from the at-least-you-get-ipv6 dept.

I’ve recently learned that our neighborhood is getting a fiber optic network, with a 100Mbps connection in each subscriber’s home. IPv6 connectivity is included, but unfortunately, the only IPv4 connectivity they offer is Carrier Grade NAT, due to the exhaustion of IPv4 addresses in RIPE. I travel a lot, and I’ve become accustomed to accessing my home network via SSH, VNC, etc. It appears uPNP and PMP are unsupported by CGN. So, without a publicly-routed IPv4 address, I’ll be unable to reach devices on my home network from an IPv4-only connection, such as the one provided by my cellular carrier (which also appears to be behind some kind of NAT, by the way). If the ISP isn’t willing or able to sell me an IPv4 address, what alternatives do I have? I’d be willing to pay a small monthly fee for, say, a VPN service that would allow me to accept incoming connection requests on a range of ports on their Internet-facing IPv4 address. Does such a service exist?

Every system I’ve seen has some form of IPV6 tunneling that allows you to call out to an IPV6 server. The only time it fails is if you’re trying to host an IPV6 server which will fail due to NAT but connecting to an IPV6 always works. The fact that you’ve got an IPV6 server means you’re set. Run Teredo/Miredo on your clients and connect away.

Go setup teredo/miredo and connect away.

I would definitely try Teredo first, though it does depend on the NAT design used by your ISP (you want remote IPv4 hosts to repeatedly see the same source address after repeated connections — if the reported address changes, Teredo won’t work for you).

The protocol doesn’t require explicit ISP support, though NAT design can certainly break it and ISPs can filter it if they choose. When it works, the net effect is that any two hosts running Teredo clients can connect to each other via their client’s IPv6 addresses, even if an IPv4 network sits between them.

Under the hood, it tunnels on top of NAT’d UDP over IPv4, using a 3rd party public IPv4 server to mediate the connection start-up (needed for NAT busting []) — but all of that is transparently handled by the Teredo client, so using it seems exactly the same as connecting to any other IPv6 host. There’s a small privacy aspect present since that other server sees your source and destination trying to start a connection, but all the real traffic is direct, peer-to-peer.

Since the effect is to allow connections despite a NAT, you should make sure you are suitably firewalled, patched up, hardened, etc. Some teredo clients may also require you to explicitly enable in-bound connections on the interface.

That’s not the case. Unfortunately, Teredo requires relay of all data in the tunnel. There’s simply no guarantee that an IPv4-only host has a direct, peer-to-peer path to and from an IPv6-only host, as is the case here in the original question.

Teredo will probably work as a proof-of-concept, but for anything requiring more than a trickle of bandwidth a dedicated tunnel (Hurricane Electric or Sixxs) would be a better idea.


Joseph Forbes (691)

Information Technology Consultant. For SMB, SOHO, and Online business. From Computers to Telecommunications this guy has been into it since hippies made it hip. Drone Pilot and Tech Aficionado I get to travel the State of Texas to help businesses succeed.