On 16.07.2014 22:41, Gui Iribarren wrote: > On 16/07/14 16:21, Bill Moffitt wrote: >> However, for the moment, I would argue that the "rightness" of following >> expected behavior is greater than the "rightness" of delivering the true >> "end-to-end" nature of v6. > > At least Swisscom (according to Baptiste) and TP-Link seem to have > solved the dilemma by defining "expected behaviour" = the true > end-to-end nature of v6 :P hurray! >
End-to-End communication without firewalls in routers is important for some users (myself included) If expected behaviour seems to differ one could check IETF RFCs or drafts 6092: Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service: http://tools.ietf.org/rfc/rfc6092.txt 6204: Basic Requirements for IPv6 Customer Edge Routers http://tools.ietf.org/rfc/rfc6204.txt Checking OpenWrt against these or against some proposed consumer certifications like https://www.ipv6ready.org/?page=documents&tag=phase-2-cpe and a testsuite http://interop.ipv6.org.tw/CERouter/ Possibly there were discussions about ipv6 and firewall settings, end-to-end on home routers ("CPE") on NANOG or other NOG mailing lists AFAICT OpenWrt does not have some of these "sane" defaults enabled to quote 6092: "IPsec transport and tunnel modes are explicitly secured by definition, so this document recommends that the DEFAULT operating mode permit IPsec." Possibly connected with the firewall issues are the state tracking tables. Bittorrent use case: https://dev.openwrt.org/ticket/16938 requests NOTRACK documentation And IPv6 privacy extensions might increase tracking tables too if a shorter lease time is used. PS: Checking and updating the wiki might be nice regarding IPv6 capabilities from RFCs. I began adding some pages regarding new features mentioned in the changelog, linking from http://wiki.openwrt.org/doc/barrier.breaker Some short use cases / commandlines / guide links from people that developed and tested these features (and list of/if additional hw/software used) would be very helpful. _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
