← Back to context

Comment by raffraffraff

4 days ago

This! I guess a good number of tech people will have IPv4 home networks long after their non-tech parents, neighbors and friends will be using IPv6 (without even knowing it).

IPv4 in the home is dead easy. You only need to remember the last digit (unless you've got multiple networks, but most won't). You can ssh to any device by remembering that ".1" is router, ".2" is NAS etc. Firewalls are simple.

You can buy a cheap domain and use it as your home DNS (eg "router.myhome.net" -> "192.168.0.1") so it works anywhere! In the home or roaming (over VPN). I don't really need to run DNS at home. My domain runs on Cloudflare DNS, my devices use NextDNS (with rebind protection disabled for my home domain).

I run OpenWRT and preallocate DHCP addresses for all known devices. Then I shrink the DHCP pool to a blacklisted range. A script automatically creates DNS records for all preallocated devices. If a new device appears in the blacklisted DHCP pool, I can manually allocate its MAC address a proper IP.

It's easy to get TLS certs for any service in the house using the ACME DNS01 challenge.

Tailscale is sexy and it worked fine until one day while roaming it wouldn't connect without "admin work", so I instantly dropkicked it. I'm now using the very unsexy OpenVPN Cloud (free for limited use) and in over two years it has never failed me. Plus it doesn't fuck with the IP addresses with fancypants tailnet addresses - I access devices directly using their DNS names which resolve to private addresses.

So, from inside or outside the home I can access the NAS to watch a movie, sync photos to Immich, print a document, check my IP cameras or ask my wife to put a document on the ancient scanner and access it via the raspberry pi phpscan website (which is on https://scanner.myhome.net)

I'm sure there's a very good reason not to do this and someone will now point it out.

10 comments

raffraffraff

Reply
justsomehnguy  4 days ago

# IPv6 in the home is dead easy. You only need to remember the last digit (unless you've got multiple networks, but most won't). You can ssh to any device by remembering that ".1" is router, ".2" is NAS etc. Firewalls are simple.

# You can buy a cheap domain and use it as your home DNS (eg "router.myhome.net" -> "2003:123:4:5::1") so it works anywhere! In the home or roaming (over VPN). I don't really need to run DNS at home. My domain runs on Cloudflare DNS, my devices use NextDNS (with rebind protection disabled for my home domain).

# I run OpenWRT and preallocate DHCP addresses for all known devices. Then I shrink the DHCP pool to a blacklisted range. A script automatically creates DNS records for all preallocated devices. If a new device appears in the blacklisted DHCP pool, I can manually allocate its MAC address a proper IP.

# It's easy to get TLS certs for any service in the house using the ACME DNS01 challenge.

There is literally no difference between v4 and v6 here.

nottorp  4 days ago

> IPv4 in the home is dead easy

Exactly. I randomly try to "upgrade" to ipv6 in my home once in a while and i always give up because I'd have to do the whole enterprisey setup for no good reason.

Edit:

Basically ipv6 is too complex and automated to hold your home network's whole configuration in your head without effort.

So the techies don't set it up at home unless they have a fetish for overcomplicated setups. They're not familiar with it so they don't push for it at work either.

Adoption is solely driven by ipv4 address space exhaustion. There is no "new toy!" feeling involved.

  • immibis  4 days ago

    IMO, not having NAT is a "new toy". It allows end-to-end connectivity again. Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.

    You could try fd00::1, fd00::2, ... for short internal static addresses. You don't have to use a random prefix in that range - it's just policy (for good reasons that might not matter for a small network).

    • nottorp  4 days ago

      > Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.

      Yeah, and my Windows box is again accessible from the outside with whatever services MS deems to run by default...

      Yes, there are firewalls, but isn't it better if a potential attacker doesn't even know what's behind my router?

      P.S.: Since webrtc showed up to do whatever it wants with my network, peer to peer has started to mean "donating resources to some company" to me.

      5 replies →