this post was submitted on 01 Dec 2025
43 points (100.0% liked)

Selfhosted

53285 readers
1030 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
43
Are there any VPNs that support dedicated IPv6 addresses? (ttrpg.network)
submitted 1 day ago by vextuu@ttrpg.network to c/selfhosted@lemmy.world
17 comments fedilink hide all child comments
top 17 comments
sorted by: hot top controversial new old
[–] litchralee@sh.itjust.works 10 points 1 day ago* (last edited 1 day ago)

You might also try asking on !ipv6@lemmy.world .

Be advised that even if a VPN offers IPv6, they may not necessarily offer it sensibly. For example, some might only give you a single address (aka a routed /128). That might work for basic web fetching but it's wholly inadequate if you wanted the VPN to also give addresses to any VMs, or if you want each outbound connection to use a unique IP. And that's a fair ask, because a normal v6 network can usually do that, even though a typical Legacy IP network can't.

Some VPNs will offer you a /64 subnet, but their software might not check if your SLAAC-assigned address is leaking your physical MAC address. Your OS should have privacy-extensions enabled to prevent this, but good VPN software should explicitly check for that. Not all software does.

[–] DundasStation@lemmy.ca 5 points 1 day ago (5 children)

I'm not too familiar with VPNs that offer IPv6 addresses, so I can't help with that. But I'm curious about why some people want IPv6 addresses. Are there any benefits to having an IPv6 address?

[–] litchralee@sh.itjust.works 11 points 1 day ago* (last edited 1 day ago) (1 children)

https://ipv6now.com.au/primers/IPv6Reasons.php

Basically, Legacy IP (v4) is a dead end. Under the original allocation scheme, it should have ran out in the early 1990s. But the Internet explosion meant TCP/IP(v4) was locked in, and so NAT was introduced to stave off address exhaustion. But that caused huge problems to this day, like mismanagement of firewalls and the need to do port-forwarding. It also broke end-to-end connectivity, which requires additional workarounds like STUN/TURN that continue to plague gamers and video conferencing software.

And because of that scarcity, it's become a land grab where rich companies and countries hoard the limited addresses in circulation, creating haves (North America, Europe) and have-nots (Africa, China, India).

The want for v6 is technical, moral, and even economical: one cannot escape Big Tech or American hegemony while still having to buy IPv4 space on the open market. Czechia and Vietnam are case studies in pushing for all-IPv6, to bolster their domestic technological familiarity and to escape the broad problems with Business As Usual.

Accordingly, there are now three classes of Internet users: v4-only, dual-v4-and-v6, and v6-only. Surprisingly, v6-only is very common now on mobile networks for countries that never had many v4 addresses. And it's an interop requirement for all Apple apps to function correctly in a v6-only environment. At a minimum, everyone should have access to dual-stack IP networks, so they can reach services that might be v4-only or v6-only.

In due course, the unstoppable march of time will leave v4-only users in the past.

[–] pHr34kY@lemmy.world 2 points 19 hours ago

Telstra (Australia's largest telco) now provides IPv6-only to mobile handsets by default. They've deployed 464XLAT.

[–] pHr34kY@lemmy.world 4 points 20 hours ago* (last edited 19 hours ago)

The main benenfit is not having to deal with NAT. You get your own address and your traffic is not conflated with other people's.

You also get privacy extensions. Your device generates a temporary address for making outgoing connections. The address has no listening sockets. This means that you cannot get portscanned by every website you visit.

You don't need to try and figure out your external IP address. There's no differentiation between internal/external addresses. They're all global, as the internet was intended.

You can throw as many IP addresses on an interface as you want. If you want to run two web servers from one machine, you can have multiple addresses with different services on port 443.

[–] hendrik@palaver.p3x.de 2 points 1 day ago* (last edited 23 hours ago)

One thing I did is connect to the smart home (Home Assistant) and the NAS running at home. Some internet service providers don't provide proper IPv4 addresses any more so IPv6 is the most convenient way to connect. This doesn't require a VPN provider, though.

[–] devfuuu@lemmy.world 1 points 23 hours ago

There are some services that you can host cheaper with ipv6 only without having to buy and attach an external ipv4 address for example. I've been thinking of doing that for fun.

[–] vextuu@ttrpg.network -1 points 23 hours ago (1 children)

I'm not an expert, so somebody may be able to give better responses.

It looks like IPv6 addresses have access to all 65,000 ports, whereas IPv4 addresses need to 'forward' them. I don't know about other VPNs, but the one I'm using only allows forwarding 1 port at a time and I don't get to choose it.

With IPv6, I hope to be able to have multiple ports open to make it easier to host multiple services.

[–] Brkdncr@lemmy.world 1 points 23 hours ago (1 children)

Port forwarding is a function of NAT. It’s only needed because there aren’t enough ipv4 addresses for every device, so in most networks a lot of devices share a single ip and specific ports are forwarded to specific internal hosts

IPv6 has a large enough address space that this isn’t needed. You can still do it if you want. But mostly you just need a firewall without any NAT.

There’s more to it than this but you should get the idea.

[–] vextuu@ttrpg.network 0 points 23 hours ago (1 children)

That's great and all, but how does it help with VPNs only forwarding one port?

[–] Brkdncr@lemmy.world 3 points 22 hours ago (1 children)

You responded to a question with an incorrect answer. I was correcting that.

VPNs shouldn’t need to forward any ports when using ipv6. They can provide an entire ipv6 subnet to you.

[–] vextuu@ttrpg.network 1 points 22 hours ago

Ok, just making sure.

[–] irmadlad@lemmy.world 2 points 1 day ago

NordVPN I believe. Also AzireVPN owned by Malwarebytes. Some others do for a fee.

[–] i_am_not_a_robot@discuss.tchncs.de 2 points 21 hours ago

Are you looking for a VPN or are you looking for an IPv6 tunnel broker like Hurricane Electric?

[–] irmadlad@lemmy.world 2 points 5 hours ago

From what I've read, he primary concern with VPNs that do not support IPv6 is leakage. If a user’s device tries to access an IPv6 resource while connected to a VPN that only routes IPv4 traffic, the IPv6 packets can escape the VPN tunnel. This exposes the user's real IP address to external servers, undermining the privacy that the VPN is supposed to provide. Some servers have moved to strictly IPv6. Some servers only accept IPv4.

Some of you networking gods set me straight.

[–] SteveTech@aussie.zone 1 points 20 hours ago (1 children)

If you just want an IPv6 prefix and don't need the encryption a VPN provides, you can use an IPv6 broker. Hurricane Electric's broker is a popular one.

[–] vextuu@ttrpg.network 1 points 10 hours ago

Thanks. I need encryption so that I can host anonymously.