Most active commenters
  • daneel_w(4)
  • xyzzyz(3)

←back to thread

Using the Internet without IPv4 connectivity

(jamesmcm.github.io)
296 points jmillikin | 19 comments | 29 Jun 25 08:23 UTC | HN request time: 0.834s | source | bottom
1. throw0101c ◴[29 Jun 25 11:56 UTC] No.44412375[source]
If anyone wants to try / use IPv6, but their ISP does not provide it, Hurricane Electric (HE) has offered a tunnel service for many years now:

* https://tunnelbroker.net

* https://ipv6.he.net

There are scrips available to bring up a tun device on your system (or router) and route traffic over it:

* https://fedoraproject.org/wiki/IPv6_tunnel_via_Hurricane_Ele...

* https://brandonrozek.com/blog/obtaining-ipv6-address-hurrica...

* https://wiki.dd-wrt.com/wiki/index.php/IPv6_setup_Hurricane_...

* https://forum.mikrotik.com/t/auto-update-script-for-hurrican...

* https://docs.rockylinux.org/guides/network/hurricane_electri...

replies(4): >>44412504 #>>44412674 #>>44412681 #>>44413969 #
2. daneel_w ◴[29 Jun 25 12:19 UTC] No.44412504[source]
Happy "customer" here. I've been using their free 6in4 tunnel through OpenBSD for about five years and have had no mentionable problems. I configure mine solely with OpenBSD's network interface files, e.g. /etc/hostname.gif0:

  tunnel <my current IPv4> <HE's IPv4 endpoint>
  inet6 <my desired IPv6 address> 128 alias <HE's IPv6 gateway>
  !route -n add -inet6 default <HE's IPv6 gateway>
I use the connectivity to reach a cluster of VPSes in AWS deliberately set-up without public IPv4 addressing, which would otherwise represent a large part of the monthly costs because of buttholes like Jeff Bezos actively monetizing IPv4 address space.
replies(1): >>44412736 #
3. jeroenhd ◴[29 Jun 25 12:45 UTC] No.44412674[source]
One annoying caveat with these is that for streaming services, you will need to figure out how to disable those tunnels, because they're blocked as if they're VPNs for getting around region restricted content blocks.

Still works great, though. Thanks to the power of RAs, you can get all of your devices hooked up with an IPv6 address even if your router doesn't support HE tunnels, just have any device in your network advertise a /64 and it'll become an IPv6 router (assuming your router doesn't filter out RAs for security reasons).

Very useful for hosting stuff from within your home network without actually needing to mess with port forwarding rules.

4. pQd ◴[29 Jun 25 12:46 UTC] No.44412681[source]
aspect worth noting: up to my knowledge HE's tunnel will work only if you're assigned public IPv4 by your ISP. if you're behind a carrier grade NAT - too bad, you'll need to use another solution to get IPv6 to your home.
replies(2): >>44413039 #>>44414087 #
5. cebert ◴[29 Jun 25 12:53 UTC] No.44412736[source]
> because of buttholes like Jeff Bezos actively monetizing IPv4 address space.

IPV4 addresses are finite and rapidly being depleted. What other solution do you have to manage demand of a finite resource other than charging for it?

replies(1): >>44412940 #
6. daneel_w ◴[29 Jun 25 13:20 UTC] No.44412940{3}[source]
My stance is that common connectivity shouldn't cost an additional $3.70 a month on top of already egregious traffic costs. The price per IP today is about $30. The lifetime of the investment is infinite and upkeep is in the grand scheme of things nothing. The markup profit is insane. It's a new behavior, pure usury, seizing an opportunity to profit on a crisis. To offer some contrast (without getting into the sizes of their respective turfs) Oracle doesn't charge a dime.
replies(1): >>44413013 #
7. xyzzyz ◴[29 Jun 25 13:33 UTC] No.44413013{4}[source]
We are in crisis precisely because nobody charged for IPv4 addresses in the past, and so overwhelming majority of those are wastefully allocated. What you want would exacerbate the crisis.
replies(1): >>44413051 #
8. Abekkus ◴[29 Jun 25 13:36 UTC] No.44413039[source]
Strange. This sounds like something Hurricane Electric specifically limited. There’s nothing in CGNAT that would naturally break such a tunnel
replies(2): >>44413126 #>>44413489 #
9. daneel_w ◴[29 Jun 25 13:38 UTC] No.44413051{5}[source]
We're in this crisis because we failed to anticipate the explosive growth of the Internet. It took a bit into the 2000s until we stopped doling out generously oversized networks to everyone who asked. Vetting the need would've been the right requirement. Shutting the door for organizations with not enough money would've hampered progress.
replies(2): >>44413085 #>>44415040 #
10. xyzzyz ◴[29 Jun 25 13:41 UTC] No.44413085{6}[source]
Yes, and why did people ask for these oversized networks? That’s right, because addresses were free.
replies(1): >>44413213 #
11. TechDebtDevin ◴[29 Jun 25 13:46 UTC] No.44413126{3}[source]
I use tunnels all day like this with cgnat on multiple devices.
12. daneel_w ◴[29 Jun 25 13:58 UTC] No.44413213{7}[source]
That's a depressingly shallow knee-jerk-y way of reasoning around something so fantastically open as the Internet... You're offering the deplorable solution of "let the money vote" instead of reason and restraint. The consequence if we had asked for money from the get-go would've been a corporate-ruled scenario where connectivity and Internet foothold were primarily in the hands of the businesses that had the most money. Smaller businesses, and non-profits in particular, would effectively have been shut out and innovation and growth in the Internet's most sensitive phase would have suffered greatly.
replies(2): >>44413548 #>>44418736 #
13. pQd ◴[29 Jun 25 14:34 UTC] No.44413489{3}[source]
HE is using plain stateless IPv6 in IPv4 tunnel - it's neither TCP nor UDP, it's not NAT'able.

it's relatively simple for them to implement [ the stateless part ] but due to that puts some requirements on the party establishing the tunnel.

14. xyzzyz ◴[29 Jun 25 14:41 UTC] No.44413548{8}[source]
The fact of the matter is that “let the money vote” works much better than alternatives. “Reason and restraint” is precisely how we got to where we are.
replies(1): >>44415604 #
15. toast0 ◴[29 Jun 25 15:40 UTC] No.44413969[source]
Hurricane Electric is great, but as more and more people have ISP provided IPv6, 'normal' users leave the tunnels, and network services have been flagging he.net tunnels as abuse.

I had to stop using ipv6 for most of my network because too many sites decide to put up barriers or simply refuse to work.

16. Shadowmist ◴[29 Jun 25 15:56 UTC] No.44414087[source]
Go Fiber (Shentel) is one such ISP, and they will gladly switch you to a public IP for no cost if you contact their support. Sadly they don’t support IPv6 yet.
17. homebrewer ◴[29 Jun 25 18:04 UTC] No.44415040{6}[source]
Don't worry, we've learned nothing and will repeat the same mistake with IPv6:

https://news.ycombinator.com/item?id=42671847

https://www.theregister.com/2024/12/06/apnic_huawei_ipv6/

18. wizzwizz4 ◴[29 Jun 25 19:24 UTC] No.44415604{9}[source]
Have you looked at the state of the world? "Let the money vote" works better than "let anyone just commandeer the finite resource, but only once", if nobody immoral enough to exploit it learns about vulnerabilities in your system.

If I can use my money to vote for "give me more money" at a profit, and I have no qualms about doing so, then I win – and if we play multiple such games with the same money, then we end up with a situation that's worse than "let anyone commandeer the resource".

19. strogonoff ◴[30 Jun 25 02:43 UTC] No.44418736{8}[source]
The world is not black and white, and paid service can easily coexist with subsidized service. There are many examples of “it costs you $XX but ask us if you need it badly” policies. The best varieties probably do some degree of vetting (because otherwise would slightly defeat the point or make it impractical, especially while LLMs are cheap enough that anyone can use one to write a convincing tear-jerker) and have objective criteria.

I haven’t thought enough to say whether it makes sense for specific cases like IP address allocation, though.