Another IPv6 Spotting
I frequent my neighborhood coffee shop in SF called The Brew. Just today I noticed that their ATT WiFi now hands out a 2602:302::/64 IPv6 address. Cool.
Running test-ipv6.com shows that it’s using a 6RD tunneling mechanism to accomplish this over IPv4. Almost as good as native and I’ll take it.
Surprise for VPN peoples
A number of my friends run VPNs and assume they are ‘safe’ at coffee shops. That is to say safe from sniffing of non TLS traffic and consider NAT as a firewall. If they get an IPv6 address that’s potentially not true and their IPv6 services may be public to the entire Internet by accident.
We’re one step closer to the death of NAT, and I can’t wait. I’ve been trying to find time to add IPv6 support to my Docker OpenVPN image despite Digital Ocean’s best efforts to make this difficult by not allocating a proper prefix. As for actually wrangling iptables firewall rules, FirewallD seems to be the most compelling solution I’ve ever seen.