I don't see a bug here. And no patches. And still no code. Only plenty of tl;dr. I think the only thing we can do is to agree to disagree.
> On 18 Jan 2017, at 12:21, Peter Dolding <[email protected]> wrote: > >> On Wed, Jan 18, 2017 at 4:11 PM, Dan Lüdtke <[email protected]> wrote: >> Two things I have not seen so far: >> - government regulations that enforce NAT >> - ISPs (let alone carriers) "upgrading" their networks to ipv6 nat (i myself >> have run both, isp + carrier networks, and i call BS on your future outlook >> regarding nat ipv6) >> - code from you in this thread >> > https://en.wikipedia.org/wiki/Internet_censorship > When you start looking into countries that are red in the "World map > showing the status of YouTube blocking" you will find some of those > its mandatory to have a NAT between ISP and open internet even for > IPv6. Yes the area of infect users is currently small. But when you > look a countries implementing more regulations we cannot be sure how > small this will remain. > > I would say your outlook is wishful thinking that is willing to ignore > about 10 percent of the users on the internet who don't have well > behaved Carriers or Governments. > > So Dan you are doing a works for me arguement what is the most invalid > arguement to-do in many cases. Its lets sweep a bug under a carpet > and not consider it. > > The problem is the type of NAT used. > https://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT > > Symmetric NAT this nicely randomises what address users behind it are > coming from. Usage of Symmetric NAT does not have to have anything > to-do with reducing the number of IP addresses in usage. Symmetric > NAT can have equal number of users to internet address. > > Symmetric NAT is the brick wall from hell to hole punching. The > main objective of a Symmetric NAT is that something in the internet > that has not had a packet from something behind the Symmetric NAT > blocked by default. Add in symmetric NAT randomising IP to IP > mapping. So after IPv4 disappears what Symmetric NAT still has a > usage in IPv6. > > Teredo that is IPv6 over IPv4 fails if both ends are behind Symmetric > NAT. Normal STUN for NAT punching falls over if both ends are > behind Symmetric NAT this does not matter if it IPv4 or iPv6. > Symmetric NAT randomising ip to ip mapping bring hell. So you opened > up a connection after so much time the Symmetric NAT forgets and you > attempt to send another packet to a end and it picks out a new IP > address at random to use. > > The three types cone style NAT will stay in usage by client routers by > different Carriers even after IPv6 is dominate everywhere as it make > sense at that point so being able to punch though those at times will > still be required. > > So the 4 types of common NAT are not going anywhere were they were > used for common sense reasons. The Carrier NAT attempting to push > massive numbers of users though limited addresses will hopefully > disappear due to IPv6. > > Basically Dan is about time you step back look at NAT how it used and > where is used and why. The change to IPv6 is only really getting > rid of one form of NAT being the carrier nat that were non Symmetric > NAT based on Symmetric NAT ideas that at times had massive problems > like completely running out of ports due to not enough address because > attempting to push too many clients out too few of addresses. > > If somewhere has a pure Symmetric NAT where the number of external > address match the number of internal address for IPv4 for security > reasons doing the same thing on IPv6 has the same logical reasons. > So logically sane placed Symmetric NAT will remain and when you have > to get though them the same problems will remain. > > The reality is the 4 common types of NAT can be deployed sanely > without massive over-stacking. Under IPv6 the worse we should see is > hopefully only 2 NAT deep. Possible 3 mode cone NAT in router and > Carrier with a Symmetric NAT between you and the internet. as long as > what ever is design can get though this worse case all cases will be > covered. . Why hopefully only 2 nat deep It is possible to have > like ADSL router NAT + a WIFI router doing NAT and Carrier doing > Symmetric NAT but the wifi NAT level is kinda self inflicted by user > on self not forced on user by carrier this is an improvement over the > 3 to 4 deep in nat by carrier in some places.. > > Dan attempting to code when the required interfaces to make it work > don't exist and have not been debated does not make much sense. Also > attempting to tell boss time this will need roughly to give something > functional also not be guessed when you are in the location that there > is a framework problem. > > IPv6 is improving something things. But IPv6 is not a magic bullet > to cure all the issues of having at times to get through NAT. > > Basically it is BS the that existence of NAT can be ignored because > IPv6 fixes everything. IPv6 pure once fully deployed by all carriers > should reduce the number of NAT you have to cross on the internet. > The big elephant in the room is that IPv6 is only going to reduce the > number of NAT in the internet not remove them all. > > So working out how to handle the case that end user has found > themselves on the wrong side of deployed NATs applies to IPv4 and IPv6 > with IPv6 hopefully being less glitch due to lower numbers of NAT in > the mix. > > Think if a company can use an accounts that is behind a Symmetric NAT > without having to pay extra or do extra government regulation for a > static public internet IP address might reduce their costs of doing > business. Also consider the ones most commonly going to be stuck > behind Symmetric NAT are also the places that will have massive > amounts of government regulation that can forbid having private keys > on overseas servers and and using overseas vpn servers. Using a > Relay/TURN server is hair splitting as it not a overseas VPN server > its only an overseas relay at worst. > > Reality Dan look out side your small conner of the earth. New > standards does not change how messed up world internet regulations by > different governments are or different carriers stunts to make more > money. > > . > Peter Dolding _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
