# IPv6 in your home

IPv4, IPv6, who cares? As long as it works, right?

## The death of IPv4 is greatly exaggerated

We ran out of IPv4 addresses, and so what? I can still watch Youtube videos, have calls over Zoom, buy things on Amazon. The Internet works due to the magic of NAT! Channeling Oprah, you get an address, you also get an address, and you too get the same address!

Except this all works because of lots of money and effort.

Effort because you can't just make a call to your friend over IPv4. You're both likely behind a one-to-many NAT, meaning you can't receive connections. So who will initiate one? STUN offers some painful, costly, partial, and annoying solutions involving having a dedicated address anyway.

An IPv4 address costs money, too. A single IPv4 address costs 26 USD in bulk as of 2024-11-05, and I'm paying for a 3EUR per month for a cheap VPS just for the sake of having one address for myself.

Why bother? Because if you want a little place for yourself on the internet to serve stuff from, you need an address. Manage your own game server? Expose a quirky service? Have an actual, direct call? Seed torrents of your favorite classic art? Connect to your home network while away? I want to do all those things, so I bought myself an address.

Of course, taking an address from the limited pool makes me part of the problem.

But I want to connect to the plant watering system that I left at home! But I want to download stuff from the off-site backup that's at my friend's place, behind NAT! Yes, I could buy a server in a data center and install Wireguard there. I did it, it sucks. High pings, slow transfers. Help! Let me have direct connections.

## IPv6

IPv6 comes to the rescue! The address pool is about 420^π bazillions addresses, so every address is really cheap. If you want to apply for a subnet, a random 500 EUR package gives you 2¹²⁸⁻⁴⁸=2⁸⁰ addresses, which is 2417851639229258137600 addresses per EUR yearly.

Global IPv6 addresses are effectively free.

If you have a decent Internet provider, they will assign you a /60 subnet and let all your LAN devices grab a /64. Now anyone can connect to you, so enjoy! And put up your firewall.

## That /64 thing

What's that about a /64 subnet? A subnet for every device?

Well, that's how IPv6's DHCP equivalent works. You can't normally get anything smaller than that through autoconfiguration. Which is not a problem if you have a decent Internet provider.

But if you've got only a half-decent provider, they might only offer you a /64. That typically happens on mobile connections, but not only. (Also, this can happen if you like subdividing networks like Russian dolls. IPv4 you could just chain NATs, IPv6 has no NAT.)

So what do you do?

## OpenWRT

I don't believe I have to introduce OpenWRT to any of my readers. Newcomers, this is **the** Open Source operating system for routers.

It can extend IPv6 connections to connected computers *even if there's only a /64 available*! And it has this nifty Web interface called LuCi.

While there are multiple guides for the command-line, there are no guides for configuring IPv6 forwarding for the Web interface. So here's mine.

## IPv6 relay mode in Luci

First, set up an IPv4 WAN network (if you care). I'll call it *wwa*n. Remember to set up a LAN interface if you don't have one. Ready? Then set up a WAN network for IPv6. I'l call it *relay6*, set it to DHCP client and select "Alias Interface: @wwan" as the device.

Adding new interface "relay 6"

Once you have it, navigate to "DHCP server" and set one up.

Interfaces » relay6 → DHCP Server → button: Set up DHCP Server

Yes, I know, it's weird. We don't want to provide addresses on this interface. That's why the next step is checking the "Ignore interface" box.

Interfaces » relay6 → DHCP Server → General Setup → checkbox: Ignore interface

Once that's done, go to DHCP IPv6 settings.

Interfaces » relay6 → DHCP Server → IPv6 Settings → unchecked "Designated master" checkbox and 3 drop-downs, each on "disabled"

Make this interface a designated master and change 3 dropdowns (RA-Service, DHCPv6-Service, NDP-Proxy) to "relay mode".

Interfaces » relay6 → DHCP Server → IPv6 Settings → checked "Designated master" checkbox and 3 drop-downs set to "relay mode"

We're done with the WAN interface, but the LAN needs to be adjusted. Here, it's just a static address on a bridge device.

Interfaces » LAN → General Settings → Protocol: Static address

Go to DHCP Server → IPv6 Settings and change all the dropdowns to "relay mode".

Interfaces » LAN → DHCP Server → IPv6 Settings → unchecked "Designated master" checkbox and 3 drop-downs set to "relay mode"

Save all the changes and apply them. For me, the router immediately received an address.

My laptop also got an address immediately, but I had to reconnect to get the default route populated (otherwise you can't connect to the Internet).

Check a device connected to that router, it should get the address, too.

### Default route

One snag, though.

The default route was not set for my laptop. I had to modify the connection manually and add one. The result looks like this:

```
[me@foobar ~]$ ip -6 r
default via fe80::abcd:ef12:fecd:6573 dev wlp2s0 proto ra metric 600 pref high
```

## Bonus: ULA

ULA is something that doesn't exist in IPv4.

ULA is the closest counterpart to an IPv4 local address. I use it to have stable addresses within my network. Even if the upstream changes their prefix (effectively your network address) and all previous addresses become invalid at 6:00 every morning, breaking all connections (thanks Telekom), and even if the upstream goes down at all, ULA will keep your network internally connected.

I put the names of all hosts on my network in /etc/hosts, like a troglodyte on the early Internet before DNS.

It sounds complicated if you come from IPv4. There, every computer knows its own address. 192.168.1.77. Great. That's it. What's my public address? No idea.

In IPv6, every computer can easily have multiple addresses. A global one, some ULA addresses. It doesn't become a mess because those addresses are completely independent (link-local ones are a bit special, though). ULA networks are dropped on the edge of the public Internet, so they can't even be used for Internet access.

OpenWRT supports using ULA in Network → Global network options.

For me, it doesn't always get picked up, but it's there on some "Static address" interfaces. I don't really know what controls it, but I have one on the same interface as my LAN:

"ula" named network on interface bridgr spanning several devices, with protocol "Static address" and an IPv6/64 ULA address without an IPv4 address

## The end

Now I have IPv6 in my local network! I can seed the world with torrents! I can host a quirky server for 10 minutes (remember to open firewall)! I can connect to the servers I manage at a friend's place!

Oh wait, that server is behind its own firewall and I never enabled IPv6 on that one -_-. I guess I'm not done blogging about IPv6 yet.

Written on .

Comments

dcz's projects

Thoughts on software and society.

Atom feed