Inbound IPv6 VPNs
Discussion
I have been looking at getting YouFibre which has arrived in my street. After initially ordering I found out (from a friend nearby who's already got it) that they use CGN on IPv4. This causes me a problem for VPN-ing back to my house, which I do often when I travel for various reasons. They offer a fixed IPv4 address for £5 per month, but I don't want to do that.
They do, however, provide a fixed IPv6 address prefix. I am therefore looking to see if I can get working a IPv6 based VPN from my smartphone and /
or laptop back to my home router (an Asus which supports IPv6).
I was wondering if anyone has done this, and determined:
1. What, if any, special config is needed on OpenVPN client to do IPv6
2. If this works when the remote network is not IPv6 native and therefore does something like 6 in 4 or one of the other encapsulation / transport mechanisms. Specifically when I'm on something like a UK mobile network (Voda is not IPv6 native) or on foreign mobile or hotel wifi networks.
While I am fairly network technical savvy, and even worked a tiny bit on the original IPv6 research, I don't know how things are actually configured today in real networks and what configurations are needed to make it work. I can go experiment and work it out myself, but figured PH forums might have some experience I can make use of!
Note - I'm amazed that these 'startup' fibre providers in the UK who all use CGN don't work the above out and just publish a reference pattern - would unlock a worthwhile handful of customers like myself. And the engineers they employ will certain know how to do the above.
They do, however, provide a fixed IPv6 address prefix. I am therefore looking to see if I can get working a IPv6 based VPN from my smartphone and /
or laptop back to my home router (an Asus which supports IPv6).
I was wondering if anyone has done this, and determined:
1. What, if any, special config is needed on OpenVPN client to do IPv6
2. If this works when the remote network is not IPv6 native and therefore does something like 6 in 4 or one of the other encapsulation / transport mechanisms. Specifically when I'm on something like a UK mobile network (Voda is not IPv6 native) or on foreign mobile or hotel wifi networks.
While I am fairly network technical savvy, and even worked a tiny bit on the original IPv6 research, I don't know how things are actually configured today in real networks and what configurations are needed to make it work. I can go experiment and work it out myself, but figured PH forums might have some experience I can make use of!
Note - I'm amazed that these 'startup' fibre providers in the UK who all use CGN don't work the above out and just publish a reference pattern - would unlock a worthwhile handful of customers like myself. And the engineers they employ will certain know how to do the above.
The big problem with CGN is that you can't punch through it for free, you effectively do not have an IPv4 address but you will have a IPv6 range and you could use that. You would rely on IPv6 but that might be problematic.
What resources do you want to access from home?
I would look at Tailscale as that will allow you to use resources; I have long-since used it to do that and to access my VMs at home via RDC.
What resources do you want to access from home?
I would look at Tailscale as that will allow you to use resources; I have long-since used it to do that and to access my VMs at home via RDC.
There's a thread here but it looks a bit "managed" as any critical posts seem to heve been deleted, although fortunately most were quoted. Variable latency seems to be one complaint.
https://forums.thinkbroadband.com/otherisp/4743325...
https://forums.thinkbroadband.com/otherisp/4743325...
I would pay for the IPV4 address. Most networks aren't ready for IPV6 yet, I work a lot with proxy servers and the amount of customers that complain about connectivity to sites and it's almost always because we are trying IPV6 and it doesn't work despite them having a AAAA DNS entry.
somouk said:
I would pay for the IPV4 address. Most networks aren't ready for IPV6 yet, I work a lot with proxy servers and the amount of customers that complain about connectivity to sites and it's almost always because we are trying IPV6 and it doesn't work despite them having a AAAA DNS entry.
All of google is, all of facebook is, I don't know if AWS is.I suspect most cloud tenants don't want to face the complication as they keep cranking the handle on V4 netblock re-use
Not heard of a v6 VPN, nice idea and should be feasible but you may have to do some encapsulation as you say it's entirely possible you'll transit some v4 only space at some point
Most of my stuff at home is completely dual stack, but the simpler devices (doorbells, etc) just don't implement V6 so you need most services listtening on both protocols.
Squid serves as a useful 4 to 6 gateway for the animated kame turtle.
I haven't any remote VPN at all so I can't comment on ease/success of implementing that
Edited by gavsdavs on Thursday 23 November 14:38
somouk said:
I would pay for the IPV4 address. Most networks aren't ready for IPV6 yet, I work a lot with proxy servers and the amount of customers that complain about connectivity to sites and it's almost always because we are trying IPV6 and it doesn't work despite them having a AAAA DNS entry.
This techy converted to fully native ipv6 and gave it a good try, but in the put ipv4 back on his network because there was just too many things that still dont work.Summary:
https://youtu.be/WFso88w2SiM?si=ClRPrKlvl98BJFUW
Hmmmm... i think the answer to my original question is "no", we don't have anyone here who has tried inbound IPv6 VPNs.
I am well aware of all the other points raised and fully understand all the technical aspects and implications, and I know exactly what IPv6 is and is not supported around the internet. I am just looking for any experience of getting OpenVPN IPv6 inbound VPNs working. On a technical level the area of uncertainty is around the actual typical implementation of the 6 over 4 tunnelling in the far end networks and whether that tends to be well supported and working. The IPv6 would only be back to my house, any routing back out to websites would be IPv4 via their CGN, so the portion of the IPv4 internet available on the IPv6 internet is not applicable in this case.
Yes, I could pay the £5, but I could also not pay money for something if I don't need it. I also just fancy getting some level of IPv6 working due to my past involvement.
I am well aware of all the other points raised and fully understand all the technical aspects and implications, and I know exactly what IPv6 is and is not supported around the internet. I am just looking for any experience of getting OpenVPN IPv6 inbound VPNs working. On a technical level the area of uncertainty is around the actual typical implementation of the 6 over 4 tunnelling in the far end networks and whether that tends to be well supported and working. The IPv6 would only be back to my house, any routing back out to websites would be IPv4 via their CGN, so the portion of the IPv4 internet available on the IPv6 internet is not applicable in this case.
Yes, I could pay the £5, but I could also not pay money for something if I don't need it. I also just fancy getting some level of IPv6 working due to my past involvement.
eein said:
Hmmmm... i think the answer to my original question is "no", we don't have anyone here who has tried inbound IPv6 VPNs.
I am well aware of all the other points raised and fully understand all the technical aspects and implications, and I know exactly what IPv6 is and is not supported around the internet. I am just looking for any experience of getting OpenVPN IPv6 inbound VPNs working. On a technical level the area of uncertainty is around the actual typical implementation of the 6 over 4 tunnelling in the far end networks and whether that tends to be well supported and working. The IPv6 would only be back to my house, any routing back out to websites would be IPv4 via their CGN, so the portion of the IPv4 internet available on the IPv6 internet is not applicable in this case.
Yes, I could pay the £5, but I could also not pay money for something if I don't need it. I also just fancy getting some level of IPv6 working due to my past involvement.
Cool…..I am well aware of all the other points raised and fully understand all the technical aspects and implications, and I know exactly what IPv6 is and is not supported around the internet. I am just looking for any experience of getting OpenVPN IPv6 inbound VPNs working. On a technical level the area of uncertainty is around the actual typical implementation of the 6 over 4 tunnelling in the far end networks and whether that tends to be well supported and working. The IPv6 would only be back to my house, any routing back out to websites would be IPv4 via their CGN, so the portion of the IPv4 internet available on the IPv6 internet is not applicable in this case.
Yes, I could pay the £5, but I could also not pay money for something if I don't need it. I also just fancy getting some level of IPv6 working due to my past involvement.
You have to account for the fact that when travelling you might end up on a network that has NO IPv6 connectivity at all, and I don't think there is any general purpose solution for that that you can rely on.
Stumping up for the static V4 address is going to be the only solution really.
outnumbered said:
You have to account for the fact that when travelling you might end up on a network that has NO IPv6 connectivity at all, and I don't think there is any general purpose solution for that that you can rely on.
Stumping up for the static V4 address is going to be the only solution really.
indeed - very large assumption that ipv6 will be supported on some random hotspot, in fact there's almost a certainty it wont be supported. But hey, let the op waste lots of his time which is cheaper than £5 for something he's had past involvement with and threfore should know that it's fraught with problems.Stumping up for the static V4 address is going to be the only solution really.
eein said:
Ah, I see that I've attracted 'that' side of PH. Always a roll of the dice here.
Not really - been an IT nerd 36 years. Have some experience of ipv6, from 10 years ago when they said we would run out of ip4 and the world would end - we didn’t and it didn’t and I promptly lost interest.Setting up a ipv6 tunnel for learning etc is fine, but wanting to use it for your use case seems daft when there’s a proven simple solution available for the price of a pint of beer per month that’s almost guaranteed to work anywhere.
I assume your response is trying to be ironic? You've just made my point perfectly - classic PH ignore the original OP's question, question the question, decide on their behalf that the premise behind their question is wrong and point our that they should not be asking what they are asking. Helpful.
I don’t know the answer to your specific question about an ipv6 vpn tunnel - happy now?
I ignored your original question because in my opinion (and it is just that) it’s a waste of time when you have a known working solution available for relatively little money.
If your isp didn’t offer static v4 and you were contracted to then for say 18 months then exploring it might be worthwhile.
Lets say you find an ipv6 solution that lets say costs urr,umm - £5 a month would you go that route or pay the same for a static v4 address?
One could argue that it’s you ignoring technical advice from more than one person because it’s not what you want to hear.
I ignored your original question because in my opinion (and it is just that) it’s a waste of time when you have a known working solution available for relatively little money.
If your isp didn’t offer static v4 and you were contracted to then for say 18 months then exploring it might be worthwhile.
Lets say you find an ipv6 solution that lets say costs urr,umm - £5 a month would you go that route or pay the same for a static v4 address?
One could argue that it’s you ignoring technical advice from more than one person because it’s not what you want to hear.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff