[colug-432] IPv6: 20 years old, 10% deployed

Rob Funk rfunk at funknet.net
Mon Jan 4 13:06:52 EST 2016


Rick Troth wrote:
> On 01/04/2016 11:22 AM, Rob Funk wrote:
> > As I recall, one of the ipv6 tunnel services has a page listing some
> > things that are accessible only by ipv6, but they're all pretty
> > gimmicky and none of them have any technical reason not to exist on
> > ipv4. So I can see why such a list wouldn't be persuasive.
> 
> Perhaps this one?
> 
>         https://www.sixxs.net/misc/coolstuff/

Yes, that's the one.

> Sure, but what I don't get is how an IPv6 tunnel is any more of a pain
> than VPN.
> I've found the latter to be way more trouble. (Compared to 'aiccu' for
> SixXS. I completely agree that HE tunnels are a pain because ya gotta
> re-do them manually every time you land on a new IPv4 lease.)
> 
> I use IPv6 in lieu of VPN where possible. (Sadly not always "possible".)

That sounds dangerous. Unless you're using IPsec, an ipv6 tunnel
doesn't give you the privacy advantages of a VPN. Someone can sniff
your ipv4 traffic and see all your ipv6 traffic.

> > Any chance it's just the kernel doing the ipv6 address privacy thing
> > that I ran into earlier in this thread?
> 
> I suspect that's it (or a similar trick done in a different layer) but
> haven't found the knob to turn to switch that off.

*If* it's the same thing, the knob would be these sysctls:
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.eth0.use_tempaddr = 0

http://www.ipsidixit.net/2012/08/09/ipv6-temporary-addresses-and-privacy-extensions/


More information about the colug-432 mailing list