RIPE NCC: IPv6 in the RIPE Database Webinar Slides
RIPE NCC: IPv6 Address Plan
RIPE NCC: IPv6 CIDR Chart (2015)
RIPE NCC: IPv4 CIDR Chart (2015)
RIPE NCC: Database Objects Overview Diagram
RIPE NCC: IPv6 in the RIPE Database Webinar Slides
RIPE NCC: IPv6 Address Plan
RIPE NCC: IPv6 CIDR Chart (2015)
RIPE NCC: IPv4 CIDR Chart (2015)
RIPE NCC: Database Objects Overview Diagram
⚠ Information in this post is outdated since the launch of PIA’s ‘Next-Gen’ VPN network in 2020, sunsetting the then-existing set-up ⚠ |
First create a vpn profile to use when creating l2tp/pptp connections
to privateinternetaccess.
/ppp profile add change-tcp-mss=yes \ comment="PIA VPN" \ dns-server=209.222.18.222,209.222.18.218 \ name=privateinternetaccess only-one=no \ use-compression=no use-encryption=required \ use-ipv6=no use-mpls=no use-upnp=no
Create the l2tp interface
/interface l2tp-client add \ comment="PIA VPN Netherlands" \ connect-to=nl.privateinternetaccess.com \ disabled=no name=pia-de-l2tp \ profile=privateinternetaccess \ user=[l2tp-username] \ password=[l2tp-password]
[l2tp-username]
Your PIA username for l2tp/pptp/socks connections beginning with ‘x’ (not ‘p’!)Create a firewall mangle rule to mark IPv4 traffic we want to
go through the VPN.
/ip firewall mangle add \ action=mark-routing \ chain=prerouting \ comment="PIA VPN Netherlands" \ new-routing-mark="PPTP RM" \ passthrough=yes \ src-address=[ip-range-to-forward-through-vpn]
[ip-range-to-forward-through-vpn]
Create the NAT rule and tell it to use the VPN interface.
/ip firewall nat add \ action=masquerade chain=srcnat \ comment="PIA VPN Netherlands" \ out-interface=pia-de-l2tp
Create a corresponding default route to match the previous NAT
rule. Which only get used when IPv4 traffic has been marked with
‘PPTP RM’.
/ip route add \ comment="PIA VPN Netherlands" \ disabled=yes distance=1 \ gateway=pia-de-l2tp routing-mark="PPTP RM"
Now you should see traffic from clients in the IPv4 range
of [ip-range-to-forward-through-vpn]
go through the VPN.
NB: If you want to use another country apart from Netherlands. Check out Private Internet Access list of locations here: PIA VPN Tunnel Network
In my last post I talked about running a pure IPv6 network, as part of my ISP building project, but still allowing access to resources on the internet currently only available via IPv4.This works well assuming all the clients on the local network are IPv6 capable, unfortunately this is not always the case. There are legacy devices that do not understand IPv6.This is a real problem with IoT devices that are either no longer being maintained or just that have hardware that is incapable of using anything other than IPv4. There is also a small problem that a IP cam with a IPv6 address is probably available to the world with out some firewall rules or a ACL limiting access to the local /64, but those are problems for another day…Another issue is hard coded IPv4 addresses in legacy applications, this is a problem even if the OS/device supports both IPv4 & IPv6 but is only connected via IPv6.There is are a few of solution to both these problems.
Speaker: Dr David Holder (Erion Ltd)
http://uknof.uk/42/Security is one of the most crucial factors in modern networks. Network operators are painfully aware of this. IPv6 brings new challenges, features and opportunities for network security.
This presentation provides a comprehensive overview of IPv6 security, why it needs to be taken seriously, how it differs from IPv4, the problems it presents and current IPv6 security techniques and best practice.
As IPv6 becomes more widespread, no one interested in network security or network forensics can afford to ignore security IPv6
Your IPv4 addresses are a financial asset because the market for v4 address space is rising. The question is, for how long? Guest Lee Howard joins the IPv6 Buzz podcast crew to discuss the financial implications of selling IPv4 addresses. They also discuss the performance and operational benefits of moving to IPv6.
Source: IPv6 Buzz 035: Selling Your IPv4 Addresses For Fun And Profit – Packet Pushers
We currently have around 1.91 million IPv4 addresses remaining in our available pool. We expect to reach the end of this pool in the next few months, before the end of 2019. The exact date is not possible to predict as this depends on the rate at which new members/additional LIR accounts are opened.
Source: Getting Ready for IPv4 Run-out — RIPE Network Coordination Centre
20190610_Howard_Prisoner_Of_Ipv4_v1.pdf
Video will be up in a week, I’m sure.
Summary:
ISPs are motivated to promote IPv6 to avoid CGN.Content providers are motivated to promote IPv6 because it’s faster, and faster means (they say) they increase user engagement/sales/ad views.
So e-commerce sites should dual-stack and only sell IPv6 capable equipment. Maybe ISPs can test it for them.
If everyone works together, everyone can make more money. Complementary blog post with more detail at www.retevia.net/prisoner