetuser
In DS-Lite your routing gear connects to the ISP using Ipv6 ONLY, then some router upstream gives you a NAT ipv4 tunnel to the outside world.

 



[#] Wed Jan 17 2024 12:04:39 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Still no IPv6 where I'm at (CableVision) unless you count anycast 6to4, which probably causes more problems than it's worth if you turn it on.

[#] Wed Jan 17 2024 17:54:15 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

In DS-Lite your routing gear connects to the ISP using Ipv6 ONLY, then

some router upstream gives you a NAT ipv4 tunnel to the outside world.


That's how my phone is connected. T-Mobile moved to an all-IPv6 network, with NAT64 at their network edge. Android handsets as well as their "home internet" gateways handle the NAT46 side internally. Apple devices have some horrifying thing embedded in the system libraries.

It's just fine for an access device, but I wouldn't want it at home if I wanted to run servers.

[#] Thu Feb 08 2024 23:25:19 EST from IGnatius T Foobar

Subject: DynV6: dynamic DNS for IPv6 done right!

[Reply] [ReplyQuoted] [Headers] [Print]


Ok, this is cool. Dynamic DNS for IPv6 done right.

[ https://dynv6.com/ ]

It isn't just regular IPv6 DDNS. For starters, you can use any of their domains, or you can delegate one of your own (I'm using v6.citadel.org for example). But that's not the really cool part:

In your subdomain, you can put MAC addresses instead of IPv6 addresses for all of your hosts. This assumes, of course, that you're using EUI64 SLAAC addressing. Now, if your dynamic IPv6 prefix changes, you only have to make ONE API CALL to their service, and it updates ALL of your AAAA records.

So now you don't need to have a dynamic DNS client on every machine! As long as they're using EUI64 SLAAC addressing, everything changes at once.
I enrolled a couple of my machines plus my printer, which can't run a DDNS client because it's a printer.

And as an added bonusfest, they open sourced the whole thing, so you can run it yourself if you don't want to use theirs.

[#] Sat Feb 10 2024 11:57:04 EST from IGnatius T Foobar

Subject: Re: DynV6: dynamic DNS for IPv6 done right!

[Reply] [ReplyQuoted] [Headers] [Print]

Ok, I think I'm mistaken, the software running the service is not open source; their public repo is just clients. Still, I'm impressed and have started using it.

[#] Sat Feb 10 2024 14:31:53 EST from darknetuser

Subject: Re: DynV6: dynamic DNS for IPv6 done right!

[Reply] [ReplyQuoted] [Headers] [Print]

2024-02-08 23:25 from IGnatius T Foobar
Subject: DynV6: dynamic DNS for IPv6 done right!

This brings the question: how are big boys dealing with assining names and DNS entries to Ipv6 connected hosts?

Because the obvious answer would be to grant a static ipv6 lease to each host and then create an static DNS entry for it, but that kind of defeats the purpose of ipv6 and it does not sound like it scales much.

Also, since your available ipv6 addresses depenbd of your i2p, if your ISP is one of those that rotates your prefix then you can't even do static.

[#] Sat Feb 10 2024 19:37:55 EST from IGnatius T Foobar

Subject: Re: DynV6: dynamic DNS for IPv6 done right!

[Reply] [ReplyQuoted] [Headers] [Print]

Wireline providers seem to all delegate a /56 and simply don't do any DNS at all. Wireless providers are mandated to assign at least a /64 as mandated by the 3GPP standards.

My prefix hasn't changed since I started using it, except at the very beginning when I deliberately released it to see if I'd get the same one back the next time (I didn't).

Other than that, residential access providers are doing the same thing for IPv6 that they did for IPv4: your addresses are dynamic, there is no DNS integration, and if you want static addresses you ought to be paying for commercial grade service anyway.

The problem of course, is that it's troublesome to have your entire internal network get renumbered when the prefix changes. This means you could potentially end up using NAT66, which is monumentally stupid, but at least you still get a 1:1 Static NAT for each host instead of shoving everything through a single address. But it's still better than the dimbulbs who run the network at ${dayjob} who thought it was a good idea to SNAT all outbound IPv6 traffic through a single address. They haven't figured out that it's a bad idea to apply IPv4 practices to IPv6, that there's more to IPv6 than simply a bigger address space. These are the same dimbulbs who think that it's fine to assign a /120 to a hosting network because it's the same number of addresses as an IPv4 /24, and that's generous, right? They haven't figured out that SLAAC (1) *works* and (2) makes cloud scale deployment easier to manage. They're stuck in the data center of 2O011.

Go to page: First ... 24 25 26 27 [28]