IPv6 is the future so I’d say yes. Dual stack is the way to go. If you can get public address block from your ISP thats great. If not I’d recommend HE tunnel or something similar. Just remember to firewall as ever device is reachable in most configurations.
Dual-Stack is usually no problem, but going IPv6-only is a pain, because a suprising amount of services are v4 only. Even NAT64/DNS64 doesn’t help everywhere.
No, I like living in my nat cocoon so I don’t have to worry as much about all the devices on my network. Jk it’s turned on, but I don’t usually enable it on devices
But still, if I understand correctly, with NAT you can just use one firewall for your router and with IPv6 you’d need a firewall for each of your devices. This seems like a lot more to manage, right? But maybe I still don’t understand the concept of IPv6.
Edit: Apparently I don’t understand the concept of IPv6.
Firewall and NAT are separate concepts. You can still have a firewall on your router when using IPv6. I don’t know how many consumer-grade routers handle it well though.
I’m lazy and don’t want to remember more than three digits in an IP address or secure all my devices like they’re publicly routable so I’m sticking with IPv4
The number of short IPv6 addresses is smaller than the number of IPv4 addresses, so that’s defeating the entire purpose of IPv6. Sooner or later you have to start using the long addresses.
Thank you! I just want to say, I’ve also been curious about ipv6 every now and again for a long time, and this thread has helped me to understand more.
The possibility to have your packets passed through a shorter route compared to IPv4 packets is worth it imo. I have 280 ms ping to the US and I can cut it down to ~250ms by routing my traffic via certain countries with vpn. I really hope widespread IPv6 deployment would optimize global internet routing so my latency would improve even if just a few ms so I don’t need to use VPN to override my route manually.
I suspect it’s more like the workaround used by network operators to scale up IPv4 to serve billions of users necessitate more and more layer of nodes to route your packets through.
That’s already happened, which is why some ISPs use CGNAT. CGNAT is “carrier-grade NAT” which means the internet provider does NAT on their network.
Only having CGNAT with no IPv6 is a pain since you can’t do any port forwarding. It’s double-NAT which slows things down a bit (you use NAT on your network, then your ISP uses NAT on their network).
Some cloud providers also have IPv6-only servers for cheaper. IPv4 address are still available but the price to acquire them is significantly higher than it used to be.
Living in the APNIC region, we are kinda notorious for being the first region to run out of IPv4 addresses.
The top 3 mobile ISPs in my country here have been doing CGNAT since at least 2014. Cable ISPs are limiting public IPv4 according to plans since at least 2017, i.e. if the download speed of your plan is below 200Mbps , you get CGNATed.
Not sure which country you’re in, but CGNAT is pretty common in some European countries. ARIN had a larger stockpile of IPv4 addresses than APNIC and RIPE, so CGNAT is less common in the USA and Canada. The US is also generally further ahead in terms of IPv6 rollout compared to other countries. One of the largest ISPs, Comcast, has been IPv6-enabled for over 10 years.
You’ve very likely already encountered it if you have a device with a SIM card! Most any mobile provider routes via a CGNAT - it’s exceedingly rare for phones to have public IPs.
It’s really common in cellular connections as well as smaller regional ISPs. I work for a rural fiber co-op with about 50,000 members/customers and we do CGNAT for all our members by default because we only have about 36,000 IPs allocated to us. We also have full ipv6 support as well with every customer getting a /56.
To get a big enough block for all our enterprise/business/residential customers to do 1:1 NAT for ipv4 would probably require an entire /16 which costs somewhere in the neighborhood of 2 million dollars last I checked. And even then we would eventually run out because we are constantly expanding to cover rural areas that have been ignored for decades by the big ISPs. Right now if a member needs a static or routable we just charge 10$ a month, and we have enough in reserve for all our members to operating like this likely until the entire internet abandons ipv4.
Honestly I don’t have a good answer for that. The ones who charge a one time fee are honestly being pretty generous (depending on the price you paid) considering there are yearly dues to ARIN/RIPE/APNIC/etc for IP allocations depending on their aggregate block size as well as the fact that IPs are generally very valuable right now, and go up in value depending on the block size.
If they have a legacy registration they also don’t have to pay those dues, though the downside is they don’t get the newer features like RPKI without signing a LRSA/RSA (and therefor paying those dues) and getting their routes certified. Usually doesn’t cause an issue as not many peers drop unvalidated BGP prefixes on IPv4.
That being said, if your ISP has been in the game for decades, they probably have owned their blocks for decades and got them for pennies on the dollar when ARIN and other registries were handing out IP addresses like candy. I know the last /24 my company had to buy cost us somewhere in the neighborhood of $14,000 when it was all said and done, and that was just for 256 IPs.
Eventually IPv4 addresses will become so prohibitively expensive, that is what will eventually push mass IPv6 adoption on the ASN side of things.
Thank you that was really informative. I paid <$50 for my IP address in 2015. My ISP has been around since 1990 so I suppose they may have been one of the lucky companies. Not sure if they do RPKI, first I’m learning of it. Maybe they’re cross subsidizing from other areas of the business. Their monthly fibre fee isn’t the most competitive but the service is reliable and haven’t had anything to complain about.
They are a little behind in speeds though. They only offer 900mbps asymmetrical max, while you can get 2, 4 and 8gbit in my area from other providers. I don’t need that kind of speed so I’m happy for now.
$50 one time is a great price. We charge our members $10 a month if they request a static. We’re also a not for profit coop, so all that money gets either dumped back into network infrastructure and expansion plans, or capital credits for our members.
For LAN, no. If you have a router NAT’ting traffic and providing DHCP service there’s really no need for ipv6. Almost every ipv6 enabled service provides both 6 and 4 usually and NAT figures it out, and many still provide only 4, meaning you can’t just get rid of ipv4 entirely.
If your ISP has modernized and is actually providing an ipv6 address, I suppose there’s probably a tiny benefit of being able to go ipv6>ipv6 when routing, bust most all devices nowadays can handle NAT translation from ipv4 to ipv6 and vice versa with no routing penalty.
I don’t know if there are any ISP’s out there who can provide static ipv6 addresses without a NAT router to your entire LAN though.
If you’re buying a vps or something ipv6 is easier to get a static address for.
That of course leaves the last good reason: why not? If you’re doing homelab hosting stuff why not experiment with ipv6 and fully modernize your network. They suck to type in but it’s fun to know your stuff is brand new and using the “best”.
There aren’t many benefits from using IPv6 on LAN, as far as I can tell, unless you need more addresses than are available in the private address ranges.
It’s definitely an interesting hypothetical. Some homelabs that I’ve seen run crazy enterprise gear and are certainly capable of running thousands of very small containers, while others are running repurposed consumer equipment or SBCs like Raspberry Pis with less computing power and RAM.
Of course, in a self-hosted or homelab environment, there would be little utility to running that many network or web services. It would be a neat experiment, though. Seems like the kind of thing that Linus Tech Tips would attempt.
Doesn’t need to be a “traditional” container. Modulo noisy-neighbour issues, wasm sandboxing could potentially offer an order of magnitude better density (depending on what you’re running; this might be more suited to specific tasks than providing a substrate for a general-purpose conpute service).
@gedhrel
wasm sandboxes can take IPs? Regardless, if we’re just talking density, I can put multiple IPs on a single interface or create a ton of virtual interfaces. That’s boring, though.
Absolutely. I use ipv6 so I can directly reach all my servers. For public facing things I put it on an ipv4 address but for my own internal stuff, ipv6.
Definitely dual stack if you do. The real benefit of IPv6 is that, supposedly, each of your internal devices can have its own address and be directly accessible, but I don’t think anyone actually wants all of their internal network exposed to the internet. My ISP provides IPv6, but only a single /128 address, so everything still goes through NAT.
Setting it up was definitely a learning process - SLAAC vs DHCP; isc’s dhcpd uses all different keywords for 6 vs 4, you have to run 6 and 4 in separate processes. It’s definitely doable, but I think the main benefit is the knowledge you gain.
Your ISP is doing it wrong, which I guess you already know. I get a /64 net via DHCPv6 for my LAN which is pretty standard.
+1 to dual stack. Too much of the internet is v4 only, missing AAAA, or various other issues. I’ve also had weird issues where a Google/Nest speaker device would fail 50% of the time and other streaming devices act slow/funky. Now I know that means the V6 net is busted and usually I have to manually release/renew. Happens once every few months, but not in a predictable interval.
Security is different, but not worse IMO. It’s just a firewall and router instead of a NAT being added in. A misconfigured firewall or enabling UPnP is still a bad idea with potentially worse consequences.
Privacy OTOH is worse. It used to be that each device included a hardware MAC as part of a statelessly generated address. They fixed that on most devices. Still, each device in your house may end up with a long lived (at least as long as your WAN lease time) unique IP that is exposed to whatever sites you visit. So instead of a unique IP per household with IPv4 and NAT, it’s per network device. Tracking sites can differentiate multiple devices in the house across sites.
This has me thinking I need to investigate more on how often my device IPv6 (or WAN lease subnet) addresses change.
I get a fat /48 network, just in case I need one septillion, two hundred and eight sextillion, nine hundred and twenty-five quintillion, eight hundred and nineteen quadrillion, six hundred and fourteen trillion, six hundred and twenty-nine billion, one hundred and seventy-four million, seven hundred and six thousand and one hundred and seventy-six individual IPs.
IPV6 is pretty wild, we could effectively give every service connecting to every client, in every direction, for every single individual bit its own dedicated address without getting anywhere near using that address space.
And the biggest disadvantage of IPv6 is that each of your internal devices has its own address and can be directly accessible from outside. So you need to completely rethink how you do security.
Isn’t that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.
You don’t need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.
With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.
Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can’t identify you and try to connect back to your ip with a port scanner etc.
All the benefits of nat with none of the drawbacks.
And can be identified/tracked individually by outside entities. In IPv4, a website sees both my device and my kid’s device as the same IP. In IPv6 they’re different so this just provides more ways for them to track you.
First of all they use much more than the device IP to identify individual devices. IPv4 is no longer all that useful for identification with things like CGNAT being common.
But with IPv6 they’ll see my device IP, then they’ll see the same device with completely different IP, then again. Same for my kid’s device. But again, all of the above applies. It is a concern, but there are much better ways of tracking you anyways.
There’s a pretty interesting series on the topic at Tall Paul Tech’s YouTube channel (here’s the most recent: https://youtu.be/WFso88w2SiM). He goes into quite a bit of detail over the course of a few videos about how he handled everything and highlights some of the trials and tribulations with the isp. It’s not a guide per se, but definitely stuff worth thinking through.
The server I have with ovh has ipv6 setup, but only 1 of my VMS on it has an address. It’s a lot harder to get your head around then it looks, no NAT. Firewall everything
I tried converting my internal and external self hosted setup to IPv6 only, like it’s the trend nowadays. But halfway through it I couldn’t really see the point
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
IPv6 is the future so I’d say yes. Dual stack is the way to go. If you can get public address block from your ISP thats great. If not I’d recommend HE tunnel or something similar. Just remember to firewall as ever device is reachable in most configurations.
deleted by creator
Dual-Stack is usually no problem, but going IPv6-only is a pain, because a suprising amount of services are v4 only. Even NAT64/DNS64 doesn’t help everywhere.
No, I like living in my nat cocoon so I don’t have to worry as much about all the devices on my network. Jk it’s turned on, but I don’t usually enable it on devices
Get a firewall. Malicious STUN, ALG DoS attacks, just these things make your NAT router less secure than you think it is.
NAT is not a security feature.
Thank you!!
If you don’t want your devices to be accessible from the internet, you want a firewall. Treating NAT like a firewall is a bad idea.
But still, if I understand correctly, with NAT you can just use one firewall for your router and with IPv6 you’d need a firewall for each of your devices. This seems like a lot more to manage, right? But maybe I still don’t understand the concept of IPv6.
Edit: Apparently I don’t understand the concept of IPv6.
That’s not correct, but it shouldn’t preclude you from applying defence in depth.
Firewall and NAT are separate concepts. You can still have a firewall on your router when using IPv6. I don’t know how many consumer-grade routers handle it well though.
I’m lazy and don’t want to remember more than three digits in an IP address or secure all my devices like they’re publicly routable so I’m sticking with IPv4
You could assign short addresses like fd00::1
The number of short IPv6 addresses is smaller than the number of IPv4 addresses, so that’s defeating the entire purpose of IPv6. Sooner or later you have to start using the long addresses.
At home? No! Or use fd00::1:1 or fd00::1:1:1
Same, so I use DNS and a firewall.
You mean like
~/.ssh/config?Setup mDNS and you don’t have to remember IP addresses anymore.
ssh [email protected]is thousand times better to memorise.Thank you! I just want to say, I’ve also been curious about ipv6 every now and again for a long time, and this thread has helped me to understand more.
The possibility to have your packets passed through a shorter route compared to IPv4 packets is worth it imo. I have 280 ms ping to the US and I can cut it down to ~250ms by routing my traffic via certain countries with vpn. I really hope widespread IPv6 deployment would optimize global internet routing so my latency would improve even if just a few ms so I don’t need to use VPN to override my route manually.
Maybe a silly question: any ideas why there are shorter routes using IPv6?
Thanks! Is there something about the larger area space which means there are fewer hops?
I suspect it’s more like the workaround used by network operators to scale up IPv4 to serve billions of users necessitate more and more layer of nodes to route your packets through.
There’s another question: will we ever actually run out of IPv4 addresses, so that cloud providers and ISPs no longer offer them?
we already did, quite a while ago actually
That’s already happened, which is why some ISPs use CGNAT. CGNAT is “carrier-grade NAT” which means the internet provider does NAT on their network.
Only having CGNAT with no IPv6 is a pain since you can’t do any port forwarding. It’s double-NAT which slows things down a bit (you use NAT on your network, then your ISP uses NAT on their network).
Some cloud providers also have IPv6-only servers for cheaper. IPv4 address are still available but the price to acquire them is significantly higher than it used to be.
Ah, I never encountered that. I see. Is it mostly in remote areas?
I’m all for IPv6, it’s just that there’s always something extra you have to do to set it up.
Living in the APNIC region, we are kinda notorious for being the first region to run out of IPv4 addresses.
The top 3 mobile ISPs in my country here have been doing CGNAT since at least 2014. Cable ISPs are limiting public IPv4 according to plans since at least 2017, i.e. if the download speed of your plan is below 200Mbps , you get CGNATed.
We are severely out of IPv4 addresses.
Not sure which country you’re in, but CGNAT is pretty common in some European countries. ARIN had a larger stockpile of IPv4 addresses than APNIC and RIPE, so CGNAT is less common in the USA and Canada. The US is also generally further ahead in terms of IPv6 rollout compared to other countries. One of the largest ISPs, Comcast, has been IPv6-enabled for over 10 years.
You’ve very likely already encountered it if you have a device with a SIM card! Most any mobile provider routes via a CGNAT - it’s exceedingly rare for phones to have public IPs.
It’s really common in cellular connections as well as smaller regional ISPs. I work for a rural fiber co-op with about 50,000 members/customers and we do CGNAT for all our members by default because we only have about 36,000 IPs allocated to us. We also have full ipv6 support as well with every customer getting a /56.
To get a big enough block for all our enterprise/business/residential customers to do 1:1 NAT for ipv4 would probably require an entire /16 which costs somewhere in the neighborhood of 2 million dollars last I checked. And even then we would eventually run out because we are constantly expanding to cover rural areas that have been ignored for decades by the big ISPs. Right now if a member needs a static or routable we just charge 10$ a month, and we have enough in reserve for all our members to operating like this likely until the entire internet abandons ipv4.
Why do some ISPs charge a monthly fee and others a one off fee? I paid one off with my ISP several years ago for my static IPv4.
Honestly I don’t have a good answer for that. The ones who charge a one time fee are honestly being pretty generous (depending on the price you paid) considering there are yearly dues to ARIN/RIPE/APNIC/etc for IP allocations depending on their aggregate block size as well as the fact that IPs are generally very valuable right now, and go up in value depending on the block size.
If they have a legacy registration they also don’t have to pay those dues, though the downside is they don’t get the newer features like RPKI without signing a LRSA/RSA (and therefor paying those dues) and getting their routes certified. Usually doesn’t cause an issue as not many peers drop unvalidated BGP prefixes on IPv4.
That being said, if your ISP has been in the game for decades, they probably have owned their blocks for decades and got them for pennies on the dollar when ARIN and other registries were handing out IP addresses like candy. I know the last /24 my company had to buy cost us somewhere in the neighborhood of $14,000 when it was all said and done, and that was just for 256 IPs.
Eventually IPv4 addresses will become so prohibitively expensive, that is what will eventually push mass IPv6 adoption on the ASN side of things.
Thank you that was really informative. I paid <$50 for my IP address in 2015. My ISP has been around since 1990 so I suppose they may have been one of the lucky companies. Not sure if they do RPKI, first I’m learning of it. Maybe they’re cross subsidizing from other areas of the business. Their monthly fibre fee isn’t the most competitive but the service is reliable and haven’t had anything to complain about.
They are a little behind in speeds though. They only offer 900mbps asymmetrical max, while you can get 2, 4 and 8gbit in my area from other providers. I don’t need that kind of speed so I’m happy for now.
$50 one time is a great price. We charge our members $10 a month if they request a static. We’re also a not for profit coop, so all that money gets either dumped back into network infrastructure and expansion plans, or capital credits for our members.
deleted by creator
For LAN, no. If you have a router NAT’ting traffic and providing DHCP service there’s really no need for ipv6. Almost every ipv6 enabled service provides both 6 and 4 usually and NAT figures it out, and many still provide only 4, meaning you can’t just get rid of ipv4 entirely.
If your ISP has modernized and is actually providing an ipv6 address, I suppose there’s probably a tiny benefit of being able to go ipv6>ipv6 when routing, bust most all devices nowadays can handle NAT translation from ipv4 to ipv6 and vice versa with no routing penalty. I don’t know if there are any ISP’s out there who can provide static ipv6 addresses without a NAT router to your entire LAN though.
If you’re buying a vps or something ipv6 is easier to get a static address for.
That of course leaves the last good reason: why not? If you’re doing homelab hosting stuff why not experiment with ipv6 and fully modernize your network. They suck to type in but it’s fun to know your stuff is brand new and using the “best”.
I have currently an issue with a WebRTC SFU not working behind a IPv6 to IPv4 translation, at least I suspect that is the cause.
There aren’t many benefits from using IPv6 on LAN, as far as I can tell, unless you need more addresses than are available in the private address ranges.
And that point you’re not in a home, you’re in a data center lmao
I mean, if you have around 17 million containers running services, maybe.
@BaldProphet
What’s the smallest container around? How much RAM would that take?
edit: FROM scratch let’s you run bare binaries on Docker.
Would be very interesting to see how far that could get. What sort of payload/task would be interesting for all those containers?
@Sandbag @bdonvr
It’s definitely an interesting hypothetical. Some homelabs that I’ve seen run crazy enterprise gear and are certainly capable of running thousands of very small containers, while others are running repurposed consumer equipment or SBCs like Raspberry Pis with less computing power and RAM.
Of course, in a self-hosted or homelab environment, there would be little utility to running that many network or web services. It would be a neat experiment, though. Seems like the kind of thing that Linus Tech Tips would attempt.
Doesn’t need to be a “traditional” container. Modulo noisy-neighbour issues, wasm sandboxing could potentially offer an order of magnitude better density (depending on what you’re running; this might be more suited to specific tasks than providing a substrate for a general-purpose conpute service).
@gedhrel
wasm sandboxes can take IPs? Regardless, if we’re just talking density, I can put multiple IPs on a single interface or create a ton of virtual interfaces. That’s boring, though.
Yes. The sandbox gets whatever capabilities you expose to it.
Depends on how you define “worth it”. Most selfhosting is done not for worth, but for a hobby.
Hobbies are often worthwhile. Maybe not financially, but often psychologically.
Some times not financially or psychologically, and they also make my wife mad when I fat finger some config.
Absolutely. I use ipv6 so I can directly reach all my servers. For public facing things I put it on an ipv4 address but for my own internal stuff, ipv6.
Definitely dual stack if you do. The real benefit of IPv6 is that, supposedly, each of your internal devices can have its own address and be directly accessible, but I don’t think anyone actually wants all of their internal network exposed to the internet. My ISP provides IPv6, but only a single /128 address, so everything still goes through NAT.
Setting it up was definitely a learning process - SLAAC vs DHCP; isc’s dhcpd uses all different keywords for 6 vs 4, you have to run 6 and 4 in separate processes. It’s definitely doable, but I think the main benefit is the knowledge you gain.
Your ISP is doing it wrong, which I guess you already know. I get a /64 net via DHCPv6 for my LAN which is pretty standard.
+1 to dual stack. Too much of the internet is v4 only, missing AAAA, or various other issues. I’ve also had weird issues where a Google/Nest speaker device would fail 50% of the time and other streaming devices act slow/funky. Now I know that means the V6 net is busted and usually I have to manually release/renew. Happens once every few months, but not in a predictable interval.
Security is different, but not worse IMO. It’s just a firewall and router instead of a NAT being added in. A misconfigured firewall or enabling UPnP is still a bad idea with potentially worse consequences.
Privacy OTOH is worse. It used to be that each device included a hardware MAC as part of a statelessly generated address. They fixed that on most devices. Still, each device in your house may end up with a long lived (at least as long as your WAN lease time) unique IP that is exposed to whatever sites you visit. So instead of a unique IP per household with IPv4 and NAT, it’s per network device. Tracking sites can differentiate multiple devices in the house across sites.
This has me thinking I need to investigate more on how often my device IPv6 (or WAN lease subnet) addresses change.
I get a fat /48 network, just in case I need one septillion, two hundred and eight sextillion, nine hundred and twenty-five quintillion, eight hundred and nineteen quadrillion, six hundred and fourteen trillion, six hundred and twenty-nine billion, one hundred and seventy-four million, seven hundred and six thousand and one hundred and seventy-six individual IPs.
IPV6 is pretty wild, we could effectively give every service connecting to every client, in every direction, for every single individual bit its own dedicated address without getting anywhere near using that address space.
And the biggest disadvantage of IPv6 is that each of your internal devices has its own address and can be directly accessible from outside. So you need to completely rethink how you do security.
Isn’t that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.
You don’t need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.
With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.
Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can’t identify you and try to connect back to your ip with a port scanner etc.
All the benefits of nat with none of the drawbacks.
And can be identified/tracked individually by outside entities. In IPv4, a website sees both my device and my kid’s device as the same IP. In IPv6 they’re different so this just provides more ways for them to track you.
First of all they use much more than the device IP to identify individual devices. IPv4 is no longer all that useful for identification with things like CGNAT being common.
But with IPv6 they’ll see my device IP, then they’ll see the same device with completely different IP, then again. Same for my kid’s device. But again, all of the above applies. It is a concern, but there are much better ways of tracking you anyways.
That’s the reason for rcf 4941. It randomises the host part of your IPv6 address.
https://datatracker.ietf.org/doc/html/rfc4941
There’s a pretty interesting series on the topic at Tall Paul Tech’s YouTube channel (here’s the most recent: https://youtu.be/WFso88w2SiM). He goes into quite a bit of detail over the course of a few videos about how he handled everything and highlights some of the trials and tribulations with the isp. It’s not a guide per se, but definitely stuff worth thinking through.
Here is an alternative Piped link(s): https://piped.video/WFso88w2SiM
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
The server I have with ovh has ipv6 setup, but only 1 of my VMS on it has an address. It’s a lot harder to get your head around then it looks, no NAT. Firewall everything
I tried converting my internal and external self hosted setup to IPv6 only, like it’s the trend nowadays. But halfway through it I couldn’t really see the point