Screw IPv6 2019-12-29
For the last few days I have been screwing with IPv6 at home, and at my datacenter location (someone else's home). Our ISP offers native IPv6 and I have just been avoiding it because (1) I didn't feel like rewriting any of my firewall scripts to use ip6tables and (2) I didn't feel like there was any reason to care. Lately I found myself thinking that it might be nice to use IPv6 to connect to the machines at my other location because I have a dynamic IP address at home and was thinking that the native IPv6 I could get for free was perhaps static. Turns out it is. Well, you get a /56 that stays the same when you disconnect and reconnect.
I fiddled with just modifying the basic masq'ing script I setup as a router but it was not cooperating. None of my cheapass old router devices supported IPv6, not even the dd-wrt ones. Then I read somewhere that OpenWRT has good IPv6 support. I had an old Meraki MR12 lying around that had OpenWRT on it, but I bricked it. I ended up snagging a TP-Link Archer C7 for $20 and the install went totally crappy. I was able to debrick it with a TFTP upload and found that I like the interface. The LuCI web interface is pretty basic (which I like) and it is just a router. No torrent client, no PVR, no crap I don't need, just traffic management.
The good news is that simply setting up the PPPoE connection was enough for it to grab up the /56 and start serving it up to the local clients. I could easily ssh to my DNS servers, and basic IPv6 connectivity was working fine. The bad news is that it didn't go so well when I tried it at my other location. Rather than buying a piece of hardware to run it on I just setup a laptop with Virtualbox and made an OpenWRT virtual machine. Oh you THINK the fact that it is a crappy VM is the problem, but it isn't. I setup the interfaces and IPv6 worked right away. I setup all the port forwarding and that seemed okay too. However, when I got home I couldn't ssh to the new IPv6 addresses. I also couldn't use all the old IPv4 tunnels I had setup. All kinds of connections in to the new network were not working. After way too much screwing around I seem to have discovered that although OpenWRT lets me setup the port forwarding it doesn't necessarily allow the traffic by creating a rule. It also allows IPv6 ICMP traffic, (and a few other necessary traffic types) but not actual TCP/UDP communications. So I had to start making rules to allow traffic that should have been created by the port forwarding in the first place (or should have been part of basic IPv6 routing).
The big concern I had about IPv6 was that suddenly machines that were hidden away behind NAT would be accessible directly. Any services they may be hosting would suddenly be exposed to the wankers at large. Turns out the most annoying thing is finding a gateway device that works that way. Ultimately I think I'd be better off just working on my own dynamic DNS for personal use and moving on with the world of IPv4. In my digital travels during this experience I came across this article about the pain that is IPv6 and some of the reasons it isn't really getting any traction. Frankly, if a popular organization (I'm looking at you bunch of assholes Google) were to offer significant advantges to IPv6 traffic or decent services that are IPv6-only, then I am sure lots of losers would jump aboard the IPv6 wanker train. Those losers would then start making their own IPv6-centric services and at some point, critical mass would push the monkeys over the IPv6 hurdle. Let's hope it doesn't happen in my lifetime.
Don't get me wrong, I am sure that part of the problem is my shitty job of deploying IPv6... but there is no way it should be that much of a pain in the ass to setup simple publicly accessible services over IPv6. A significant improvement over IPv4 is supposed to be the lack of having to use port forwarding in order to participate in this flat peer-to-peer-based network. Well, I am back on IPv4 only now and disappointed but functional.