<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 3, 2014 at 10:42 AM, Rick Troth <span dir="ltr"><<a href="mailto:rmt@casita.net" target="_blank">rmt@casita.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">[snip]</div></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">Still have a lot to learn about dynamic IPv6. The router seems to be
handing out (semi?) random addresses (first 48 bits being consistent
and the following 16 bits being per-interface, as noted). All of
them get out and are properly end-to-end visible. For "client"
systems (laptop, desktop, tablet, phone), some consumers will
appreciate the variations. (The world still thinks there is security
in obscurity.) But for "server" systems, I gotta figure out how to
nail down the assignments. Can't get away from the brokered tunnel
until I can set server addrs permanently. <br><span class=""><font color="#888888">
<br>
-- R; <><<br></font></span></div></blockquote><div><br></div><div>I've been playing with the 6rd addresses that CenturyLink hands out that have the same dynamic problem. Some resources I found that might be helpful:</div><div><br></div><div>At <a href="http://blog.dupondje.be/?p=17">http://blog.dupondje.be/?p=17</a> I found the ip6tables syntax so that you don't have to change your firewall rules on the router when the prefix changes (also works on my Asus router with merlin firmware):</div><div><br></div><div>ip6tables -I INPUT -d ::a3a3:beff:fe89:93af/::ffff:ffff:ffff:ffff -j ACCEPT<br></div><div><br></div><div>Hurricane Electric provides free Dynamic DNS that allows for Dynamic A and AAAA records (unfortunately my normal DDNS provider doesn't support dynamic AAAA):</div><div><br></div><div><a href="https://dns.he.net/">https://dns.he.net/</a><br></div><div><br></div><div>I haven't decided what mechanism to us to update the AAAA records yet, but found this script that helps out with the IPv6 "Privacy Extensions" causing the wrong address to be used to do the update via curl:</div><div><br></div><div><a href="http://askubuntu.com/questions/48735/make-curl-download-using-non-privacy-extension-ipv6-address">http://askubuntu.com/questions/48735/make-curl-download-using-non-privacy-extension-ipv6-address</a><br></div><div><br></div></div><div><br></div>-- <br>William Hooper
</div></div>