Menu
What's new
By:
Filters Better Search

Ipv6 or not ipv6?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Olndo Pindaro

Olndo Pindaro

Regular Contributor
I have an 5g modem connected to an Asus rt-ax86s router, ipv6 is is disabled and all works like a charm.
I am loosing something without ipv6? Any reason to enable it?

Thanks
Olindo
 
I guess that you get more efficient routing with IPv6, by avoiding the NAT bottlenecks.
Also with IPv4 your router is targeted more easily, as nowadays any IPv4 address is used and hackers using bots can find targets in seconds to attack. With IPv6 you are hidden inside a vast number of unused addresses.
 
Olndo Pindaro said:
I have an 5g modem connected to an Asus rt-ax86s router, ipv6 is is disabled and all works like a charm.
I am loosing something without ipv6? Any reason to enable it?

Thanks
Olind
Click to expand...
IPv6 is the way forward, and I usually suggest enabling it if your ISP has made it available to you.
I'm not sure how you would configure IPv6 on your router in this case...5G mobile is exactly the end use that IPv6 was built for.
That said, and to answer your question, when you enable IPv6 you also have to be concerned with/mindful of a firewall for IPv6 as well.

This might help you get started: ipv6.he.net/certification

(I've found that my torrenting/streaming is a bit more...robust since I enabled IPv6 on my LAN)
 
Olndo Pindaro said:
I have an 5g modem connected to an Asus rt-ax86s router, ipv6 is is disabled and all works like a charm.
I am loosing something without ipv6? Any reason to enable it?

Thanks
Olindo
Click to expand...

I'm definitely going to recommend the opposite of the others here and say leave it off. You are not losing anything at all, and if anything would open up potential security risks.

If you want to try it, spend the time to learn about the vast differences vs IPv4, and the various issues that home router companies like Asus (and others) have had with it, since it is essentially put on as an afterthought. In fact if you want to play around with it I would do it in some isolated test environment until you're familiar enough with it. Personally, I would never enable it with the Asus as the only layer of protection, I would have a second layer of firewall. The only time I ran IPv6 at home was with an enterprise Cisco Router (with security license for firewall and IPS functions) and a Juniper firewall behind it.

If you don't have a specific reason for it (CGNAT from your ISP but you need inbound connections etc) I would leave it off and forget about it.
 
Has anyone heard of a security incident that was caused due to IPv6 or has helped hackers in any way/
 
My curiosity is increasing.... My isp support ipv6. But with ipv6 what is the meaning of dhcp? How works dns a Asus ddns?
 
Olndo Pindaro said:
I have an 5g modem connected to an Asus rt-ax86s router, ipv6 is is disabled and all works like a charm.
I am loosing something without ipv6? Any reason to enable it?
Click to expand...

It depends...

5G-Fixed Wireless Access, at least here in the US, is IPv6 first (and native) - so IPv4 is handled as a legacy stack with mechanisms like 464XLAT (similar to, but not the same as CGNAT).

Practical experience with 5G-FWA - TMobile's IPv6 is ok, one thing to note is that they don't provide a PD, which makes internal addressing rather interesting (not in a good way) - I know this first hand as I have T-Mobile 5G Home Internet. Also they provide an RFC1918 IPv4 address, in my case it's 192.168.12.0/24 on the "WAN" side, which means any kind of port forwarding in IPv4 is basically not possible.

TMobile is one of my ISP's, the other is CoxHSI - and there, they're fullly dual-stacked with public IPv4 and IPv6 addresses, and they will typically issue a PD with a /64 - less than optimal compared to a /48, but this is a consumer account.

I usually encourage folks to give it a try with enabling IPv6, but at the same time, I'm also aware that many Router/AP's may have issues with IPv6...
 
coxhaus said:
Me. I am only going to use IPv4. I am too old to start using IPv6.
Click to expand...

I wonder if pfSense ever sorted out the issues they had with IPv6 - some of this wasn't directly on them, as ISP's differ on their side for implementation purposes as well...
 
sfx2000 said:
It depends...

5G-Fixed Wireless Access, at least here in the US, is IPv6 first (and native) - so IPv4 is handled as a legacy stack with mechanisms like 464XLAT (similar to, but not the same as CGNAT).

Practical experience with 5G-FWA - TMobile's IPv6 is ok, one thing to note is that they don't provide a PD, which makes internal addressing rather interesting (not in a good way) - I know this first hand as I have T-Mobile 5G Home Internet. Also they provide an RFC1918 IPv4 address, in my case it's 192.168.12.0/24 on the "WAN" side, which means any kind of port forwarding in IPv4 is basically not possible.

TMobile is one of my ISP's, the other is CoxHSI - and there, they're fullly dual-stacked with public IPv4 and IPv6 addresses, and they will typically issue a PD with a /64 - less than optimal compared to a /48, but this is a consumer account.

I usually encourage folks to give it a try with enabling IPv6, but at the same time, I'm also aware that many Router/AP's may have issues with IPv6...
Click to expand...
I have windtre and ipv6 is probably sperimenta. Modem by deafult setup ipv4 but i tried to setup ipv4/ipv6 and i saw the ipv6 at the modem. I need to checl with support if i can fire up ipv6 definitively.

Thanks to all for your answers.
 
Olndo Pindaro said:
I have windtre and ipv6 is probably sperimenta. Modem by deafult setup ipv4 but i tried to setup ipv4/ipv6 and i saw the ipv6 at the modem. I need to checl with support if i can fire up ipv6 definitively.

Thanks to all for your answers.
Click to expand...

I would highly recommend taking an online course or doing some good research before you go any further. You need to understand native vs. passthrough, DHCPv6 vs stateless, RA, all kinds of stuff. If you just tinker around until you think it is working, who knows what holes you have opened up?

Setting your APN to IPv4/IPv6 doesn't necessarily mean they support IPv6, sometimes they only use IPv6 for the APN communication (management traffic) and your downstream device won't actually get an IPv6. In the US most cellular/Fixed wireless providers do have dual stack v4/v6, but some other countries are not there yet. Some providers here will even give your phone an IPv6 IP only and then if you go to an IPv4-only destination they NAT it to a shared dynamic pool of IPv4 IPs. Others are using CGNAT for IPv4, etc.

If things are working fine as they are, why mess with it? Contrary to what some will tell you, there is no speed benefit to IPv6 over IPv4, in fact sometimes there is a penalty. Asus routers handle IPv4 NAT in hardware and IPv4 routing is hardware accelerated with flow cache, and in fact some portions of IPv6 WON'T be optimized for hardware acceleration and could actually increase the load on your router. So don't do it because you think you're going to get increased performance or anything like that.
 
drinkingbird said:
DHCPv6 vs stateless
Click to expand...
Android devices do not support DHCPv6 and they will not get a v6 address if you use it. I use only stateless in my LAN.
Also check first if your router's firewall support separate rules for IPv6. If you create a new rule, does it ask you if it is v4 or v6?
If not, then stay with IPv4 until you change your router.
 
Christos said:
Android devices do not support DHCPv6 and they will not get a v6 address if you use it. I use only stateless in my LAN.
Also check first if your router's firewall support separate rules for IPv6. If you create a new rule, does it ask you if it is v4 or v6?
If not, then stay with IPv4 until you change your router.
Click to expand...

The asus has separate v4 and v6 firewalls in the GUI. It doesn't ask, you have to choose which section to put it in.

My point is not that the OP needs to choose which ip address assignment method to use, they need to understand what their ISP supports, what the differences are, and how to set up their router to match what is needed.
 
drinkingbird said:
The asus has separate v4 and v6 firewalls in the GUI. It doesn't ask, you have to choose which section to put it in.
Click to expand...

I wasn't going to name names - but Asus is one of the vendors that has challenges with IPv6 on the WAN side...
 
Christos said:
Android devices do not support DHCPv6 and they will not get a v6 address if you use it. I use only stateless in my LAN.
Click to expand...

Well - google has their preferences perhaps - not just android, but their Google Nest devices...

Oddly enough - Chromebooks do work and get addresses inside the LAN for DHCPv6... I suppose with Android and IPv6, it's all about WAN connectivity for the device itself, and in my testing, that works, as the LTE/5G attach assigns addresses for the various services...
 
sfx2000 said:
I wasn't going to name names - but Asus is one of the vendors that has challenges with IPv6 on the WAN side...
Click to expand...

Do any of the home router manufacturers have it right (or for that matter, do we trust they won't break it with a firmware update)? I certainly don't, basically what my point to the OP is, if you don't need it, why mess with it? If you do need it, get some gear you can trust better and have at least 2 layers of protection.

From what I've seen Asus can handle the standard model of Native IPv6 with SLAAC and subnetting fine (functionally, potentially not security wise) Any of the other combos, YMMV.
 
drinkingbird said:
get some gear you can trust better and have at least 2 layers of protection
Click to expand...
When my iPhone connects to 5G, gets IPv6 it has no firewall to protect it.
When it connects to my LAN, it gets IPv6 + firewall protection from my pfsense.
Also, my iPhone gets security patches more frequently than any firewall.
 
Christos said:
When my iPhone connects to 5G, gets IPv6 it has no firewall to protect it.
When it connects to my LAN, it gets IPv6 + firewall protection from my pfsense.
Also, my iPhone gets security patches more frequently than any firewall.
Click to expand...

Firewall and security patches are two totally different aspects of protecting the attack surface. If your phone gets a security patch, someone has found a vulnerability and someone has probably already started exploiting it.

Your phone (and your wireless provider) does have some basic protection, but there are plenty of firewall apps you can put on your phone.

All of that is moot though, an incorrectly configured (or designed) IPv6 firewall can be the same as no firewall at all.
 
You must log in or register to reply here.

Similar threads

K
Have global ipv6 address but unable to access internet over ipv6
2
Replies
39
Views
833
klunk
K
T
Wireguard VPN Disable IPV6
Replies
0
Views
162
treycortez
T
V
IPv6 Passthrough failure on USB WAN
Replies
4
Views
568
Analog-1
A
B
advice needed regarding a new wired router
Replies
10
Views
896
Rain Kleyman
Rain Kleyman
choleric
IPv6 config on Asus RT-AX86U with Google Fiber
2
Replies
36
Views
1K
choleric
choleric

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 920 (members: 20, guests: 900)
Top