IPv6 with two or more LAN-side interfaces
-
@Bob-Dig said in IPv6 with two or more LAN-side interfaces:
No, as far I can tell, my ISP is not changing that.
Have you even tried? Handing out a single /64 has to be the ultimate in stingy. There are enough /48s to give well over 4000 of them to every single person on earth and that's with only 1/8 the IPv6 address space allocated to Global Unique Addresses.
BTW, he.net will give, for free, a /48. Prior to my ISP (Rogers) offering IPv6, I used a tunnel broker who gave me a /56 for free.
-
@JKnott Most home users will not notice it anyway. I can live with it but I wanted to know it for sure.
-
Still, it wouldn't hurt to ask.
-
@JKnott It would hurt me. Had enough problems with my isp in the last years and know some thing or two how they operate.
-
Maybe you should get a different ISP then.
-
You understand it would take you all of a couple of minutes to get everything you want to do up and running with a FREE /48 from HE.. You can do your statics on and not have to worry about any changes in the prefix... You can even take the same /48 with you if you change ISPs
You also can set PTRs on this /48 space if you have any need for that, etc.
There really is little reason to have to "deal" with lack luster and shitty isps when it comes to doing ipv6.. Giving out 1 /64 is just plain stupid.. But when the vast majority of their users are using their device, and only have 1 flat network behind - why not just do it that way, etc..
So find an isp that does what you want, or just run a tunnel.. It really is a couple of minutes to setup.
-
@johnpoz Is there a noob friendly tutorial for HE around here?
For my noob-E-Mail-Server it would be nice to have PTR.
Can I have two ore more IPs with each there own PTR for one machine/host? So that every Service got its own IP/PTR, even when it is on the same machine as another Service? -
You can setup PTRs for any of your IPv6 addresses.. I have a few setup
here is the pfsense docs
https://docs.netgate.com/pfsense/en/latest/interfaces/using-ipv6-with-a-tunnel-broker.htmlHaven't run through it years... But I would assume its current and ready to go from a quick look over it looks fine..
I don't run smtp on it, I know a few years back they had some issues with abuse of users sending spam, etc. etc. And you had to enable it if you were sage, and now that is even gone - and you might have to contact them to enable 25.. Guess I could do a simple test to see if 25 is open in and out over the IPv6, etc.. But just be aware that might be something you will have to contact them about.
edit: did a simple test of outbound and that is open
telnet -6 2607:f8b0:4001:c03::1a 25 Trying 2607:f8b0:4001:c03::1a... Connected to 2607:f8b0:4001:c03::1a. Escape character is '^]'. 220 mx.google.com ESMTP e24si5820214ioh.159 - gsmtpSo I don't see why outbound would be open without inbound.. I haven't kept up with all the stuff on their forums and such for years and years since its just rock solid and no need.. Only time I was on there frequentlly was years ago like early 2011 or something when got sage via their free certification test.. You can get a FREE tshirt ;) I still sport mine now and then..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz said in IPv6 with two or more LAN-side interfaces:
You can setup PTRs for any of your IPv6 addresses.. I have a few setup
Where can I do that? I got a he tunnel just now but can't find that option.
-
I got it.
-
@johnpoz Regarding PTR and the HE-tunnel, I created some PTR-Records or to be more precise I guess, HE created them after I made the AAAA-Records. But my DNS-provider is cloudflare, so my question is this, do I have to "glue" something togehter for PTR to be "better" or is this not important, because it works anyway?
-
No there is nothing to glue together... cloudlflare becomes the authoritative NS for the forward records.. HE will always be the authoritative NS for the IP space... Unless they delegated that to clouldlflare.. Which they currently do not allow you to do..
But works just fine this way.. Does your PTR resolve - then your fine.
-
@johnpoz Thank you, John.
Regarding policy routing, in another thread you showed me the use of an Alias RFC1918 for an IPv4-rule.
Now I want to route everything IPv6 from VSERVER out to the HE-Tunnel. Is it therefore advised to have a rule for every other IPv6 enabled interface in my example LAN?
And if yes, I have to do it for every interface I guess, especially that I also use my ISP-IPv6 with is to some degree dynamic.
-
does your wan have its own IPv6? HE prefixes wouldn't work out your wan if it has its own IPv6..
HE would just be your default gateway for IPv6 - there would be no reason to policy route it.. It would just happen on its own with the default * gateway.. Via normal routing..
Not getting the use case to why you would want/need to policy route ipv6..
-
@johnpoz I use both. The ISP one is only /64, it is on LAN and probably has better "ping-times" for gaming etc and is my default. And for the other Interfaces I will use those provided by HE or none.
In this regard, made my post from before sense? -
Ah - ok..
They yeah you would policy route it just like IPv4 then - you send traffic from the networks using HE out HE gateway.
-
@johnpoz But do I need the rule in the middle?
Also you are right with making HE-Tunnel the default if the middle rule does make sense, it would be much easier then to only do it to LAN instead to all the other.
-
Yeah that way works too ;)
I personally would just use HE.. Have you done any testing to see how much latency difference your seeing to different things.. Or you just assuming that your ISP should be faster - all comes down to the peering ;) And if you have a HE pop in your local area.. If the only HE pop you have is on really far away - then yeah ok that could add some latency... If where you wanting to go is in the wrong direction.
You have a shared last mile which is your ISP... But after that it comes down to peering and location - for you know HE is in the same pop, etc. I would be curious to the difference in performance.. Sure HE is in a GRE tunnel and a bit of added overhead but really in the big picture your talking insignificant stuff here..
-
@johnpoz I did some very few ping-tests and my ISP came ahead with one ms, which is nothing.
But now I am thinking to get rid of the /48 and instead open four other tunnels...
-
Huh... They won't let you open 4 tunnels.. You have to have multiple IPv4s to do multiple tunnels.
