Enable IPv6 on LAN? (router settings)

onomatopoeia99

Simple test of whether your ISP and your connection supports IPv6 is to try to reach this site http://loopsofzen.co.uk (it's an online puzzle game) which only has an IPv6 address. If you have no IPv6 support, you'll get an error.

kwikbreaks

I'm rather wary of exposing anything and everything on my local network to the world. I rather like the additional block imposed by NAT. My own ISP (Plusnet) doesn't provide IPv6 addresses anyway sfaik and I'm using a fixed IPv4 address from them.

esuhl

kwikbreaks wrote: »

I'm rather wary of exposing anything and everything on my local network to the world. I rather like the additional block imposed by NAT.

That was exactly my thinking.

I can't see any benefit to enabling IPv6 on the LAN. Any overhead is likely to be minimal.

But... I wasn't sure if I was missing something... :-/

spenderdave

onomatopoeia99 wrote: »

Simple test of whether your ISP and your connection supports IPv6 is to try to reach this site http://loopsofzen.co.uk (it's an online puzzle game) which only has an IPv6 address. If you have no IPv6 support, you'll get an error.

Pity they don't give you some instructions on how to play that game...
As to whether to enable ipv6 on your lan it depends on what other devices you have connected to it and whether they support ipv6. And of course whether you are worried about being hacked, but if you were it is more likely the hacker would use ipv4 anyway. The ipv6 address range is so huge, and your own subnet is also gigantic - if you use Windows defaults it will give you a different ipv6 address every 24 hours anyway, the chance of a hacker finding it by chance is pretty near zilch.

onomatopoeia99

kwikbreaks wrote: »

I'm rather wary of exposing anything and everything on my local network to the world. I rather like the additional block imposed by NAT. My own ISP (Plusnet) doesn't provide IPv6 addresses anyway sfaik and I'm using a fixed IPv4 address from them.

NAT is (a) evil and (b) not a firewall.

If you are concerned about intrusion prevention, get a proper firewall. I use a firewall that is integrated with my router (which is pfSense running in a VM).

esuhl

onomatopoeia99 wrote: »

NAT is (a) evil...

What makes it "evil"?

onomatopoeia99

It breaks the principle that every connected device should be uniquely addressable. More importantly certain protocols have to be bodged to cope with it (e.g. FTP), certain protocols really struggle (e.g. SIP, that is used for VOIP) and its existence inhibits protocol development as you end up with a layer two (network) or three (transport) device needing to understand layer four (application) protocols to allow them to pass through it and route them properly. When a new protocol comes along, the router won't understand it (it shouldn't need to) so it simply won't work through the application layer gateway of the device providing NAT.

It's just awful.

kwikbreaks

Sadly I have to live with it anyway as I get a single IPv4 address from my ISP and have several devices on my local network I need to access from the web. I have set up an OpenVPN connection to my home router but not everything works through it and life is too short for me to figure out why so I've opened up a few ports.

My router does have an SPI firewall however as I posted I do like the additional block provided by NAT. I have no problems at all with my VOIP phone and did nothing special to get it to work.

esuhl

onomatopoeia99 wrote: »

It breaks the principle that every connected device should be uniquely addressable. More importantly certain protocols have to be bodged to cope with it (e.g. FTP), certain protocols really struggle (e.g. SIP, that is used for VOIP) and its existence inhibits protocol development as you end up with a layer two (network) or three (transport) device needing to understand layer four (application) protocols to allow them to pass through it and route them properly. When a new protocol comes along, the router won't understand it (it shouldn't need to) so it simply won't work through the application layer gateway of the device providing NAT.

It's just awful.

What a fantastic explanation! I see what you mean now. Thanks

esuhl

DavidP24 wrote: »

Not missing a thing, if you use VPN having IP6 enabled can create a leak of your real IP.

Crikey.

DavidP24 wrote: »

I have it disabled on Router and on PC's, I think I will be dead before it is really needed.

Ha -- yeah... that was my opinion. Although IPv6 would make things like FTP so much easier.

When it comes to security, I'm far from an expert, but I like to take a cautious (paranoid) approach. The fewer possible attack vectors, the better.

I don't use VPNs, but I'm curious... how do they leak your "real" public IPv6 address? Is there some fundamental problem with IPv6, or is it a case of bad programming due to the "novelty" of IPv6?