| 21 Aug 2021 |
 matthewcroughan - nix.zone | Maybe you misunderstand what I'm doing? There's no hole punching happening. | 02:38:53 |
| matthewcroughan - nix.zone | At least I can't see how I'm punching holes through anything. | 02:39:11 |
| matthewcroughan - nix.zone | Are you telling me to turn off ipv6? | 02:39:15 |
| matthewcroughan - nix.zone | * Are you telling me to turn off ipv6 for security reasons? | 02:39:29 |
 6aa4fd | no I'm saying I wouldn't open a port for ssh | 02:39:39 |
| matthewcroughan - nix.zone | Oh. In my view that is definitely overly paranoid. | 02:39:54 |
| matthewcroughan - nix.zone | But that is only my view. | 02:39:59 |
| 6aa4fd | especially not both ssh and VPN, it all adds to your attack surface | 02:39:59 |
| matthewcroughan - nix.zone | You have to open something. When you use a VPN you are also exposing some sort of port. | 02:40:20 |
| matthewcroughan - nix.zone | You simply prefer the VPN binary and its ports and networking. I prefer OpenSSH. | 02:40:35 |
| matthewcroughan - nix.zone | But both are binaries, both use networking, both require a single open port. | 02:40:51 |
| matthewcroughan - nix.zone | Don't get me wrong, I like Wireguard and Tailscale, but those are only ran on machines I fully control. | 02:41:25 |
| 6aa4fd | yeah sure, its a free country.
anyways you can use any number of VPNs to get your 6 traffic through, and I guess not provide a default gateway for ipv6. now I'm not sure how granular some of these SLAAC/dhcpv6 tools are where you can force the default gateway off | 02:41:48 |
| matthewcroughan - nix.zone | I don't have a 6 address. There is no traffic to "get through". | 02:42:09 |
| matthewcroughan - nix.zone | My ISP doesn't support ipv6, so I used 6in4 to give myself one, from hurricane electric. | 02:42:24 |
| matthewcroughan - nix.zone | So I don't know what you mean by that, I'm confused. | 02:42:36 |
| 6aa4fd | yeah, I am saying VPN into a location where you do have a 6 prefix | 02:42:57 |
| matthewcroughan - nix.zone | If I could just set up a vpn, there'd be no point in using ipv6. | 02:42:59 |
| matthewcroughan - nix.zone | ipv6 means you don't need a vpn. | 02:43:07 |
| matthewcroughan - nix.zone | If I set up a vpn, there would be absolutely no need for this 6in4 business | 02:43:24 |
| matthewcroughan - nix.zone | * If I set up a vpn, there would be absolutely no need for this 6in4 business I am doing | 02:43:26 |
| 6aa4fd | dude, your average coffee shop won't deliver your ipv6 traffic | 02:43:32 |
| 6aa4fd | maybe in the UK, not in the us | 02:43:51 |
| matthewcroughan - nix.zone | Do you know what 6in4 is though? | 02:43:55 |
| matthewcroughan - nix.zone | What control does the coffee shop have over my ipv6 traffic? | 02:44:05 |
| 6aa4fd | it is a VPN | 02:44:06 |
| matthewcroughan - nix.zone | You could try to explain these things to me, rather than assume I know :P | 02:44:30 |
| matthewcroughan - nix.zone | If there's something I don't know about 6in4 that means it's not as cool as I think it is, please tell me | 02:44:50 |
| 6aa4fd | you said you want to take your computer out to other networks and use ipv6, I'm saying you need to have ipv6 support at the specific location | 02:44:54 |
| matthewcroughan - nix.zone | that is not true with 6in4 | 02:45:10 |
