this post was submitted on 16 Aug 2025
31 points (91.9% liked)

Selfhosted

50550 readers
380 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
31
IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos (piefed.blahaj.zone)
submitted 1 day ago* (last edited 9 hours ago) by glizzyguzzler@piefed.blahaj.zone to c/selfhosted@lemmy.world
33 comments fedilink hide all child comments
 

I have had IPv6 off for a long time now, but it feels like now is time to actually try. I'm planning on setting the WAN side to DHCPv6 and the LAN side to Static IPv6 to match the IPv4 settings. https://docs.opnsense.org/manual/ipv6.html (I see people say "talk to your ISP about dynamic or static and what block size" but I would rather collapse into a singularity than contact my ISP unforced, so I shan't do that)

I've tried to read about IPv6 but I just don't have enough knowledge-ground to stand on to make sense of it in an actionable way.

From what I have read and (mildly) understood, I think I know that IPv6 addresses are directly identifying; no longer does everything on the internet see the IPv4 of your router only - now things see your specific device's IPv6 that's a... subset? of the router's IPv6 range (not single IP) assigned. https://superuser.com/a/1735921 People describe it as a different way to network, which I guess means no matter what I read I'm still not sure what to do.

I want IPv6 to work exactly like IPv4: router has WAN IPv4 address and masquerades for every device in the network. I don't want Google knowing exactly which computer contacted them from inside my LAN, I want them to put in the work to finger print my device with various ways that are likely illegal in the EU.

How do I prevent that IPv6 privacy issue, or did I misunderstand how IPv6 works?

you are viewing a single comment's thread
view the rest of the comments
[–] thelittleblackbird@lemmy.world 1 points 17 hours ago (1 children)

Hi,

Welcome to the ipv6 fantastic hell and it's sequel about dual stack and 6to4 and 4to6 half cooked solutions.

First of all, I would not care a lot the ip addresses, not even google can extract a lot of info from the ip and ipv6 will cycle the subnet work part (via your isp) making tracking extremely difficult. On to of that you can select your dhcp6 daemon to give an address validity as low as minutes (but not practical), 24h validity should be enough. 1h validity only in severe paranoia mode.

It is important to make sure that your lan track the Wan interface for correctly updating the prefix renewal.

Try not to make a nat for ipv6 but firewall most of the stuff you don't like, ipv6 comes wit great advantages that will dissappear if you nat the connections. And a tip, there are a lot of ipv6 icmp messages that shouldn't be blocked in your firewall because it really improves your performance. If you nat it they will be out.

[–] glizzyguzzler@piefed.blahaj.zone 1 points 15 hours ago

Good to know, didn’t know IPv6 can come with efficiency gains. Makes sense since the designers had a beat to think about why IPv4 sucks. I’ll avoid NAT IPv6