this post was submitted on 16 Aug 2025
25 points (90.3% liked)

Selfhosted

50526 readers
615 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
25
IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos (piefed.blahaj.zone)
submitted 16 hours ago by glizzyguzzler@piefed.blahaj.zone to c/selfhosted@lemmy.world
28 comments fedilink hide all child comments
 

I have had IPv6 off for a long time now, but it feels like now is time to actually try. I'm planning on setting the WAN side to DHCPv6 and the LAN side to Static IPv6 to match the IPv4 settings. https://docs.opnsense.org/manual/ipv6.html (I see people say "talk to your ISP about dynamic or static and what block size" but I would rather collapse into a singularity than contact my ISP unforced, so I shan't do that)

I've tried to read about IPv6 but I just don't have enough knowledge-ground to stand on to make sense of it in an actionable way.

From what I have read and (mildly) understood, I think I know that IPv6 addresses are directly identifying; no longer does everything on the internet see the IPv4 of your router only - now things see your specific device's IPv6 that's a... subset? of the router's IPv6 range (not single IP) assigned. https://superuser.com/a/1735921 People describe it as a different way to network, which I guess means no matter what I read I'm still not sure what to do.

I want IPv6 to work exactly like IPv4: router has WAN IPv4 address and masquerades for every device in the network. I don't want Google knowing exactly which computer contacted them from inside my LAN, I want them to put in the work to finger print my device with various ways that are likely illegal in the EU.

How do I prevent that IPv6 privacy issue, or did I misunderstand how IPv6 works?

you are viewing a single comment's thread
view the rest of the comments
[–] InnerScientist@lemmy.world 2 points 9 hours ago* (last edited 9 hours ago) (1 children)

is kludging NAT for IPv6 not a better solution versus ULA addresses?

There are very few hosts that allow only ipv6 (though there are many who only do ipv4). Ipv6 would improve internet stability and long-term communication when you're not using a nat but that isn't what you're trying to build. Seeing as you're not getting any advantage anyway I recommend ULA because it won't get in the way of possible future migration to GUA ipv6 (globally unicast address) and still run over the ipv6 network while also avoiding Nat.

Or is the clear answer just use IPv6 as intended and let the devices handle their privacy with IPv6 privacy extensions?

It's my clear answer at least.

If you don't want that you can use ULA addresses for now and later add GUA ipv6 addresses. ULAs are meant to be used when you only have a dynamic ipv6 prefix so that internal devices can have ipv6 internet (GUA) while also having a static ipv6 address(ULA).

[–] glizzyguzzler@piefed.blahaj.zone 1 points 21 minutes ago

I got it, ULA for everything that doesn’t care, 1 GUA for the server. When everything else starts to care about the lack of IPv6 or has routing issues, convert the ULA to GUA and rock n roll.

Thanks for providing a sane way to approach it slowly and methodically!