IPv6 and 6in4

[tehhellhound 8]

Right now, I am stuck with the choice of connecting to IPv6 clients and servers or being secured behind a VPN. Would be nice to see IPv6 servers. Maybe more universal and helpful for other users might be to implement IPv6 access via internal tunnel to some of your existing IPv4 servers(then port forwarding could work for v4 and v6 address). At least then all users traffic would be encrypted and use a trusted tunnel that doesn't use another external network. Think about it. It's 2015 and VPN providers need to face that fact. Pretty soon, new hosts will only be on IPv6 due to IPv4 exhaustion. You guys aren't the only service ignoring IPv6 necessity(most are sticking their head in the sand) but are one of the best providers otherwise.

[me.moo@posteo.me 80]

How do you know that AirVPN and all the other VPN providers are not thinking about it and/or have their heads in the sand?

 

Why do you think that none of them do provide what you are asking for already?

 

They must all be Thick as ... or what?

 

Try reading up about why IPV6 is not privacy friendly and find out for yourself why the problem is what it is.....

[tehhellhound 8]

I am well aware of the privacy issues of IPv6, most of which can be mitigated. The resulting IP does not have to be tied to a MAC address(for example of a big concern for many), which is unfortunately very default behavior. VPN interacts with your system like sort of a remote NAT box on the other side of an encrypted tunnel. Nothing says that this NAT by nature(necessary to hide your IP) can't be applied to IPv6. It just isn't common practice. But common is never necessarily best for a particular purpose, ours being privacy. Not saying all VPN providers have their head in the sand(seen a couple with IPv6 but none that have been proven trustworthy to me). But most do. You don't see any discussion of plans to support it from most providers even when clients ask. Sometimes, they will give a very vague reply like we may look into it in the future. ISPs were shouting their progress in supporting it from the rooftops, even with less than 1% of their footprint having buggy experimental support. If a VPN provider is nearing it, they should be shouting from the rooftops. It would be a good feature to shout to differentiate themselves from others.

[me.moo@posteo.me 80]

If you are aware then fine, I simply asked how do you know...why do you think.... You seem to have all the answers so it should be full steam ahead

[tehhellhound 8]

Should be full steam ahead for many services. Big hosts like Microsoft, Facebook, Google, and many server hosts got a good start. But most of the world has been behind the curve of the pace that is needed(the pace to ensure smooth transition with the IPv4 address exhaustion). Heck, in Germany and the UK, ISPs got far enough behind that curve to have to implement a dreadful solution known as CG-NAT. I figure VPN providers are a good next step. Likely, at least some of their hosts are giving IPv6 address space. What would be left is figuring out a smooth transition on the software side, which is better done in pilot tests(which users can opt to help test) sooner(before absolutely needed) than later(when everyone is scrambling). Am I not making sense? This is the suggestion forum and AirVPN has already implemented plenty of features(like port forwarding, dynamic primes for keys). This seems like the next must have feature for many soon.

[me.moo@posteo.me 80]

Am I not making sense?

 

Not really, as in you haven't said anything I haven't heard or read before and I am more than sure those concerned are far more aware of stuff than I am.

 

I am merely pointing out the obvious - the experts who run Air and other such services are probably very aware of all you have mentioned. If they wish to comment then good, if not, tough. When something is sorted I am sure we will hear.

[zhang888 1065]

People who are involved in ISP industry are hearing about IPv6 for at least a decade.

So far CG-NAT solved most of these issues, and it's actually great for your anonymity,

because it will offer additional mixing layer before you enter the first VPN hop.

 

Microsoft, Facebook, Google are not a good example, for many reasons.

First,  those are exactly the companies who will serve all your data to any international

government agency upon first request. Those are the companies we protect ourseleves

from - by using VPNs.

Second, they cannot be "behind" the latest technology so they will do the most to keep

up with the upcoming trends. But even their services are not fully accessible using IPv6 only.

 

Which brings the next topic, how many services are available in IPv6 only today?

I tried to come up with something but all I could find are some IPv6-ready test sites.

 

So, just like everything on the internet, if it's not fully adopted yet, there is no reason to jump

on this ship before you learned the side-effects. I am sure most VPN providers share these thoughts.

[tehhellhound 8]

Most of the major companies you mentioned are IPV6 ready and use IPV6 when given a native connection (IPV4 gets priority over a tunnel in most OS if a site has both an A and AAAA record). Most server hosts that I use will give me address space free of charge. My post is about new companies as they come online. Right now, some hosts will charge a nominal $2 per IPV4 address while giving IPV6 ones free of charge. Add in now all but 1 Internet registrar being out of addresses and here we are now.

 

Now on to my issue with CG-NAT. It simply breaks some applications. Some games, VoIP, ftp, any server including home remote controls, and file sharing come immediately to mind. Now AirVPN at least lets you forward some ports to get some of these things working, though I would still not game(for example) behind them unless I absolutely had to (due to blocked ports or dead routing). Thing is the VPN gives you a choice on what to send behind it. If it breaks something and there is no privacy issue, forward to default gateway. Can't do that with CG-NAT. Besides your statement is false. You can be traced by source port behind it and your ISP will be glad as ever to hand over your info.

[zhang888 1065]

Now on to my issue with CG-NAT. It simply breaks some applications. Some games, VoIP, ftp, any server including home remote controls, and file sharing come immediately to mind. Now AirVPN at least lets you forward some ports to get some of these things working, though I would still not game(for example) behind them unless I absolutely had to (due to blocked ports or dead routing).

 

Can you explain what do you mean by blocked ports or dead routing? None of your ports are blocked (except 25) on Air.

If you are talking about incoming low ports <= 2048, please explain how will this negativelly affect your applications.

I'm not a gamer but I am sure that even in 2015 most game servers and services are IPv4 only, with some small exceptions might

be IPv4/IPv6 with defaults to IPv4 as you correctly mentioned.

 

P.S.

Avoid those small ISPs that "are out" of IPv4. This is a lie. I can rent a /24 (254 IPs) with an ASN for about $200 per year.

I agree it's not like in 2010 with prices as low as $100 for /22 ((1000 IPs) This is still nothing for an ISP.

 

Thing is the VPN gives you a choice on what to send behind it. If it breaks something and there is no privacy issue, forward to default gateway.

 

Not sure what you meant there, but if you meant fail-open configuration where the VPN gets disconnected, you can either

use Network Lock or configure your won firewall. There is no reason for it to break unless you have issues on your ISP side.

 

Can't do that with CG-NAT. Besides your statement is false. You can be traced by source port behind it and your ISP will be glad as ever to hand over your info.

 

What kind of "tracing" are you talking about? The fact that you are theoretically assuming it is possible, does not mean it happens in practice. I've been doing various jobs at many carriers which not only do not have the capacity or configuration to log CG-NAT, they sometimes don't log their own internal network.

The amount of connections big ISPs carry through their cores is huge.

The benefit you get here is not anonymity from your ISP, but good pseudonimity from your VPN provider.

If you were talking about anything illegal, CG-NAT and VPNs are not going to solve that.

The 7‎€ monthly you pay them don't even cover the lawyers coffee. You can't have all these benefits with IPv6.

Right now the best option is just using a tunnel broker.

Heard some good feedback on https://ip6.im/get-started.html#getting-started

[tehhellhound 8]

The blocked ports or dead routing were referring to whatever native connection the client was on. Where I had the parentheses meant that would be the only time it would make sense to game over a VPN(well, just thought of geoblocking as another possible reason).

 

With CG-NAT there is no open incoming ports. Not via port forwarding or UPnP. Some apps hate NAT but forwarding can solve the issue 90% of the time. Not an option with CG-NAT. The apps that hate NAT would be what VPN breaks. The option is directing that app to native connection while still tunneling others. At least that is an option.

 

I have native ipv6 on both my connections (mobile and cable) so no tunnel needed. Would appreciate being able to protect my privacy on ipv6 though. Brokers do nothing to do this, thus are useless to me.

 

Please read my posts more carefully. Most of this post was spent clearing up your misunderstandings about when I was talking about Air or CG-NAT. I have no issues with Air, other than needing to block ipv6 lookups on them and bind the interface to keep from leaking. I have kept tunnels connected over a week at a time.

[me.moo@posteo.me 80]

Please read my posts more carefully. Most of this post was spent clearing up your misunderstandings

 

Zhang you are losing your touch obviously, can't read now too

[tehhellhound 8]

Oh and as an aside, it is the big crappy ISPS you must worry about here in the states. If you are fortunate enough to get one of the little guys over building fiber, count yourself very lucky. Due to franchise deals you usually get one cable option and 1 DSL option. Some only have 1 of the 2. Others have practically 1 as most DSL can do close to CO is 6 mbit in many places due to neglected upgrades to the aging infrastructure. Pricing and network policy abuse is rampant. Yes, they sell your data too. Very good reason alone to use a VPN.

[altae 22]

I've also been wondering about this for some time. I know talk about IPV6 has been going on for at least a decade but now we are actually at a spot where it's about to leave class rooms and theory and become reality. IPV6 is the imminent future and it would be wise for services like VPN providers to seriously look into it and develop a solution for offering a working VPN solution that does not leak privacy related info. The moment IPV6 becomes a necessity will be crucial for any VPN provider since privacy sensitive customers will probably look for service providers that are able to protect their privacy no matter if they surfing is done over IPV4 or IPV6.

[tehhellhound 8]

One point that does seem promising is AirVPN's site is IPv6 enabled, though they have been mute on the issue or any progress towards a launch to use it over VPN. It shows my IPv6 IP at the top of the page.