Return to Level1Techs.com

IPV6 for a Normie Home User? Is it worth it?

#1

Hello everyone, good day!

I have seen some Youtube Videos about IPV6. In theory, it has some advantages from IPV4. But I am a normie home user :sob: with a PFsense box, and got me thinking.

Is there any benefit for a home user to switch to IPV6? :thinking:
Should I prepare for future adoption now? :thinking:
What security benefits will it bring me? :thinking:

Note:
-I live outside the US and my ISP is still on IPV4.

I wanted to open the discussion. Thanks for the support.

0 Likes

#2

I don’t think ipv6 makes sense right now for internal networking at home.

If your isp supports it, then sure, use it for your devices that connect to the internet, but don’t just throw out ipv4, use both in that case.

I just don’t see any real world advantages for v6 in a small network, when your isp does not support v6. If you had a network with thousands of devices then yes, it would make sense.

I wouldn’t discourage you if you wanted to do it for fun or for a learning experience though, setting it up won’t do any harm, it just costs time.

4 Likes

#3

:scream: I was not aware I could use both at the same time! Great! Thanks.

2 Likes

#4

No. imho

0 Likes

#5

If your ISP supports it, I would terminate Ipv6 at me router. This way you get the best of both worlds. Most ISPs only give one IPv4 per account with residential service. But give your more money to than one with Ipv6. With Ipv6 to the router, allowing more than one device to internet if you needed to is possible with NAT.

0 Likes

#6

I’m interested in this topic as well. As someone who’s used IPv4 since the early 90’s and it’s familiar and comfortable to me. I find IPv6 to be strange and uncomfortable because I’m not so familiar with it.

Now I’m sure I’ve collected some misconceptions in my attempts to learn more so if someone can help correct me, this is what I’ve picked up on:

Each device gets its own unique (in the world) IP direct to the internet meaning that NAT and a normal firewall setup somewhat out of the picture. One of the things that makes IPv4 comfortable to me is that my firewall decides where traffic comes and goes (to some extent) and I can control which ports to go to specific machines. By default my firewall blocks all incoming connections unless I decide to open up a port. With IPv6, the risks would seem to be much greater and more difficult to manage as I would think it would be very easy to expose vulnerabilities in your devices out on the internet.

Is this accurate or am I way off base here?

I’d be interested in learning how to set up an IPv6 network securely for a home environment. At least for learning purposes. I’ve got a pfSense router so it supports it.

0 Likes

#7

That’s a pretty big misconception. v6 traffic has to go through your firewall to get from the scary internet into your local network. All the UDP/TCP rules that you set for v4 are of course available for v6.

Assigning a globally routed v6 address to a host, does not mean that host is accessible without first being routed passed your firewall. And you don’t have to assign a globally routed address if you don’t want. There are of course non-routed v6 address ranges that mirror the functionality of the familiar v4 local ranges. And just like with v4, if you want those hosts with only local v6 addresses to be able to reach out, you can SNAT them at a router with a global address and the router will take of the return traffic for you, just like v4.

3 Likes

#8

I, myself, was curious about this. My ISP does not as yet support residential IPv6 service. In this situation, there are some alternatives. I set up an account with Hurricane Electric (IIRC). They assigned a block of publicly facing IPv6 addresses to me and I configured a tunnel between them and my pfSense box. I then spent more time than I am comfortable to admit, learning how the IPv6 address space (types of addresses, types of address allocation and subnetting) works. Finally, after a weekend long ordeal, I was able to connect to the outside world without the archaic, outmoded and mouldy IPv4 protocol.

What did I gain for my trouble?
A lot more latency!

Obviously, if my ISP supported IPv6 natively and there was no need to tunnel all of my traffic, latency would not be an issue. But, at this stage of the game, where we effectively have two Internets (one IPv4 and one IPv6) running in parallel, there is no reason for the casual user to prefer one protocol over the other. Also, be aware that virtually nothing that you know about IPv4 networking is transferrable, apart from general concepts. IPv6 is an altogether different beast. It was definitely an interesting learning experience, if this is the sort of thing that trips your trigger and I did learn a lot, but I can’t say as I would recommend this sort of experiment, unless you have too much free time on your hands and you are in need of a new hobby.

0 Likes

#9

What resources did you use for learning how to set it up? Anything to recommend?

0 Likes

#10

Well, the best source of information would be the RFC’s, but they can sometimes be rather impenetrable … and there are seemingly dozens of them which deal with IPv6. Additionally, I watched the odd youtube vid and did some duckduckgo-ing. Honestly, it’s been just over a year since I performed this little experiment, so I can’t say as I can recall any particularly good sources of information … apart from the RFC’s, of course.

If you are already familiar with IPv4 networking concepts, you’ll probably only need to focus on IPv6 subnetting and address allocation. You might start with an article like this one, which will help you narrow your reading list:

Part 2:

Have fun!

1 Like

#11

There’s probably no clear reason to do it, other to get comfortable with it. IPv6 is the future. Switching now will give you more experience once it’s coming wide spread.

Additionally, i think, the move to IPv6 is also a move away from trying to know IP Adresses. Ideally your Network should be set up in a way, that you, as a human, only have to know hostnames. If you dig through all the big stuff, you internal home addresses start to look much more reasonable.
::1 is localhost
fe80::12 is a device on your network
fc00::23 is a device on a different subnet

That’s about all of the IPv6 Patterns you’ll ever need as plain Addresses. Ideally you should let your Router manage all of this for you. The days of micromanaging IP’s are over. You give Names to stuff and your Gateway worrys about the rest.

0 Likes

#12

And there is some security in IPV4 because of NATS. True IPv6 allows every device ever made in human existance to be identifiable.

0 Likes

#13

This doesn’t mean you have to do it like that.
You are free to give out IPv6 Adresses in your Internal Network however you please and still use a NAT router to hide them from the actual Internet.

Just because we now HAVE enough Adresses for every grain of sand to be connected to the Internet, doesn’t mean we have to use it like that.

Plus Security through obscurity never is a good idea. IPv4 or 6, securing your devices from external access is required with both.

0 Likes