On the modem / router I purchased from my ISP I have both an IPv4 and IPv6 IP address but on my Netgear modem / router it has IPv6 disabled, although I can enable it. Actually, the IPv6 address may come from my computer and not the router? Should I enable IPv6 on my Netgear? I know I should disable IPv6 on my machines before I connect to my VPN. I believe there is no NAT with IPv6 (because it doesn't need it?) but the Netgear should still statefully inspect packets (SPI firewall). Don't ask why I use different routers. I just like to see if there is any performance differences - not really noticeable. Maybe I'm a little bipolar? Hehehe. On another note, I have noticed my laptop has stopped seeing the ISP router's 5ghz channel twice recently, but still sees the 2.4ghz channel and my neighbours (plural) WiFi, which just judging by the distance is most likely also 2.4ghz. I'm using a Netgear A6210 WiFi adapter because the laptop only receives 2.4ghz. At first I thought there was a problem with this router but strangely I can connect to the 5ghz channel with my phone. I have not seen this with the Netgear router, so I doubt it is an issue with the WiFi adapter. Why would this be so? Thanks.
I wouldn't mess with IPv6 unless you need it. Especially if you use VPN services. You can lock it down, if you know what you're doing. But stuff happens.
Thank you mirimir. I shall leave things as they are until my ISP tells me it's time to make changes. Cheers.
Because, if you don't block IPv6 properly, you will disclose IPv6 addresses provisioned by your ISP. Even through VPN services, if they route IPv6 but don't firewall it. That's why
Thanks. What I wanted understand, indeed, is: no problem if I use JPv6 on a single home pc, with firewall hardware, is it ?
So aside from VPNs is there any other reason to avoid IPv6? I can, and already do, disable IPv6 on my machines before I connect to the VPN.
As long as you're not using a VPN, and don't care about websites knowing what ISP you use, there's no problem with using IPv6. Using a hardware firewall won't help, unless you block IPv6 traffic. But then, why have IPv6 in that case? If you do have IPv6 from your ISP, you can just disable IPv6 in your machine before you connect the VPN. And block IPv6 traffic in the firewall, just for sure. But that's opportunity for making mistakes. In that situation, it'd be better to use the VPN in a dedicated VM, with no IPv6 and firewall rules to block IPv6 traffic.
Yes, IPv6 identifies your computer specifically and persistantly on the internet because it is generated in part, from your network device's hardware Mac address.
This isn't the case when you have IPv6 service from your ISP. In that case, IPv6 addresses that are used outside LAN are in the range provided by the ISP. Anything MAC-based stays within LAN.
I don't believe that link-local IPv6 addresses are routable through VPN tunnels. In my VPN testing, my VMs all had both link-local IPv6 addresses and public IPv6 addresses provided by the local DHCP server. Only public IPv6 addresses were visible, even when the VPN leaked IPv6.