From 9018e76c45d8ca3dab9ac9625ebc220c92affc80 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Mon, 22 Jun 2015 09:43:22 +0300 Subject: [PATCH] drafts: continue IPv6 ref: #64 --- _drafts/ipv6.md | 88 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/_drafts/ipv6.md b/_drafts/ipv6.md index 7ae65af..9743cf0 100644 --- a/_drafts/ipv6.md +++ b/_drafts/ipv6.md @@ -14,3 +14,91 @@ redirect_from: I am writing this post, because [TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/) The comments of that post are also totally lost. + +## IPv4 + +It's probably start with what is wrong with IPv4 and note that all modern +operating systems (including Windows 7 and newer) are designed to work with +IPv6 and disabling it may break some features. + +There are no IPv4 addresses for everyone and that is why we have NATs in +routers so we only have one IPv4 address facing the internet. That isn't +enough either so ISPs started having their own NATs too known as CGN +(Carrier Grade NAT) putting *a lot* of customers behind single IPv4 +address. + +This means that if someone on the same ISP abused your favourite service +X\*, all users behind that IPv4 address get banned. + +\*X = Wikipedia, your favourite forum or IRC network or whatever. + +CGN can also cause issues with online gaming (as everyone appears to be +connecting from single address and it can also increase latencies). + +## IPv6 + +IPv6 again is next version of the Internet Protocol and has enough +addresses for all your devices and you don't need NAT anymore so you don't +have to do port forwards (which didn't help you behing CGN anyway) anymore. + +People have weird worries with it and many misunderstandings on privacy +concerns. + +### SLAAC-addresses + +SLAAC-addresses are based on your MAC-address and a lot of people seem to +be worried about how they can be used for spying you across the network. + +This is unrequired concern though as IPv6 privacy extensions should exist +with all IPv6 capable systems (again including Windows which seems to be +what people worry about the most). The privacy extensions generate random +IPv6 address which has no MAC-address and is changed every few hours. + +On your IPv6-enabled system you should see three addresses: + +* SLAAC-address where you see your MAC-address clearly, it just exists and + isn't used in outgoing connections so no one knows it unless you decide + to tell them. +* Privacy (extensions) address which is random and used for all outgoing + connections and it changes every few hours. You might see multiple of + these as the old privacy addresses are still kept for some time, but no + outgoing connections is made with them. +* Link-local address you see even without global IPv6 connectivity as every + IPv6-supporting system generates them automatically. They start with + `fe80` and only work in your LAN. It also has your MAC-address visible. + +If you are still worried about the MAC-address being visible, you can +easily confirm that no one sees it by going to +[ipv6-test.com](http://ipv6-test.com), looking at "IPv6 connectivity" and +check the teset that says "SLAAC". If it says "No" your SLAAC-address +is not used, if it says "Yes" they are used and it should never say "Yes". +It probably tells you something that the test decreases points of your +IPv6 connectivity if you do use SLAAC address. + +#### Windows IPv6 address randomization + +Windows which you shouldn't worry about makes you worry even less by being +annoying and randomizing all addresses (even if there is no need because +you have IPv6 privacy extensions) and this probably causes you headache +if you are running Windows Server or dual-booting with some other OS. + +When you dual-boot, you might wonder why even the SLAAC-address is +different on Windows and Linux/OS X/whatever. + +This is easy to fix though, open cmd.exe or PowerShell as admin and run: + +``` +netsh interface ipv6 set global randomizeidentifiers=disabled store=active +netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent +``` + +##### Disabling privacy extensions + +**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS SERVER AND SHOULDN'T EVER +MOVE ANYWHERE. BY DOING THIS THE SLAAC-ADDRESS GETS USED AND EVERYONE DOES +SEE YOUR MAC-ADDRESS.** + +As I am talking so much about privacy extensions, I must probably tell +that you can disable them if you want. I have no idea if that is possible +with OS X so I don't say anything about it, I only know that it uses them +by default.