On Wed, Jun 07, 2017 at 09:39:30AM -0300, Franz wrote:
> On Wed, Jun 7, 2017 at 8:53 AM, pixel fairy <[email protected]> wrote:
>
> > On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote:
> >
> > > If anybody could find/link/remember the reasons why IPv6 was explicitly
> > > discarded in a first moment I'd like to re-read that...
> >
> > heres the last thread i know of on the subject, https://groups.google.com/
> > forum/?hl=en#!topic/qubes-devel/9WtBiQXvCOY
> >
> > i believe the current plan is to nat ipv6, probably in v4.
> >
> > you could probably do the same today from a proxyvm, which should work
> > similarly to using one for a vpn. you would also have to set your ipv6
> > firewall rules in this, or another proxyvm chained to that.
> >
> >
> Thanks. That is interesting. Once I set up a proxyvm for vpn and it was
> working, but I was following some instructions. What I would need is to
> leave an appVM open without nat, without firewall, just as it would be with
> a standard non-Qubes linux distribution with IPv6 working. Any idea how to
> do that?
> Best
> Fran
>
If you search the archive for cjdns, you'll find a thread where someone
did have IPv6 working. One issue is sorting the ip6tables, but this is
quite straight forward.
On reasons why IPv6 isnt yet implemented, there are various remarks.
Back in February Marek said:
<quote>
We're not considering having directly-addressable IPv6 VMs by default
(maybe an optional feature, but not sure if even that).
When we'll implement IPv6 support, it will also use NAT. There are many
reasons for that:
- not expose VMs to external traffic by default (even in case of some
firewall error, not allow directly address particular selected VM)
- not leak (or at least make it harder to guess) information about
source VM / number of them (or even the fact of using multiple VMs)
- not reconfigure every VM when user switch to a different network,
including plugging in VPN services etc
- the above is especially important in case of some privacy use
cases, to not leak "real" address to the VM
</quote>
unman
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170607133734.GA1448%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.
