• 0 Posts
  • 133 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • Not a professional networking guy either but here’s my opinion.

    What I would do is use the ISP router as is, open all ports on it (except to itself, hopefully it doesn’t do that…), and put a firewall in between the router and everything else that controls the actual access to everything behind it (in bridge mode between the two network interfaces of the firewall, so you only have the one network).

    Could a potential second router also assign addresses to devices in that globally routable space directly?

    Devices in IPv6 assign addresses themselves via SLAAC, you just need one device advertising the prefix which the ISP router should already do. The firewall should be able to just purely be there for packet filtering. If you need fixed addresses for public facing servers I would just assign them manually to the respective boxes as you likely also need to add them to public DNS manually anyway.







  • Wow, I didn’t know there was so much piracy on Android. At least much more so than on desktop computers (or Windows specifically I guess). Enough to make a dev stop even, not just the usual “oh no a few people are pirating our software that would otherwise not have bought it anyway”. I assumed it would be a relatively small percentage of more experienced users.

    By mid-September, the iA team claimed to have spent five months making 55 updates to its app and privacy policy and was ready to scan its passports and verify its payment accounts.

    Google then requested a CASA Tier 2 assessment. This needed to be done annually, either through an intensive self-directed process or through a corporate partner, like TAC Security or KPMG. By iA’s estimation, the labor and fees to do this would cost “one to two months of revenue” for "a pretty much meaningless scan,” iA suggested in its post.

    This is just absolutely crazy. I feel like Google absolutely had it out for them because why would they make them go through this arduous bullshit process for what seems to be described as a text editor app here.

    But giving up Factorio is a bridge too far.

    Factorio has an ARM port, it runs great on my M2 MacBook. But even if it didn’t, Rosetta works well enough so that x86-only games are playable.





  • The easy way is to just use tunnelbroker.net, that is what I currently have (this would use one of their assigned net blocks, not the one from the VPS). Set it up on the Pi, set up IP forwarding with appropriate firewall rules, make the Pi serve RA so clients can assign themselves an IP, done (IIRC).

    If you want to set up the v6/v4 gateway yourself, I would do this with a /64 you can fully route to your home network like you would get with tunnelbroker.net because then you don’t have to deal with the network split and essentially two gateways for the same network (your Pi and the VPS), because otherwise your clients would assume the VPS is directly reachable since it’s in the same network when in reality it would have to go through the gateway (you would have to set up an extra route in that case on every client, I think). You’d need a second network from Oracle for this.

    But it’s pretty much the same thing I would assume plus the setup on the VPS side, make the VPN route your /64 block (or use 6in4 which is what tunnelbroker.net uses), configure IP forwarding on the Pi and the VPS between the VPN interface and local/WAN respectively.









  • It offers no practical benefit to small networks at the moment.

    The internet is not a “small network”, and I assume your small network is connected to it. You need local IPv6 routing to have access to IPv6-only hosts which are becoming more and more because it’s reasonable in terms of price to get an IPv6 block unlike IPv4 blocks which are being auctioned for tens of thousands of dollars at this point (!!!).

    Also restoring global addressing is a huge benefit. P2P communications in IPv4 has become an insane mess of workarounds due to lack of addresses and this becomes worse the more layers of NAT you stick behind each other to try to save your ass from the rising tide.

    I’m really sick of hearing these idiotic excuses over and over, “it’s hard” this, “it’s unsafe” that, “it’s expensive”, “understanding the eldritch secrets of IPv6 has driven 5 of my colleagues into madness” skill issue. THERE ARE NO MORE IPV4 ADDRESSES. So unless your network is so fucked that you haven’t managed to fix it in 26 years, since IPv6 has been standardized, or it really is just an internal network with no outward facing services where it doesn’t matter when someone who just has IPv6 can’t access it because they wouldn’t be able to access it anyway, and you’re not some kind of ISP, you have no reason not to have support for it at this point and you absolutely never have a reason to tell people it’s not “useful” because that is straight up wrong in the general case even if it might be true for your situation.