Host IPv6 tunnel possible?



  • Alright, so here's the deal. I have a pfsense box at work AND one at home. I recently switched ISPs at home to one which does not yet do IPv6. At work I have a /48 routed to me, and I only use one /64 for the office network.

    So…

    Is it possible to do some sort of IPv6 tunnel such that I can get the work pfsense box to be a tunnel broker/host for my home network?

    Am I making any sense?

    I know I could do the HE thing or something like that, but then Netflix, etc., can get wonky.



  • Yes, I do exactly that with my notebook computer, so that I get IPv6 when away from home.  Just set up OpenVPN to pass IPv6 and route a /64 or larger prefix to your home network.


  • LAYER 8 Global Moderator

    While this is fun and kewl and all.. Hold my beer sort of networking ;)  But why exactly would you need to do this?

    What resource are you accessing that is only IPv6?



  • Well, I technically don't need to, and and I can get by without it, but it's nice to have (I'm the original poster).

    Here's one example:

    I have a couple servers at work that run a nightly backup to computers in my basement. Previously, with IPv6, each machine at home had a unique IP address, and I could set the backup script to connect directly to that computer via IPv6. Now I have to do some special port forwarding, aka "connect to IP x.x.x.x port YY" for this backup and "connect to IP x.x.x.x port ZZ" for the other backup.

    Again, not a huge deal but would be nice to have IPv6.


  • LAYER 8 Global Moderator

    Well if you want IPv6 into your network at home… Why would you not just run tunnel from HE if your isp doesn't support ipv6 or they do it shitty (many do that)..

    As to netflix and HE tunnels - simple enough to fix, don't allow whatever your running netflix on to get an IPv6 address.. Or don't allow it out on ipv6 so it falls back to IPv4, or set it up so netflix doesn't resolve AAAA, can be done with bind or there is python script someone posted here exactly for that reason to use with unbound.

    But just as easy to put your netflix watching devices network that is not using ipv6, or is fully static ipv6 and then put your devices that you want to use IPv6..

    Way easier solutions than trying to tunnel to work to use part of that /48..

    Or how about just create a vpn to your house from work, and then run through the vpn to do whatever backs you want so you don't have to port forward, etc..

    There is always multiple ways to skin the cat, but you don't have to pick the hold my beer sort of solution because it is that crazy ;)



  • Now I have to do some special port forwarding, aka "connect to IP x.x.x.x port YY" for this backup and "connect to IP x.x.x.x port ZZ" for the other backup.

    Again, not a huge deal but would be nice to have IPv6.

    That's an excellent reason for moving to IPv6 as much as possible.  NAT brings a lot of problems, such as yours where you need some other means to select among multiple computers running the same protocols.


Log in to reply