{"id":1284,"date":"2022-01-06T19:58:48","date_gmt":"2022-01-06T18:58:48","guid":{"rendered":"https:\/\/outpost.garf.de\/wordpress\/?p=1284"},"modified":"2022-01-06T19:58:50","modified_gmt":"2022-01-06T18:58:50","slug":"new-project-ipv6-only-home-network","status":"publish","type":"post","link":"https:\/\/outpost.garf.de\/wordpress\/index.php\/2022\/01\/06\/new-project-ipv6-only-home-network\/","title":{"rendered":"New project: IPv6 only home network"},"content":{"rendered":"<p>I have a new spare time (yes, I do have some spare time now and then) project: Re-building my home network so it runs IPv6 only. Yes. No legacy IP. Devices only get an IPv6 address. If they want to communicate with a device on the internet which is IPv4 only, a technique called <a href=\"https:\/\/en.wikipedia.org\/wiki\/NAT64\">NAT64<\/a> (and <a href=\"https:\/\/en.wikipedia.org\/wiki\/IPv6_transition_mechanism#DNS64\">DNS64<\/a>) needs to be used.<\/p>\n\n\n\n<p>My current firewall (actually I have two firewalls) &#8211; an <a href=\"https:\/\/eu.store.ui.com\/products\/unifi-security-gateway?currency=EUR&amp;variant=14089265315949&amp;utm_medium=cpc&amp;utm_source=google&amp;utm_campaign=Google%20Shopping&amp;gclid=Cj0KCQiAw9qOBhC-ARIsAG-rdn79rEFK9yYEabIS8s3mu3bWURzEZMUcqQll2ZlYvaek9mnkpHYNcNYaAnusEALw_wcB\">Ubiquity Security Gateway<\/a> &#8211; cannot do that. The USG feels like abandonware anyway &#8211; no real software update for a year now. So time to get rid of it. Step by step. I mentioned two firewalls &#8211; connection to the outside world is actually a Fritzbox (very popular home router in Germany) which brings everything a standard uses needs. But I am not a standard user. I am a network engineer. <\/p>\n\n\n\n<p>So here is the plan: Replace the USG by something more powerful and flexible. After a lot of reading I decided to build an <a href=\"https:\/\/opnsense.org\">OPNsense<\/a> based firewall. First step was to get the hardware and install OPNsense. It can run on any Intel based system, but for a firewall device, the following items are needed:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>At least two Ethernet interfaces<\/li><li>Low power (it runs round the clock)<\/li><\/ul>\n\n\n\n<p>The system I decided for is a Chinese mini-pc, called <a href=\"https:\/\/www.amazon.de\/gp\/product\/B09N1RV7J5\">HSIPC J4125<\/a>.  There are cheaper options, but I decided for the version with 8GB memory and 120GB SSD. It arrived today with pfSense (another firewall I did not want to run <a href=\"https:\/\/www.wipo.int\/amc\/en\/domains\/search\/text.jsp?case=D2017-1828\">for reasons<\/a>) pre-installed. You can see it above in the picture. I have not opened it up yet (I am an engineer &#8211; I open things up to look whats inside), but when I do I will post a picture. Promised.<\/p>\n\n\n\n<p>First task was to remove pfSense and to install OPNsense. It took me a while because I could not figure out how to get into the BIOS of that box and change it to &#8222;boot from USB&#8220;. It did not help that my monitor (connected via HDMI) takes some time to pick up the signal after the box boots. At the end I figured out that I can start the USB bootloader by entering &#8222;chain disk1&#8220; from the FreeBSD boot prompt. And thats all for today, the rest of the OPNsense installation worked out like described.<\/p>\n\n\n\n<p>To be continued.<\/p>","protected":false},"excerpt":{"rendered":"<p>I have a new spare time (yes, I do have some spare time now and then) project: Re-building my home network so it runs IPv6 only. Yes. No legacy IP. Devices only get an IPv6 address. If they want to communicate with a device on the internet which is IPv4 only, a technique called NAT64 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1285,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"zakra_page_container_layout":"customizer","zakra_page_sidebar_layout":"customizer","zakra_remove_content_margin":false,"zakra_sidebar":"customizer","zakra_transparent_header":"customizer","zakra_logo":0,"zakra_main_header_style":"default","zakra_menu_item_color":"","zakra_menu_item_hover_color":"","zakra_menu_item_active_color":"","zakra_menu_active_style":"","zakra_page_header":true,"footnotes":""},"categories":[262],"tags":[269,266,78,267,268,264,265],"class_list":["post-1284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-home-network","tag-dns64","tag-firewall","tag-fritzbox","tag-ipv6","tag-nat64","tag-opnsense","tag-pfsense"],"_links":{"self":[{"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/1284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=1284"}],"version-history":[{"count":1,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/1284\/revisions"}],"predecessor-version":[{"id":1286,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/1284\/revisions\/1286"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/media\/1285"}],"wp:attachment":[{"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=1284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=1284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/outpost.garf.de\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=1284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}