this post was submitted on 06 Sep 2023
43 points (97.8% liked)

Selfhosted

39435 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Is anybody using only IPv6 in their home lab? I keep running into weird problems where some services use only IPv6 and are "invisible" to everyone (I'm looking at you, Java!) I end up disabling IPv6 to force everything to the same protocol, but I started wondering, "why not disable IPv4 instead?" I'd have half as many firewall rules, routes and configurations. What are the risks?

top 27 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 1 year ago (1 children)

Unfortunately, going IPv6 only is a pain since so much stuff is still reliant on IPv4.

[–] [email protected] 3 points 1 year ago (1 children)

Can you elaborate? Hardware or software or both? Other than one network appliance, most of my stuff isn't too old.

Now that I start thinking about it, my work stuff may be impacted.

[–] [email protected] 5 points 1 year ago

Many websites are still IPv4 only, so you won't be able to access them unless you set up a NAT64 gateway. Some stuff won't work over NAT64 though.

Most recent hardware should support IPv6, but a lot of IoT devices still don't. You can put any IoT devices on their own IPv4 network since it's a security risk to have them on your main network though.

[–] [email protected] 12 points 1 year ago (1 children)

When troubleshooting some network shares and other issues the remedy was disable ipv6 lol. i'm not familiar with ipv6 enough to know the pros other than more IP addresses available, but since its all on mu LAN i have no need for ipv6

[–] [email protected] 12 points 1 year ago

For your internal LAN there aren't really any pros.

[–] [email protected] 12 points 1 year ago

The beauty of your homelab is that you can try and break things, learn something from it and try something else.

[–] [email protected] 8 points 1 year ago (1 children)

Are you binding services to specific addresses? Normally if you bind your service to :: it will receive IPv4 connections using ::ffff:x.x.x.x addresses.

[–] [email protected] 1 points 1 year ago (1 children)

I was not binding to specific adresses, but was probably a problem with a specific release of Java (Oracle Java maybe.) My distro's Java was doing weird video things, but the Oracle version was not, but then it could not reach outside the local computer. Debugging logs showed that it tried IPv6 and failed, then quit trying instead of falling back to IPv4. Disabling IPv6 in the Java JRE configuration solved the issue, but set me on the path to "modernize" my network stack. In hindsight, it's probably not something that I really have the time to take on right now.

[–] [email protected] 1 points 1 year ago (1 children)

Trying IPv6 and failing is normal. Modern software that supports both is supposed to try both, but sometimes people mess it up…

In general, if you write code that connects to another computer over the network, you want to be connecting to a string, not an IP address. If you write something like connect("lemmy.world", 443), it should connect over either IPv6 or IPv4. However, if you write something like connect(getHostByName("lemmy.world"), 443), that usually will return a single IP address and if that address doesn't work then the connection fails.

The Java documentation says it should just work "if everything has been done appropriately." https://docs.oracle.com/javase/8/docs/technotes/guides/net/ipv6_guide/

[–] [email protected] 1 points 1 year ago

Java is still borked in a dual-stack environment: https://bugs.openjdk.org/browse/JDK-8170568

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
IoT Internet of Things for device controllers
NAT Network Address Translation
PiHole Network-wide ad-blocker (DNS sinkhole)

5 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #110 for this sub, first seen 6th Sep 2023, 04:55] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

As someone mentioned above, there are some soho devices I have run into that plainly just won’t work with IPv6 even though they claim to and will pull a lease. One or two I have seen just seem to stop working simply by having v6 enabled. Hours of troubleshooting. Its worth making sure someone in internet-land at least claims v6 works on any persistently trouble some devices.

[–] [email protected] 1 points 1 year ago

I'm trying to be progressive, but after thinking outside of my little network and reading the posts here, it seems like there's still a long way to go before I should consider it. I don't have a split network at home and it would potentially affect everyone in the house. Additionally, I don't have serious needs for production-grade network equipment, so the chancs of that cheap usb-to-ethernet adapter with more Chinese characters than English in the instruction sheet has a high probability of biting me.

This was sort of a wild hare thought of disabling IPv4 vs disabling IPv6 to solve a problem that's more of an inconvenience. I am probably not ready for this undertaking. Maybe I'll revisit it when I get around to partitioning my network.

[–] [email protected] 5 points 1 year ago

Yes. I just feed it off the /60 my isp gives. Me and I just use my router to segregate the rest. Gotta love Mikrotik. It's alot easier without dealing with NAT but the ip space calculations need a bit more though

[–] [email protected] 3 points 1 year ago

I went IPv6-only for everything internal. The only thing that's dual stack is the wireguard server running on the gateway. I haven't run into any issues, mostly because my Linux distro's package repository has many IPv6-compatible mirrors (enabled by default). For anything not in the distro's repos, I build from source and package them up into RPMs myself, so as a side-effect, I don't have to deal with eg. Github not supporting IPv6.

Even things with generally crappy firmware, like the APC UPS management card, Supermicro & ASRock IPMI management interfaces, etc. have worked fine in an IPv6-only setup for me.

[–] [email protected] 2 points 1 year ago (1 children)

I avoid ipv6 as much as possible.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] -2 points 1 year ago (2 children)

It fucking sucks. I’ve been hearing about it for twenty plus years and it’s caused me more problems than it’s solved. Comcast DNS routinely breaks connecting to niche sites like Microsoft 365 😑. Its overly complicated and easier to screw up. If turning off IPv6 would stop solving more problems maybe I’d give it a better go, but as it stands it’s like the USB-c standard of a clusterfuck of poor design and implementation in practice.

[–] [email protected] 5 points 1 year ago (3 children)

I'm sorry you've had a poor experience, but I've had nothing but smooth sailing since my ISP gave me a /64. I had to re-learn most of what I knew and unlearn a few bad v4 habits, but v6 has solved issues that I was tired of dealing with. I can't imagine what you're doing to think it's more complicated and easier to screw up than v4.

[–] [email protected] 2 points 1 year ago (1 children)

And that is the biggest problem it is different then ipv4 and you have to learn new stuff. My worst was up keeps changing the prefix so I had to find out how to write an allow rule that ignored the prefix and only allowed the end but since they always stayed the same.

[–] [email protected] 1 points 1 year ago

What do you mean up keeps changing the prefix?

[–] [email protected] 2 points 1 year ago

If DNS wouldn’t constantly break I’d be more open to learning. Right now what’s the point?

[–] [email protected] 0 points 1 year ago (2 children)

Lets say you have a bunch of self hosted servers. How are you tracking their ips on ipv6? Are you able to type the ip off the top of your head? I feel like its very simple with ipv4.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Use the names. I connect to my self hosted services all the time over ipv6 using DNS. Still use ipv4 to ssh though as my prefix changes alot,sometimes multiple times a day.

[–] [email protected] 1 points 1 year ago

How are you tracking their ips on ipv6?

Are you able to type the ip off the top of your head?

I write them down, just as I do v4. I don't type v4 off the top of my head any more than I do v6- but even if I did, I'd only have to really memorize the prefix because that's all universal across my whole network. For example, look at this that I ripped from my documentation:

                                == PROXMOX CONTAINERS & VIRTUAL MACHINES ======================
                                C:TorRelay      -       192.168.78.160  /  2a05:f6c7:8039::12ad
                                C:Gonic         -       192.168.78.161  /  2a05:f6c7:8039::1255
                                C:Wireguard     -       192.168.78.162  /  2a05:f6c7:8039::1666
                                V:ADS-B         -       192.168.78.163  /  NA
                                C:Apache        -       192.168.78.164  /  2a05:f6c7:8039::1337
                                C:Backups       -       192.168.78.165  /  2a05:f6c7:8039::0107
                                C:PiHole        -       192.168.78.166  /  2a05:f6c7:8039::1811
                                C:NetworkFun    -       192.168.78.167  /  2a05:f6c7:8039::1192
                                C:MovieSync     -       192.168.78.168  /  2a05:f6c7:8039::2356
                                C:Owncast       -       192.168.78.170  /  2a05:f6c7:8039::1368

Do you see the pattern? I could have made it even simpler. I could've made the last quartet of the v6 address the same as the last octet of the v4 address, but I didn't think of it at the time. I've memorized more credit cards than I have IP addresses in total, which you will surely agree are more complex, so I'm not worried about when the time comes to drop v4 and its time to memorize v6. It will come naturally with use, as the credit cards have

In practice, I've found, that it is simply not a problem. If I don't know the last quartet off the top of my head, I won't know the last octet either so I have to look it up anyway. All my network documentation is available with a simple curl command. If I do know the last quartet but not the prefix, I could type 'ip a' and find the prefix right there.

[–] [email protected] 2 points 1 year ago (1 children)

Having used Azure for a few years now I feel like that might not be entirely on Comcast.

[–] [email protected] 1 points 1 year ago

Maybe, but I have yet to see another home ISP with the same problem.