| 21 Aug 2021 |
 6aa4fd | if all your LAN traffic already goes through it, then you don't need to do anything except setting up dhcp | 02:28:34 |
| 6aa4fd | if not, you can change the routing rules on the router | 02:29:45 |
 matthewcroughan - nix.zone | 6aa4fd: I meant to say that I want an ipv6 address on my laptop, even when I'm at a coffee shop, via 6in4. | 02:32:19 |
| matthewcroughan - nix.zone | so I'm happy with the setup I have at home where the router does it, but I was wondering whether I could have it all happen on my laptop and screw the network I'm on. | 02:32:40 |
| matthewcroughan - nix.zone | And what a dream it would be to have Nix configure my home router. | 02:33:08 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
so I'm happy with the setup I have at home where the router does it, but I was wondering whether I could have it all happen on my laptop and screw the network I'm on. oh, you want a 6in4 or other type of VPN then | 02:33:19 |
| matthewcroughan - nix.zone | Hmm.. Maybe tailscale should provide this. | 02:33:42 |
| matthewcroughan - nix.zone | Would be quite a cool feature. | 02:33:47 |
| 6aa4fd | you can get a VPN set up with hurricane electric, not sure about price. or just set up a VPN to your home router and run that traffic through the 6in4 | 02:34:17 |
| matthewcroughan - nix.zone | I would want the default route to be ipv4 anyway. | 02:34:33 |
| 6aa4fd | so what does the ipv6 do? | 02:34:49 |
| matthewcroughan - nix.zone | give me access to machines without a vpn | 02:35:03 |
| matthewcroughan - nix.zone | the way the internet was supposed to be | 02:35:17 |
| matthewcroughan - nix.zone | but 6in4 means I have to go through hurricane electric, which I don't want to do on youtube, and youtube isn't ssh, so yeah :D | 02:35:39 |
| 6aa4fd | you should really use a VPN, these admin tools are not properly hardened | 02:35:46 |
| matthewcroughan - nix.zone | admin tools? | 02:35:57 |
| matthewcroughan - nix.zone | what one are you referring to/ | 02:36:04 |
| matthewcroughan - nix.zone | * what one are you referring to? | 02:36:06 |
| 6aa4fd | the stuff on the machines you want access to | 02:36:16 |
| matthewcroughan - nix.zone | The machines I'm accessing are just NixOS machines in Wales, meanwhile I'm in Liverpool. | 02:36:43 |
| 6aa4fd | SOP for any machine is basically locally initiated connections and VPN is all that should go through the firewall | 02:37:01 |
| matthewcroughan - nix.zone | The NixOS machines in Wales have access to ipv6 natively thanks to BT. Whereas in Liverpool, the ISPs aren't IPv6 enabled. | 02:37:05 |
| matthewcroughan - nix.zone | So, I just did 6in4 on my openwrt router at home, and voila, I can ssh into that machine without a VPN. | 02:37:18 |
| matthewcroughan - nix.zone | * So, I just did 6in4 on my openwrt router at home, and voila, I can ssh into that machine in Wales without a VPN. | 02:37:22 |
| matthewcroughan - nix.zone | In reply to @6aa4fd:tchncs.de
SOP for any machine is basically locally initiated connections and VPN is all that should go through the firewall NixOS runs its own firewall, and it's quite decent by default. | 02:37:44 |
| matthewcroughan - nix.zone | NAT isn't security, either. | 02:37:58 |
| 6aa4fd | yeah I'm saying you shouldn't be punching holes in it | 02:38:05 |
| matthewcroughan - nix.zone | In reply to @6aa4fd:tchncs.de
yeah I'm saying you shouldn't be punching holes in it I'm not punching holes through it, the only thing open is ssh. | 02:38:19 |
| 6aa4fd | Nat is not security but stateful, TCP aware firewalls are | 02:38:24 |
| matthewcroughan - nix.zone | Maybe you misunderstand what I'm doing? There's no hole punching happening. | 02:38:53 |
