mirror of
				https://github.com/mikaela/mikaela.github.io/
				synced 2025-10-26 12:07:29 +01:00 
			
		
		
		
	
		
			
				
	
	
		
			215 lines
		
	
	
		
			9.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			215 lines
		
	
	
		
			9.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | ||
| layout: post
 | ||
| comments: true
 | ||
| title: "IPv6"
 | ||
| category: [english]
 | ||
| tags: [english, IPv6]
 | ||
| redirect_from:
 | ||
|   - /ipv6/
 | ||
|   - /IPv6/
 | ||
|   - /english/2015/06/22/ipv6.html
 | ||
| lang: en
 | ||
| robots: noai
 | ||
| ---
 | ||
| 
 | ||
| _There appears to be a lot of confusion on IPv6 and in this post I try to clear
 | ||
| it a little._
 | ||
| 
 | ||
| I am writing this post, because
 | ||
| [TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
 | ||
| The comments of that post are also totally lost.
 | ||
| 
 | ||
| <!-- editorconfig-checker-disable -->
 | ||
| <!-- prettier-ignore-start -->
 | ||
| 
 | ||
| <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 | ||
| <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 | ||
| <em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>
 | ||
| 
 | ||
| - [IPv4](#ipv4)
 | ||
| - [IPv6](#ipv6)
 | ||
|   - [EUI-64-addresses](#eui-64-addresses)
 | ||
|     - [Windows IPv6 address randomization](#windows-ipv6-address-randomization)
 | ||
|       - [Disabling privacy extensions](#disabling-privacy-extensions)
 | ||
|   - [Getting IPv6](#getting-ipv6)
 | ||
| - [Further reading](#further-reading)
 | ||
| 
 | ||
| <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 | ||
| 
 | ||
| <!-- prettier-ignore-end -->
 | ||
| <!-- editorconfig-checker-enable -->
 | ||
| 
 | ||
| ## IPv4
 | ||
| 
 | ||
| It's probably best to start with what is wrong with IPv4 and note that all
 | ||
| modern operating systems (including Windows Vista and newer) are designed to
 | ||
| work with IPv6 and disabling it may break some features.
 | ||
| 
 | ||
| There are no IPv4 addresses for everyone and that is why we have NATs in routers
 | ||
| so we only have one IPv4 address facing the internet. That isn't enough either
 | ||
| so ISPs started having their own NATs too known as CGN (Carrier Grade NAT)
 | ||
| putting _a lot_ of customers behind single IPv4 address.
 | ||
| 
 | ||
| This means that if someone on the same ISP abused your favourite service X\*,
 | ||
| all users behind that IPv4 address get banned.
 | ||
| 
 | ||
| <em>\*X = Wikipedia, your favourite forum or IRC network or whatever</em>.
 | ||
| 
 | ||
| CGN can also cause issues with online gaming (as everyone appears to be
 | ||
| connecting from single address and it can also increase latencies).
 | ||
| 
 | ||
| ## IPv6
 | ||
| 
 | ||
| IPv6, again, is next version of the Internet Protocol and has enough addresses
 | ||
| for all your devices and you don't need NAT anymore so you don't have to do port
 | ||
| forwards (which didn't help you behind CGN anyway) anymore.
 | ||
| 
 | ||
| People have weird worries with it and many misunderstandings on privacy
 | ||
| concerns.
 | ||
| 
 | ||
| ### EUI-64-addresses
 | ||
| 
 | ||
| EUI-64-addresses are based on your MAC-address and a lot of people seem to be
 | ||
| worried about how they can be used for spying on you as you go through different
 | ||
| networks (phone, laptop).
 | ||
| 
 | ||
| This is an unrequired concern though as IPv6 privacy extensions should exist
 | ||
| with all IPv6 capable systems (again including Windows which seems to be what
 | ||
| people worry about the most). The privacy extensions generate a random IPv6
 | ||
| address which has no MAC-address and is changed over time.
 | ||
| 
 | ||
| Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change it
 | ||
| every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`) and I
 | ||
| believe it also gets changed by reconnecting to network or rebooting the system.
 | ||
| 
 | ||
| On your IPv6-enabled system you should see three addresses:
 | ||
| 
 | ||
| - EUI-64-address where you see your MAC-address clearly, it just exists and
 | ||
|   isn't used in outgoing connections so no one knows it unless you decide to
 | ||
|   tell them.
 | ||
| - Privacy (extensions) address which is random and used for all outgoing
 | ||
|   connections and it changes every few hours. You might see multiple of these as
 | ||
|   the old privacy addresses are still kept for some time, but no outgoing
 | ||
|   connections is made with them.
 | ||
| - Link-local address you see even without global IPv6 connectivity as every
 | ||
|   IPv6-supporting system generates them automatically. They start with `fe80`
 | ||
|   and only work in your LAN. It also has your MAC-address visible.
 | ||
| 
 | ||
| If you are still worried about the MAC-address being visible, you can easily
 | ||
| confirm that no one sees it by going to [ipv6-test.com](https://ipv6-test.com),
 | ||
| looking at "IPv6 connectivity" and check the test that says "SLAAC". If it says
 | ||
| "No" your EUI-64-address is not used, if it says "Yes" they are used and it
 | ||
| should never say "Yes". You will probably understand that it's not supposed to
 | ||
| say "Yes" as getting "Yes" in that test decreases your score.
 | ||
| 
 | ||
| #### Windows IPv6 address randomization
 | ||
| 
 | ||
| Windows which you shouldn't worry about makes you worry even less by being
 | ||
| annoying and randomizing all addresses (even if there is no need because you
 | ||
| have IPv6 privacy extensions) and this probably causes you a headache if you are
 | ||
| running Windows Server or dual-booting with some other OS.
 | ||
| 
 | ||
| When you dual-boot, you might wonder why even the EUI-64-address is different on
 | ||
| Windows and Linux/OS X/whatever.
 | ||
| 
 | ||
| This is easy to fix though, open cmd.exe or PowerShell as admin and run:
 | ||
| 
 | ||
| ```
 | ||
| netsh interface ipv6 set global randomizeidentifiers=disabled store=active
 | ||
| netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
 | ||
| ```
 | ||
| 
 | ||
| ##### Disabling privacy extensions
 | ||
| 
 | ||
| **YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE MOVED
 | ||
| ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE DOES SEE YOUR
 | ||
| MAC-ADDRESS.**
 | ||
| 
 | ||
| As I am talking so much about privacy extensions, I must probably tell that you
 | ||
| can disable them if you want. I have no idea if that is possible with OS X so I
 | ||
| don't say anything about it, I only know that it uses them by default.
 | ||
| 
 | ||
| Windows: start by disabling the randomization and then
 | ||
| 
 | ||
| ```
 | ||
| netsh interface ipv6 set privacy state=disabled store=active
 | ||
| netsh interface ipv6 set privacy state=disabled store=persistent
 | ||
| ```
 | ||
| 
 | ||
| Linux: check NetworkManager connection editor (or config files of whatever you
 | ||
| use) or use the kernel option directly in `/etc/sysctl.conf` or preferably
 | ||
| `/etc/sysctl.d/<whatever>.conf`: `net.ipv6.conf.default.use_tempaddr=0`.
 | ||
| 
 | ||
| The numbers you can use here are:
 | ||
| 
 | ||
| - 0 — IPv6 Privacy Extensions are disabled.
 | ||
| - 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is preferred.**
 | ||
| - 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually the
 | ||
|   default and what you should use.
 | ||
| 
 | ||
| ### Getting IPv6
 | ||
| 
 | ||
| For native connectivity I only know about Finland (links in the list in
 | ||
| Finnish)…
 | ||
| 
 | ||
| - [IPv6 in Finnish consumer connections](https://ape3000.com/ipv6/)
 | ||
|   - At the time of writing Elisa and DNA which are two of three biggest carriers
 | ||
|     (Sonera is missing) have IPv6 in all mobile connections, DNA has IPv6 also
 | ||
|     in broadband connections and Elisa is working on it and Sonera has 6rd.
 | ||
| - [Elisa's page on enabling IPv6](https://asiakastuki.elisa.fi/ohje/541)
 | ||
| - [DNA's page on IPv6](https://www.dna.fi/ipv6)
 | ||
|   - [DNA's instructions for enabling IPv6 on different devices](https://www.dna.fi/ipv6-laitteet)
 | ||
| - [Sonera's page on IPv6 that is worse than earlier ones](https://www.sonera.fi/etsi+apua+ja+tukea/ohjeet/Soneran-palvelut-IPv6-valmiita?id=c4779f91-dd1c-4e43-b026-b2e6338d0db1)
 | ||
| 
 | ||
| …but I can suggest searching the web for `yourISP IPv6` and contacting their
 | ||
| customer support asking when they are going to enable IPv6.
 | ||
| 
 | ||
| For tunneling there are multiple services for tunneling and the best are [SixXS]
 | ||
| and [Tunnelbroker], but I am going to talk more about Teredo which the protocol
 | ||
| of last resort for accessing IPv6 sites and Windows comeswith it by default. The
 | ||
| easiest way to enable it is probably saving the following as `something.reg` and
 | ||
| running it:
 | ||
| 
 | ||
| [sixxs]: https://www.sixxs.net/
 | ||
| [tunnelbroker]: https://tunnelbroker.net/
 | ||
| 
 | ||
| ```
 | ||
| Windows Registry Editor Version 5.00
 | ||
| 
 | ||
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
 | ||
| "AddrConfigControl"=dword:00000000
 | ||
| 
 | ||
| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
 | ||
| "Teredo_DefaultQualified"="Enabled"
 | ||
| "Teredo_State"="Enterprise Client"
 | ||
| "Teredo_ServerName"="teredo.trex.fi"
 | ||
| ```
 | ||
| 
 | ||
| Short explanation:
 | ||
| 
 | ||
| - Enable looking up IPv6 records even with Teredo
 | ||
| - Enable Teredo…
 | ||
| - …even if we are in domain
 | ||
| - use teredo.trex.fi as Teredo server, you might want to use some server that is
 | ||
|   [closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
 | ||
| 
 | ||
| Linux: install package `miredo` and edit the server in `/etc/miredo.conf` if
 | ||
| needed.
 | ||
| 
 | ||
| And then check [ipv6-test.com](https://ipv6-test.com) and it should detect your
 | ||
| Teredo connectivity. Some browsers don't even attempt to use it, at least I
 | ||
| think Google Chrome did so.
 | ||
| 
 | ||
| ## Further reading
 | ||
| 
 | ||
| - [Wikipedia's page on IPv6](https://en.wikipedia.org/wiki/IPv6)
 | ||
| - [Wikipedia's page on Teredo](https://en.wikipedia.org/wiki/Teredo_tunneling)
 | ||
| - [Microsoft Technet: A 5 Second Boot Optimization If You’ve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF](https://blogs.technet.com/b/askpfeplat/archive/2014/09/15/a-5-second-boot-optimization-if-you-ve-disabled-ipv6-on-windows-client-and-server-by-setting-disabledcomponents-to-0xffffffff.aspx)
 | ||
|   - TL;DR: depending on how you disabled IPv6 your boot might be 5 seconds less
 | ||
|     and Microsoft discourages disabling it and they don't test working without
 | ||
|     IPv6. Disabling IPv6 breaks e.g. HomeGroup.
 | ||
| 
 | ||
| _Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking
 | ||
| that I don't write total nonsense here and all the fixes made and also @e-ali
 | ||
| for checking for spelling mistakes._
 |