Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Why IPV6 is not adopted widely yet? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Why IPV6 is not adopted widely yet?

2»

Comments

  • To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

  • poisson said: To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

    You put an IPv6 address on your box in addition to your IPv4 and voila!

  • @skorous said:

    poisson said: To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

    You put an IPv6 address on your box in addition to your IPv4 and voila!

    My basic understanding is that the traffic is routed differently? Also, is there anything special about DNS that is different from IPv4?

  • It's still routed by subnets though they're much larger. You can't get from IPv4<-->IPv6 ( this is not true but you're not going to do it ).

    IPv6 addresses are AAAA in DNS ( 4x the address space so four A's instead of one ).

  • Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

  • HarambeHarambe Member, Host Rep

    @poisson said:
    If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

    https://tunnelbroker.net/ - if you want to put v6 on your whole network (not recommended)

    I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

  • @cybertech said:
    Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

    I don't understand it either. Trying to understand it.

    Thanked by 1cybertech
  • Harambe said: I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

    I'd be interested in what you're doing there. You have anything written down publicly?

  • @poisson said:

    @cybertech said:
    Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

    I don't understand it either. Trying to understand it.

    Thanks for the consolation

  • skorousskorous Member
    edited November 2019

    cybertech said: Thanks for the consolation

    Honestly, unless you're in a position where you need to troubleshoot it there's not that much you need to know different. As @hzr noted earlier, you're probably using IPv6 without knowing it on your phone.

    ( Edited to credit hzr )

  • HarambeHarambe Member, Host Rep

    @skorous said:

    Harambe said: I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

    I'd be interested in what you're doing there. You have anything written down publicly?

    No, don't got anything written down. The basic server and client setup are pretty straightforward, here's a good video that breaks that down:

    For v6 you basically need to add some local v6 IPs in the address section on the server + client conf and duplicate the NAT rules for ip6tables, as well as allowing v6 forwarding in sysctl.conf.

    Looks like this guide touches on those parts: https://angristan.xyz/how-to-setup-vpn-server-wireguard-nat-ipv6/

    Thanked by 1skorous
  • @cybertech said:
    Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

    That's what DNS is for.

  • tgltgl Member
    edited November 2019

    its the same as with green energy, its a good idea, but not really needed yet, and well it will be more profitable to solve this solution when the people start to panic, now ipv6 is pretty cheap, so there is no interest in adopting it

    in the new world its all about profit, not evolution

  • Excellent, TY. I'll check it out.

  • @jsg said:

    • NAT does help security a lot

    Nope. Assuming your firewall is properly configured (and they tend to have good default settings), NAT doesn't help you the tiniest bit.

  • jsgjsg Member, Resident Benchmarker

    @rcxb

    I would have technical response for you but frankly, I'm getting tired of discussions that end looking like "I'm right" - "No, I'm right" so I'll leave it at that.

  • dfroedfroe Member, Host Rep
    edited November 2019

    Regarding the NAT thing (whether it provides security or not) I tend to argue that NAT is crap and I would love to see it disappear with IPv6. However most of the time we talk about NAT we actually mean PAT as well (not only translating IP addresses on L3 but also port numbers on L4), more specific dynamic port translation or overloading like some vendor used to say. In order to perform that dynamic PAT you are required to work stateful. So fortunatelly stateful firewalls became standard on edge gateways. And this is where you security comes from. If we keep the stateful firewall feature only allowing connections to be initiated in outbound direction, you can get rid of all that NAT/PAT and still enjoy the same level of security. You have a good level of implicit/automatic security when using NAT - but it is not because of the NAT. :)

    TL;DR: No to NAT/PAT, Yes to stateful firewalling only allowing outbound connections.

    Thanked by 1skorous
  • @rcxb said:

    @jsg said:

    • NAT does help security a lot

    Nope. Assuming your firewall is properly configured (and they tend to have good default settings), NAT doesn't help you the tiniest bit.

    It does. A NAT will stop inbound connections as there is no routing table defined by default to state where the connection will go after it goes to a NAT network.

    @jsg said:
    @rcxb

    I would have technical response for you but frankly, I'm getting tired of discussions that end looking like "I'm right" - "No, I'm right" so I'll leave it at that.

    :lol: And here I thought you'll provide a elaboration on NAT vs Firewall and how NAT plays a role in network security.

    @dfroe, you use PAT to do port-forwarding.

    So why do you need to do port forwarding? Why is it that NAT blocks all incoming requests regardless of whether firewall is on or off? If you can answer this question, you'll understand why NAT is "secure" to a certain degree (compared to direct IP)

    Thanked by 1quicksilver03
Sign In or Register to comment.