Hello jlifers,
Reaching out to the local networking wizards.
Life used to be easier, until I moved to a provider (おてがる) that only supports JPNE specific V6Plus protocol (MAP-E / IPoE / IPv4 over IPv6). Now all is well, except that I don’t have a static IP, and can’t make my home server visible/available outside. The stock TP-link router also does not allow firewall configuration, thus even the ipv6 home server is not accessible. For a static IP, they charge 4000 JPY/month…
From what I learned, openwrt supports ipv6 firewall tinkering. Already spent some time trying to make it work and started ripping my hairs out – can browse ipv6 websites, but not the normal ones.
Am I even doing this right? Should I leave the working stock TP-link setup, and instead setup another router to tunnel traffic through VPN on dedicated paid VPS?
7 comments
I think you can use cloudflare tunnels to expose your server even with ipv6 and dynamic IP. That way you can just leave the ISP router
Japan internet in a nutshell. Such as weird country so modern in some aspects and pretty much the entire country is covered by fiber yet it’s so bad. My current provider also uses JPNE V6Plus and i have their static IP address option.
I found it not worth it because it still uses pppoe and when congestion time hits it still goes to shit.
You want your server accessible outside of home network? Or you want server accessible within home network?
Home network topology also might help.
I also have jpne now and my ipv4 never changes. Even though not officially static. But ports are limited so you can’t run server on traditional ports like port 80. Behind ISP provided router I use Asus as dhcp.
[AsahiNet](https://www.asahi-net.jp/en/service/option/fixedip/) charges 880 yen for static IP.
Needs a bit of work and knowlege, but buy a rasperrypi and install tailscale(or use your NAS and install tailscale).
It’s a VPN Software and works great on my ipv6+ network and costs no fees.
It should also work even if your server is under a private IP (such as a mobile network like Docomo).
This means you don’t need to have any static IP.
No need to open ports of your router either, so it seems secure than other VPN Softwares.
Here are some [examples](https://yama-mac.com/tailscale/)
Why do you need firewall on IPv6? Just put a hub between ONU and the rest of your network, or setup tplink (or whatever you have) to do ipv6 bridging, then everything will be on (dynamic but really so static my stuff haven’t changed in years) ipv6 addresses.
register for a free dns.he.net account so you don’t have to remember long ass v6 addresses, add all your devices to DNS and off you go.
All my devices I need to access externally are on V6 and I can get to them from anywhere in Japan, easily. IIJMio supports ipv4/ipv6 access point for mobile data.
There are methods to open a specific port range on your IPV4 address via Map-E. First, you type your ipv6 address here: http://ipv4.web.fc2.com/map-e.html
And it gives you a range of ports that would be forwarded to the matching IPV4 address. You can decide which ones to use for what, they will all be in some high range above 4096 below 65k.
You can then register your ipv4 dynamic address to some dyndns provider (I think dns.he.net also supports this, but I never tried).
So if you wanted to access say remote desktop at 3389, you’d setup a port mapping from say 38890 (or whatever available ports you have from that map-e website), redirected to 3389 @ whatever local IP on your lan.
The only annoyance is not being able to bind to specific ports but eh, not a big deal really.
edit:clarity about forwarding ports to IPV4, initially it sounded like I was talking about forward to V6. V6 is of course, by default, wide open and any ports can be accessed.