Yeah, right now in order to do it without giving up a bunch of services you have to combine it with NAT64+DNS64. NAT64 maps the entire IPv4 space to a /96 of your chosing and then DNS64 will generate AAAA records based on that /96 when upstream doesn’t provide one so clients can talk pure v6 even to v4 only sites. There are some services (steam client and discord voice calls) that require v4 addressing and won’t work with this setup, but it gets you 98% of the way there.
@Scoopta
In my opinion it’s possible to route traffic directly to the Internet without the usage of a gateway, isn’t it? The second part is, it’s not really good readable for humans, it’s made for machines (I think). In ipv4 i know with a blink of an eye which subnet it is and where to route, in ipv6 for me it’s hard to read, even because of the hiding zeros, makes it harder (for me). And it makes troubles with VPN behind a router when the other side uses ipv4. DNS issues and so on.
No, you still need a gateway, maybe what you’re referring to is the lack of NAT? But that honestly makes it less confusing, there’s still a default gateway though. It’s funny you say the subnetting thing because for me it’s the opposite. In v4 subnets are variable sized, sure /24 is the most common but I’ve found everything from /8 all the way to /29 in the wild. In v6…every subnet in a sane network is a /64, it’s practically enforced by the standard. You basically can’t go smaller and going bigger is pointless. That means the first 4 hex groups are your subnet, the last 4 are the device, basically always. Now VPNs are one of the few environments where /64 isn’t super heavily enforced and you can go smaller but it’s still good practice to use it anyway. Memorizing addresses is…you’re not wrong, but also I personally don’t find it that bad and here’s why. The first half of the address isn’t THAT much longer than a v4 address. It is a bit, and yes it’s hex so letters. Thing is, the first half is the bit you can’t control, kinda equivalent to your public v4, so once you memorize that, the second half can be whatever you want and as short as you want. Worst case you can always use DNS to avoid memorizing addresses but that does require extra configuration.
I know, I should not tell this publicly but… I route /96 subnets and assign single /128 addressed to virtual hosts inside my vpn.
Sure than there is no auto configuration possible anymore (wich is THE killer feature in v6) bit I only have to pay for a single /64 block and all host can get a public v6 if needed.
I’ll be honest, less ugly than NAT which is really where I draw the line (I hate NAT), especially if they’re charging you per /64, that’s borderline diabolical from a hosting provider. If I was getting charged per /64 I’d probably route /96s too. Lack of SLAAC is unfortunate though.
Yeah, right now in order to do it without giving up a bunch of services you have to combine it with NAT64+DNS64. NAT64 maps the entire IPv4 space to a /96 of your chosing and then DNS64 will generate AAAA records based on that /96 when upstream doesn’t provide one so clients can talk pure v6 even to v4 only sites. There are some services (steam client and discord voice calls) that require v4 addressing and won’t work with this setup, but it gets you 98% of the way there.
@Scoopta @HelloRoot
I really dislike ipv6 because in VPN setups it generates more problems then it solves. Ahrg.
I’m not sure what you mean by that? What problems specifically?
@Scoopta
In my opinion it’s possible to route traffic directly to the Internet without the usage of a gateway, isn’t it? The second part is, it’s not really good readable for humans, it’s made for machines (I think). In ipv4 i know with a blink of an eye which subnet it is and where to route, in ipv6 for me it’s hard to read, even because of the hiding zeros, makes it harder (for me). And it makes troubles with VPN behind a router when the other side uses ipv4. DNS issues and so on.
No, you still need a gateway, maybe what you’re referring to is the lack of NAT? But that honestly makes it less confusing, there’s still a default gateway though. It’s funny you say the subnetting thing because for me it’s the opposite. In v4 subnets are variable sized, sure /24 is the most common but I’ve found everything from /8 all the way to /29 in the wild. In v6…every subnet in a sane network is a /64, it’s practically enforced by the standard. You basically can’t go smaller and going bigger is pointless. That means the first 4 hex groups are your subnet, the last 4 are the device, basically always. Now VPNs are one of the few environments where /64 isn’t super heavily enforced and you can go smaller but it’s still good practice to use it anyway. Memorizing addresses is…you’re not wrong, but also I personally don’t find it that bad and here’s why. The first half of the address isn’t THAT much longer than a v4 address. It is a bit, and yes it’s hex so letters. Thing is, the first half is the bit you can’t control, kinda equivalent to your public v4, so once you memorize that, the second half can be whatever you want and as short as you want. Worst case you can always use DNS to avoid memorizing addresses but that does require extra configuration.
I know, I should not tell this publicly but… I route /96 subnets and assign single /128 addressed to virtual hosts inside my vpn. Sure than there is no auto configuration possible anymore (wich is THE killer feature in v6) bit I only have to pay for a single /64 block and all host can get a public v6 if needed.
I’ll be honest, less ugly than NAT which is really where I draw the line (I hate NAT), especially if they’re charging you per /64, that’s borderline diabolical from a hosting provider. If I was getting charged per /64 I’d probably route /96s too. Lack of SLAAC is unfortunate though.