On Wednesday, June 7, 2017 at 6:22:30 PM UTC-4, pixel fairy wrote: > https://ipv6.he.net/certification/faq.php > > it should work if the nat supports ip protocol 41, which most do. > > worst case you would have to make a layer 2 vpn to some outside host and do > it from there. openvpn can do this. but remember youd have to run that vpn in > the appvm. thats another rabbit hole. this is probably another hole, but you > only have to figure it out once.
as basic security the first thing I've always done to harden a box is to disable ipv6. most sane windows and ubuntu hardening guides will have that as the very first suggestion. I'm sure there is many reasons but for me its just the simple fact that things can leak/tunnel through cause not everything is designed to monitor ipv6 yet. Some firewall programs I use for example do not support ipv6. Also It is also noisier on logs for admins that can eyeball. Also sometimes its not just your endpoint that can be misconfigured but some remote host you are connecting to. Basically what you want to do I consider a security risk. My ISP also does not use ipv6 and I have no need for it either, unless just for some experimentation and learning. But i'm no expert and obviously you have your reasons and you should be able to do what you want. I just hope its not enabled by default... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6d734f2-0926-4cfa-9ef2-b8ec1001e800%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
