Thanks for your message (I am working my way through them, who knew it would be so topical.
Everything else so brilliantly configurable I just figured it would be easy, I was telling someone about OpenWrt and they asked me if this could be done.
For me it is about eliminating things that can go wrong or be missed, exactly as you say, for my friend he is looking for something that makes it harder for the ISP to sniff about your network.
My initial response was to suggest that was what a firewall is for and I said I use the client mode so everything appears as one device, but beyond that I did not have the expertise yet to assure him..
I did tell him to get hold of something like a C7 and install OpenWrt just to play with it.
TBH I do not know why people get so emotive, I was just wondering if there was a to do list because trying something like this is how I learn, I am lousy at RTFM, I have to learn by making something work or by breaking it, each is a piece of the jigsaw.
I didn't see that...in fact, I haven't seen anyone (up to your post quoted) tell you not to do it. I did see you quote another thread, though; and I saw someone ask you why . I was going to ask you also, since "completely disabling IPv6" in 2021 isn't really feasible - so I was going to ask the actual issues that were occurring. But it just seems you want it gone.
On the router; or on your clients?
As you were told, on the clients, you have to disable IPv6 on each device. Next, how does the MAC address relate to IPv6?
EDIT: probably better to add the following lines to /etc/sysctl.conf instead -- this will be effective early in the boot process, while /etc/rc.local happens very late, well after interface initialization:
It should have the effect of preventing any interface from having an ipv6 address, but I'm not saying I recommend it; I'm in no position to. I've done this on certain local linux-based devices whose behavior I wanted to constrain, but have not tried it on a router. I cannot promise it won't cause some service to complain or fail to start. You almost certainly want to make sure you've set your interfaces not to use any form of ipv6 addressing except link-local before doing it.
I have my target on this right now. https://openwrt.org/docs/guide-user/additional-software/saving_space
Generally I agree with you. I don’t see any point with IPv6 because it isn’t even near any implementation in this country in near or long future. And there for I really don’t feel the need to learn anything about IPv6 to be able to handle it correctly. We just on infrastructure level run NAT country wide here and no one care about changing this.
It just feels like a headache when running double IP addresses inside the LAN and one doesn’t go anywhere. Actually not even that, it is not many devices of more than 14 available devices that even asks for a IPv6 address from the router, and no one actually needs it to work.
But I still needs to admin it more or less for the security because the devices go around safety features because they got a IPv6 address and a IPv4 address. So everything needs to have both 4 and 6 setup without any cheeting.
Like “you need to block in the IPv6 also”.
When everyone say in these treads every time the question comes up: “you shouldn’t do that (because some RFC rule say that)” it starts to feel more like they (the people making al these internet standard rule books) don’t want to admit that the IPv6 project actually has failed and no one cares about it any longer.
It really doesn't. IPv6 has been implemented and operates across the internet. Its rollout/adoption may not be as fast as was initially hoped, but it is happening. In a more and more connected world, with an ever increasing number of devices being connected to the internet, IPv4 is no longer sustainable. The array of sticking plasters that are being used to eke it out should attest to that.
For my needs the issue of latency is very interesting, I am already looking to improve latency for gaming but netflix is my other dirty secret. I started with OpenWrt for accessing hotspots while I stay away from home for days at a time, there are still some issues to iron out but I already though of needing two routers (one for AC and one for N radios). My next two sub projects are implementing a VPN and then SQM or vice versa.
One of the TP link routers I own has a single tick box to enable IP6 so I figured it was going to be an easy thing!!
I have already got a two additional routers for "messing around with" as my learning improves, I am only just getting into scripts.
How would I know if my ISP (BT) uses IP6 on their hotspots?
I know they use 100. subnets and I have read that this is CGNAT which I will not pretend to understand.
I also want to know if it is possible to do it the other way around, to disable IP4, but one thing at a time!
Getting IPv6 from my ISP isn't yet an option, and they're not a obscure company, or serving an ignorant market. But I don't just use my tablet at home. So is there a security risk? Does it open up a weakness to have both active? How many bits of public wifi use it?
I don't feel threatened by having it available. And I am beginning to wonder if I should stick with this ISP.
For example T-Mobile has tens of millions of customers on their mobile network in the US, and they operate IPv6 ONLY (they use a NAT64 solution to map the entire IPv4 internet into a small corner of their IPv6 address space)
First I checked and the router and my Win10 computer are both connected to each other with IPv4 and 6.
So I tested disable all IPv6 server settings in all internal interfaces on the router.
Powered off everything in the network and then Power on everything. Ok, to be exact I only disabled the network device in Win10 and powered down the rest of the network to reset all the DHCP leases.
After that Win10 or any other device doesn’t even look at IPv6 and the router gives no IPv6 leases or connections.
And Win10 still has IPv6 activated, it just doesn’t use it when I turned off the server.
I believe some tweaking of this like remove the firewall rules for IPv6 and wan6 zone.
Then I don’t see any scientific chance for a IPv6 connection to appear to the router.
But do not confuse this with the ULA IPv6 address every device has, this is not a connection, it appears more like a “this is my name” address in every device/router interface?
I don’t believe a complete removal of the IPv6 function with a custom image build is really necessary to disable the function.
I found it easier just to have the VPN in the smartphone and tablet connected to the router at home, it works everywhere (N or AC doesn’t matter). No matter if I surf from a hotel, airport, bus, airplane, taxi or whatever I always surf from home with adblocker in the router removing the commercials.
I guess the simplest way in a smartphone is to check the connection information in the network settings if you have a IPv4 or IPv6 or both from the hotspot.
I'd like a checklist as well, mainly to ensure that by partially disabling IPv6 I'm not leaving the kimono open on any remaining non-disabled parts.
My ISP doesn't do dual stack - they do v4 only or ds-lite; ds-lite requires using dhcpv6 and nd-relay for every single device that's meant to go on the internet ... or having me setup 6-6 nats. Since getting ipv6 requires losing incoming ipv4 which I need to access my home network and some services I use, I stick to ipv4 only for now, by having sysctls off.
On my own internal network, i have some devices that are not ipv6 compatible (iot) which would require me to run dual stack for years to come, so I choose to simplify by running v4 only.
To the best of my knowledge, I'm not missing out on anything by having a single public rarely changing ipv4 and not using ipv6 on my router.
Does anyone know of a good 6to4 / 4to6 nat?
Is anyone running tayga or similar?