Menu
What's new
By:
Filters Better Search

From public fixed IPv4 to private dynamic IPv4 + public dynamic IPv6 (dual stack)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

giopas

giopas

Regular Contributor
Hi all,

I need your advice (yet again).

For the last 7 years, I have a 200Mb/s internet connection which also provides me with a public fixed IPv4 (an option which basically makes me paying for the double of the price).

For the overall same monthly price, the ISP is now offering me a 1GB/s with a private dynamic IPv4 and a public dynamic IPv6 (dual stack connection).

In the past, I never dared to move away from the public fixed IPv4, as I was scared to not being able to access to my NAS applications from remote (which I use for Plex, download manager, file/picture backup of my phone's, document management, reverse proxy and OpenVPN).

I am now thinking that I probably should revisit my position and see if actually there are ways to continue to access my local resources from outside my house.

Unfortunately, I have never played with IPv6 before, so I am not sure where to start and if there are important points I should be aware of before considering the move.

I see that no-ip for example gives the possibility to set a dynamic DNS for your dynamic public IPv6.

As I already have some private domains, which all points to my caddy reverse proxy within my network, would it be ok to simply do something like this?

2001:0db8:85a3:0000:0000:8a2e:0370:7334 (example of my Dynamic Public IPv6)

--->

custom.noip.com (a dedicated subdomain purchased with no-ip.com, or similar service)

--->

plex.example.com (through a CNAME on DNS record of my own domain)

--->

home router listening requests on ports 80 and 443 and forward them to my reverse proxy if coming from one of the defined subdomains

--->

caddy reverse proxy, which redirects the request to my Plex server.
Click to expand...

Looking at the above, it seems too easy (as it looks pretty much like the old fashioned public dynamic IPv4 ddns service).

What am I missing?

What other factors I should consider before deciding to upgrade to 1Gb/s without risking to take down my whole system?

Would torrent still work?

What about OpenVPN server, how could it work in such scenario?

Thanks!
 
Last edited:
giopas said:
private dynamic IPv4 and a public dynamic IPv6
Click to expand...

Private dynamic IPv4 address means CG-NAT WAN address. This means your router is going to be behind another ISP router. This means you lose port forwarding ability unless the ISP is willing to cooperate (in some rare cases). This means most likely no more access to your open to Internet services over IPv4. This means you have to rely on IPv6 only for this purpose including access to your VPN server.

Dual stack means you have two doors to your network. You have to apply the same security measures for both IPv4 and IPv6. This is not always possible on a home router. If you use DNS filtering services like OpenDNS you lose the custom categories - not supported over IPv6. If you use custom scripts in Asuswrt-Merlin - some are IPv4 only. If you use VPN Client on you router - you're facing IPv6 leaks you need to deal with. VPN clients on devices will most likely turn off locally IPv6 when active in order to prevent leaks. DDNS IPv6 on Asuswrt may not work reliably.

Web browsing experience >150Mbps is all the same. Your daily Internet experience won't change. Large downloads and speedtest will benefit from faster connection. You can show good speedtest numbers to your friends. You may benefit from faster upload in case you solve successfully CG-NAT access issues. You perhaps will be paying more including new equipment rental fees. Check the conditions carefully.

I would keep the 200/50 line with public IPv4 WAN address and keep IPv6 at default disabled. It's more than enough for family use and you have no real benefits from IPv6 when you have public IPv4 available. My firewall stats show very few spikes over 150Mbps on my 500/30 ISP. I would trade it for 200/200 instantly. I don't use IPv6 because in my country it's not needed. We are family of 4 doing regular work/learn-from-home and media streaming.

You perhaps know what device on your network is 192.168.1.14, but can you tell what device is 2001:0db8:85a3:0000:0000:8a2e:0370:7334? Your current network is behind NAT and the Internet world sees one device - your router. With IPv6 enabled your internal devices will get global IPv6 addresses and can communicate with Internet directly. Do you trust all your IoT devices? Do you trust your home router? You have some decisions to make.
 
giopas said:
Hi all,

I need your advice (yet again).

For the last 7 years, I have a 200Mb/s internet connection which also provides me with a public fixed IPv4 (an option which basically makes me paying for the double of the price).

For the overall same monthly price, the ISP is now offering me a 1GB/s with a private dynamic IPv4 and a public dynamic IPv6 (dual stack connection).

In the past, I never dared to move away from the public fixed IPv4, as I was scared to not being able to access to my NAS applications from remote (which I use for Plex, download manager, file/picture backup of my phone's, document management, reverse proxy and OpenVPN).

I am now thinking that I probably should revisit my position and see if actually there are ways to continue to access my local resources from outside my house.

Unfortunately, I have never played with IPv6 before, so I am not sure where to start and if there are important points I should be aware of before considering the move.

I see that no-ip for example gives the possibility to set a dynamic DNS for your dynamic public IPv6.

As I already have some private domains, which all points to my caddy reverse proxy within my network, would it be ok to simply do something like this?



Looking at the above, it seems too easy (as it looks pretty much like the old fashioned public dynamic IPv4 ddns service).

What am I missing?

What other factors I should consider before deciding to upgrade to 1Gb/s without risking to take down my whole system?

Would torrent still work?

What about OpenVPN server, how could it work in such scenario?

Thanks!
Click to expand...

@Tech9 covered it but I'll just add if you really want to go that way first verify with the ISP that they are allowing inbound connections. It does seem to be rare for them to block it, but not impossible. If they are, then you could use a DDNS service that supports IPv6 and be able to reach your devices by hostname. But it is a whole other world, you would need your NAS (and anything else you wanted to access) to update DDNS if/when their IP changed. Or set up a VPN to the router's WAN IPV6 IP and use VPN to access your home stuff (the more secure approach).

Do they offer a dynamic public IPv4, even if to reduce the cost on your current service?
 
drinkingbird said:
Do they offer a dynamic public IPv4, even if to reduce the cost on your current service?
Click to expand...
Thank you both for your answers (which confirm my at the time decision).

While going through the (very limited) documentation of my ISP, I discovered they also offer for 2€/month a public dynamic IPv4.

It is interesting what @Tech9 says about the fact that there is almost no difference for any connection above 150Mb/s. And that probably I would need to rent a new modem/router (only used as modem).

In my current case the only positive change would be on the upstream connection: currently capped at 20Mb/s which would become 100Mb/s. Sure is that if this makes difficult or even impossible to be reached from outside my network, it is not worth...

I get that I have at least ask the ISP if and how port forwarding is possible and, probably in any case also subscribe to the public dynamic IPv4 (which is a step back to my current situation).

This is quite useful! Thanks!!
 
giopas said:
Thank you both for your answers (which confirm my at the time decision).

While going through the (very limited) documentation of my ISP, I discovered they also offer for 2€/month a public dynamic IPv4.

It is interesting what @Tech9 says about the fact that there is almost no difference for any connection above 150Mb/s. And that probably I would need to rent a new modem/router (only used as modem).

In my current case the only positive change would be on the upstream connection: currently capped at 20Mb/s which would become 100Mb/s. Sure is that if this makes difficult or even impossible to be reached from outside my network, it is not worth...

I get that I have at least ask the ISP if and how port forwarding is possible and, probably in any case also subscribe to the public dynamic IPv4 (which is a step back to my current situation).

This is quite useful! Thanks!!
Click to expand...

Dynamic v4 along with a free ddns service is almost as good as what you have, and if that saves you money or gets you more speed for the same price, is a good option.

Going from 20M to 100M on the upload is a bigger attraction for me than the bump in download speed.
 
Indeed.

At the end, if I add the 2€ for the public dynamic IPv4 + 6€ modem rental (I will however try to negotiate to do not have it charged), overall I would have to pay 10€/month more a month (i.e. 65€/month compared to the current 54.43€/month) for better upload speed (and, currently not available, public dynamic IPv6, even if I probably won't use it at all).

Definitely not cheap, but it is the price where I live unfortunately. I will check with the ISP what conditions I get (and get confirmation about portforwarding), and then decide.

Thanks!
 
giopas said:
I discovered they also offer for 2€/month a public dynamic IPv4.
Click to expand...

Get it, this makes the offer better.

giopas said:
It is interesting what @Tech9 says about the fact that there is almost no difference for any connection above 150Mb/s. And that probably I would need to rent a new modem/router (only used as modem).
Click to expand...

Because websites rarely send data back with >100Mbps and you'll need a new ISP equipment for Gigabit.
 
Fix the network first. The new ISP is not going anywhere. They may have a better offer later on.
 
In the US, many ISP's that allocate your IP Address dynamically block certain inbound ports (like 80) and can render certain functions unusable. Having a fixed external IP goes with a removal of those restrictions. Before changing the services, be sure that you understand what the service does and doesn't include - and get it in writing (ask for links to the details of the services and then make PDF's of those pages).

Also, we are able to provide our own modems and eliminate the renting aspect. I haven't paid a rental fee for years and have only bought two modems over that time. Additionally, because I buy -modems- and not combo's, I get items that are purpose-built for what they are intended to do. I had a ISP tell me that I would need to accept their router "for free" in order to maintain home phone service. I discontinued phone service with them as soon as that happened because the new router contained WiFi which they would be in control of. And most ISP's here now enable their WiFi and allow other customers of their service to connect to it as a "perk" of having service with them. Nope. Random people are not going to be connecting to the Internet through my devices. Ever.

Purchasing your own modem typically pays for itself in anywhere from about 8 months to 18 months depending specific costs and such. Well worth the investment just purely from a security standpoint if it's an option.
 
Getting access back to home - consider TailScale or ZeroTier (or both)...

tailscale.com

Tailscale · Best VPN Service for Secure Networks

Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location.
tailscale.com tailscale.com

www.zerotier.com

ZeroTier | Global Area Networking

ZeroTier enables secure, modern virtual networking for everyone, from startups to small and mid-size businesses to the Enterprise.
www.zerotier.com www.zerotier.com

I understand for some it's a concern moving from static IPv4 to something a bit more dynamic, but it's a solvable problem, and one that is likely more flexible and secure than having a static IP and port forwarding services to the public internet..
 
Thank you. Is there a difference between Wireguard and Zerotier or Tailscale?

Edit: answer is here:
WireGuard normally requires one end of any connection to have a static IP address. However, Tailscale adds atop WireGuard a layer of on-demand NAT traversal so that devices can communicate directly, even through firewalls, without manual configuration. In case NAT traversal is not possible or UDP is blocked, Tailscale automatically relays encrypted traffic over TCP (HTTPS), so that devices can always communicate. It automatically switches WireGuard between these different transport mechanisms depending on network conditions.
Click to expand...
 
Last edited:
giopas said:
Thank you. Is there a difference between Wireguard and Zerotier or Tailscale?

Edit: answer is here:
Click to expand...

Any VPN setup will require either a static IP or a DDNS hostname. VPN providers of course have static IPs and hostnames pointing to them.

Wireguard's main benefit is that it is very efficient and can typicallly get much higher throughput on the same hardware vs. others. However many VPN providers charge for Wireguard support (since they know it is new and popular). If you're already a paid user, it makes sense to use it.

The other two you mention I believe are just add-ons/improvements to wireguard to make it a bit simpler to set up. However if you are the "client" you should not need those.
 
You must log in or register to reply here.

Similar threads

Tom Jo-Jo Junior Shabadoo
VPN as server - ipv4 over ipv6
Replies
0
Views
507
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
B
How to connect AC5300 VPN Server(ipv6) from IPV4 network?
Replies
1
Views
565
beibeitu
B
icanfly
custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS
Replies
2
Views
513
sfx2000
sfx2000
B
IPv6-only site-to-site setup with Wireguard, and how to handle IPv4
Replies
1
Views
1K
drinkingbird
drinkingbird
W
IPv6 Firewall rule for whole network possible (port opening) instead of local IP?
Replies
0
Views
760
wisecoffee
W

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 834 (members: 18, guests: 816)
Top