<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Craig,<br>
<p>Alas Shaw continued with their foot dragging and business support
staff who were completely out of their element with IPv6.</p>
<p>Here is my static ip WAN interfact status that clearly show IPv6:<br>
</p>
<dl class="dl-horizontal">
<dt>IPv4 Address</dt>
<dd>184.71.17.82 <i class="fa fa-"></i></dd>
<dt>Subnet mask IPv4</dt>
<dd>255.255.255.252 <i class="fa fa-"></i></dd>
<dt>Gateway IPv4</dt>
<dd>184.71.17.81 <i class="fa fa-"></i></dd>
<dt>IPv6 Link Local</dt>
<dd>fe80::208:a2ff:fe0d:47dc%igb0 <i class="fa fa-"></i></dd>
<dt>IPv6 Address</dt>
<dd>2604:3d08:0:1b:e942:b77e:de6e:1e8d <i class="fa fa-"></i></dd>
<dt>Subnet mask IPv6</dt>
<dd>128 <i class="fa fa-"></i></dd>
<dt>Gateway IPv6</dt>
<dd> fe80::201:5cff:feab:4e45%igb0 <i class="fa fa-"></i></dd>
<dt>DNS servers</dt>
<dd>2001:4e8:0:400b::13 <i class="fa fa-"></i></dd>
<dt><br>
</dt>
<dd>2001:4e8:0:4008::6 </dd>
</dl>
<p>Dragged out an old WRT54GSv2 with 8mb flash & 32mb ram. Was
using DD-WRT, but reflashed with OpenWRT V22.03.2.</p>
<p>Idea was to use an open port on my Shaw modem to only pass IPv6
to a isolated IPv6 only experimental/learning LAN. Not happening.</p>
<p>This morning went with a Hurricane Electric tunnel across my Shaw
IPv4, and now have a /48 IPv6 network with an old laptop using
Fedora 36 with its firewall tightened down.</p>
<p>Now what? Got all this modern network but not sure what to play
with next? IPv6 firewalling? Secure webserving? Maybe a IPv6
Matrix Synapse server on FreeBSD Pi3? ???<br>
</p>
<p>---------------------------------------------------------------------------------------<br>
Sounds like the block is at Shaw for any serious IPV6 networking
and usage.</p>
<br>
Been using PFSense going on 20 years, so I can fudge my way around.
Not an expert by a long shot, but can usually get the job done with
some effort on my relatively simple LAN. Run 3 distinct LANs off my
2 PFsense routers from the Shaw modem. Static IPV4 for public
webserver, API, etc. Shaw dynamic IPV4 for internal household.
Modem router did show some sort of IPV6 allocation on the dynamic
side, but I have bypassed the Shaw router to go straight through
into my low powered PFsense router for our personal house LAN after
constantly wrestling with the Shaw router. Shaw tech said that was
his preferred way for small business networks.<br>
<br>
Used OpenWRT in many years past, but it is only on one of my old
Linksys 54G AP points and is very out of date.<br>
<br>
My starting goal was to just dabble on non-critical infrastructure
to learn and be prepared when I need to more fully move to IPV6.
Powers to be seem to be making that an almost impossible task with
no support.<br>
<br>
One option might be is to set up another experimental LAN that is
IPV6 only off the Shaw modem router. Not sure if that would even be
feasible with my current configuration, but will review. I also
have a spare PFsense router that was intended to be a fall-over
router, but is not being used. Pretty sure I have another 54G w/
OpenWRT laying around that sounds like I might be better to start
with as long as its updated and can support IPV6.<br>
<br>
Have a good Sunday,<br>
<br>
Peter Sprague MSc.<br>
GeoVision Environmental Informatics<br>
<a class="moz-txt-link-abbreviated" href="mailto:peter.sprague@geovisionenvironmental.ca">peter.sprague@geovisionenvironmental.ca</a><br>
250-412-3444 Victoria<br>
<br>
On 2022-12-11 12:13, Craig Miller wrote:<br>
<blockquote type="cite">Hi Peter,<br>
<br>
I have a couple of comments. I am sorry to hear you didn't have
much success getting IPv6 to work with pfsense. pfsense is not for
beginners, and IPv6 really is a different protocol, and we
shouldn't assume it works just like IPv4, because it doesn't. I
have heard that pfsense has issues with doing prefix delegation
downstream (to any other routers you may have on your network).<br>
<br>
Shaw is basically worthless when it comes to IPv6. They only
support it on their top-tier service, and even then they only give
the customer a single /64, which is not in accordance with best
practices (BCOP 690). I look forward to the Rogers guys taking
over, as they have been doing IPv6 well for years now in Ontario.<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.ripe.net/publications/docs/ripe-690">https://www.ripe.net/publications/docs/ripe-690</a><br>
<br>
Telus is "better" in that they will give you a /56, but they don't
give you a static prefix, which means you will get a different /56
every time you connect (also doesn't follow BCOP 690).<br>
<br>
I can't speak to pfsense, but if you would like to see OpenWrt in
action (the defaults work great for IPv6), please consider coming
to one of our VicPiMakers meetings where I have an OpenWrt router
doing a wireguard VPN tunneling IPv6 back to my DMZ at my house. I
will be happy to talk to you about IPv6 and OpenWrt.<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.makikiweb.com/ipv6/wireguard_on_openwrt.html">http://www.makikiweb.com/ipv6/wireguard_on_openwrt.html</a><br>
<br>
warm regards,<br>
<br>
Craig...<br>
<br>
On 12/9/22 16:26, Peter Sprague wrote:<br>
<blockquote type="cite">Maybe we need a revisit of IPV6 in our
regional context so that we can be more current, and possibly
effective in our pursuit?<br>
<br>
I have tried dabbling across the great divide with my Pfsense
firewalls and a couple of servers but stopped after trying to
get information from the Shaw techs. I apparently have some
form of IPV6 allocation available according to my modem, but the
techs have no idea what I actual have available or how to use
it. Pretty sure I can run dual IPV4/6 networks with my PFsense
routers. Just seemed like an ever enlarging bottomless rabbit
hole with no positive outcomes/solutions beyond losing weeks of
free-time from my life. That's were it got left.<br>
<br>
Trying to be a responsible citizen, but the trail just doesn't
seem to exist unless one is quite conversant in IPV6. Opted to
spend time learning how to build Stratum 1 time servers for my
LAN and ham radio use, way more fun.<br>
<br>
Peter Sprague MSc.<br>
GeoVision Environmental Informatics<br>
<a class="moz-txt-link-abbreviated" href="mailto:peter.sprague@geovisionenvironmental.ca">peter.sprague@geovisionenvironmental.ca</a><br>
250-412-3444 Victoria<br>
<br>
On 2022-12-09 15:59, Craig Miller wrote:<br>
<blockquote type="cite">Thanks Mark,<br>
<br>
I have had to give my response some thought. My first response
is kind of snarky, and goes like this:<br>
<br>
"Wow, a guy who 10 years after world IPv6 launch day, decides
to configure one machine for IPv6, and discovers that others
also have been slow to enable IPv6"<br>
<br>
But a kinder response, would be:<br>
<br>
Yes, there are many services which do not yet support native
IPv6. And therefore it is best practice to use a transition
mechanism such as DNS64/NAT64 so that IPv6 machines can
communicate with IPv4-only machines. There are even public
DNS64 and NAT64 services, so that you don't have to implement
them yourself, if you don't mind sending your traffic through
them.<br>
<br>
More people should consider enabling IPv6 on their servers and
home networks so when "9dev" tries his experiment again in
another 10 years, there will be more for him to see online
</snark><br>
<br>
My 2 cents,<br>
<br>
Craig....<br>
<br>
<br>
On 12/7/22 09:47, Mark G. wrote:<br>
<blockquote type="cite">Hi Everybody,<br>
<br>
Since we are all familiar with IPv6, I thought this<br>
discussion on Hacker News might interest some of<br>
us.<br>
<br>
<a class="moz-txt-link-freetext" href="https://news.ycombinator.com/item?id=33894933">https://news.ycombinator.com/item?id=33894933</a><br>
<br>
Some highly charged opinions abound.<br>
<br>
Here's the preamble:<br>
<br>
"Our Hosting provider, Hetzner, has recently started
charging for public IPv4 addresses - as they should! Those
numbers started getting expensive. This prompted me to try
and set up a new server cluster using IPv6 exclusively, and
see how far I could get before having to give in and
purchase an additional v4 address.<br>
<br>
The experiment ended much sooner than I had anticipated.
Some of the road blocks I hit along the way:<br>
<br>
- The GitHub API and its code load endpoints are not
reachable via IPv6, making it impossible to download release
artefacts from many projects, lots of which distribute their
software via GitHub exclusively (Prometheus for instance).<br>
- The default Ubuntu key servers aren't reachable via
IPv6, making it difficult to install packages from
third-party registries, such as Docker or Grafana. While
debugging, I noticed huge swaths of the GPG infrastructure
are defunct: There aren't many key servers left at all, and
the only one I found actually working via IPv6 was
pgpkeys.eu.<br>
- BitBucket cannot deploy to IPv6 hosts, as pipelines
don't support IPv6 at all. You can self-host a pipeline
runner and connect to it via v6, BUT it needs to have a dual
stack - otherwise the runner won't start.<br>
- Hetzner itself doesn't even provide their own API via
IPv6 (which we talk to for in-cluster service discovery. Oh,
the irony.<br>
<br>
It seems IPv6 is still not viable, more than a decade after
launch. Do you use it in production? If so, how? What issues
did you hit?"<br>
<br>
<br>
</blockquote>
</blockquote>
<br>
</blockquote>
</blockquote>
</body>
</html>