hi all. starting with a default openwrt install is slowly becoming customized. i have wan6 interface and a ipv6 dhcp server running but don't intentionally use either. In the middle of segmenting some devices and trying to understand firewall settings, i'm wondering why i need anything ipv6 on such a small network (~ 50 total devices). I read in at least one post that the kernel supports ipv6 so to partially remove it is dangerous.
Is it considered bad practice to eliminate ipv6 to get a better handle on ipv4... then i guess reintroduce ipv6 when/if needed?
IPv6 is here to stay, and you will increasingly start to see services that are only -exclusively- available via IPv6 (and be it your own roadwarrior-style VPN on cgNAT). It cannot (sensibly/ safely) be 'removed', but it's up to you if you configure OpenWrt to use it.
Maybe you have no directly benefit in your small local network but still your clients will need IPv6 on the Internet where your small local network is attach to
Make yourself familiar with the OpenWrt defaults and how you should configure IPv6 when using vlans and therefore multiple local networks.
If you do any form of peer to peer, be it torrent, Video calls, gamingz you name it, you will benefit from IPv6 too. Promised.
note that it enables ipv6 on loopback as many network servers nowadays plainly expect ipv6 to be configured.
Most likely outcome is that in 5 years when your provider starts providing ip6 you will not notice that.
For what it's worth, I have been disabling ipv6 since the days of ipv6 leaks over vpn when this was a legit practice. I know I don't need to disable it any more now that those leaks are fixed but it's just kind of a bad habit I have I guess LoL. I know I am only 1 data point, and not everyone will have the same experience as me but in about 15 years of disabling ipv6 I have not once ran into an issue with doing this. Every service I use works as intended.
YMMV but for me there appears to be no downside. Although I will freely admit there is also no upside at this point LoL.
It is a special case when you are using the router as a client of a v4 only VPN service you do need to keep the lan (that routes out to the Internet via VPN) from having a public v6 address. That can be done by removing the ip6assign and the RA and dhcpv6 servers from that LAN only. It is not necessary to disable v6 everywhere.
Sure you need to configure IPv6. On its own. It has more or less nothing in common with IPv4. If everyone had just jumped the train in the 90ies we would not have to deal and take care of two distinct protocols
Since 8 years now I have IPv6 connectivity and would not want to miss it.
Same for IPv6 LLA which was more then once a neat safer.
Honestly normally I would disable ipv6 for vpn, but as many already suggested it is the future and is going to stay, i'd agree on that because you will eventually miss connectivity to ipv6 on games and p2p
To me it is more of a difficulty to understand how ipv6 work and how it doesn't have a nat, and the camps who are against nat6 implementations and who are not, it makes me a little itimidated to configure it because a wrong configuration will make a leak on the vpn and put all my clients straight on wan on the isp side , while I think ipv6 has almost no use for local network use (maybe with matter?), it is the remote public ipv4 space what has a shortage.
When I do a simple search on youtube, I never came across a result for wireguard servers/clients with ipv6, seeing such tutorial would be really great
NAT was not invented till the early 90ies when we already discovered that address on 32 bit are to few. Again ipv4 was an escaped lab experiment!
So in 1992/1994 we got CIDR and nat and rfc1918.
For a packet switching network as IP and also IPv6 there is NO technical need ever to do any kind of address or port translation because it fukking breaks end to end connectivity.
That's why the hardcore IPv6 camp is against the deployment of nat.
There is a use case for nat with ULA but only because many ISP just suck and are unable to provide customers with provider independent addresses and offer bgp.
If we would have that, then there would not be a single reason left why anyone should have the need to use NAT at all...
IPv6 is designed to have multiple addresses on one interface. Just add an additional ULA to tge devices you need to reach locally. While keeping the GUA for internet connection.
For publicly reachable servers its a bit more complex unfortunately. But using dyndns with dynamic prefix and fixed host part works fine for me.
You can do this if both links are at least equal, yeah then you can delegate both prefixes to a server.
Even even then, if one links goes down and you need to retire these address then connections got terminated.
The "correct" and painless way is address space from a RIR and bgp with your providers.
Hacky home setups stay hacky.
At least it's less hacky if you tunnel to a VM and do bgp with the hosting provider.
But again. Having multiple different networks assigned to a host and it's services will result in heavy issues.
Here can ula somehow help to reduce the impact.
If you are interested in this topic there plenty of RFC BCP and many blogposts from i.e. arin to this topic. And because of this issue the only good way forward is to get more ISP into offering customer bgp.
Ipv6 address allocation from RIR are pretty easy compared to ipv4.
A sponsored resource is mostly only 50 dollars per year in comparison to a full membership for round about 1400 dollar per year
yeah, after reading all your replies i dug in and decided to just deal with ipv6. after working through the issue it made sense. and after coincidentally watching this couple days ago def agree.
