With the introduction of IPv6, the Internet has been undergoing profound changes for a number of years, which most users have barely noticed. The problem with the change to the significantly extended address system IPv6: The still predominant IPv4 and IPv6 are not compatible. That is why most providers in the United States try to make the transition from IPv4 to IPv6 as cautious as possible. In most cases, this is possible, but there are problems for some applications, such as remote access in conjunction with a DS-Lite port.
Dual Stack and DS-Lite: the fine difference
The word "stack" stands for "protocol stack" and in this case means the version of the IP protocol. An Internet connection with "Dual Stack" thus supports both protocols, and can thus be operated via IPv4 as well as in IPv6 - in both directions. This means that clients from the home network can reach both IPv4 and IPv6 web services on the Internet. In the other way, clients from the Internet can reach your router via IPv4 as well as via IPv6, because your network operator has automatically assigned two different IP addresses to your router through the dual stack connection: an IPV4 and an IPv6 address >
No remote access via IPv4
So if you have a NAS or a webcam in your home network and set up an appropriate port forwarding in your router, you can still use a dual stack access to access this device remotely. However, problems can arise when you get a "stripped down" dual-stack connection from your provider, namely DS-Lite. The abbreviation "DS" stands for "Dual Stack", but in its savings or "Lite" version.
More Internet Guide
With a DS-Lite access, you can still establish connections from the home network via both IP protocols, thus using IPv4 and IPv6 web services. Because all outgoing IPv4 connections are routed through a DS-Lite tunnel of your provider, which packages IPv4 packets into IPv6 packets. This is how the packets reach the IPv6 / IPv4 gateway of your provider. There the IPv6 cover is removed and the package is routed to the destination via IPv4. For connections "outside", DS-Lite does not differ from a real dual-stack connection through the "4in6" tunnel.
Remote access via Relay server
The problem lies in the connection attempts from the outside, that is, from a device in the Internet, which wants to establish a connection to your router and a behind it in the home network. For a DS-Lite connection, customers receive only a public IPv6 address. Thus, you can not reach your router from the Internet, for example, if you are sitting on a device with an IPv4 access. As before, most mobile phone lines run over IPv4 connections, so the connection to a router with DS-Lite is not possible. And even if you are contacting your router from a modern IPv6 port, the IP camera or the NAS must support the IPv6 home network. Also the share in the IPv6 firewall of the router must be created.
The most comfortable way out of the DS-Lite or IPv4 / IPv6 dilemma is the use of a relay server, which some manufacturers offer as additional services to their network devices with remote access. This service is especially useful for home networking devices that do not offer IPv6 support and can not retrofit them, for example, by firmware updates.
The setup of such a relay server service is usually done quickly: as soon as you have integrated your network hard disk, the IP camera or the corresponding device into the home network, you usually log on to the manufacturer's relay service in the web interface of the device. If you have not already done so, you create an account with the manufacturer of the device, including a username and password as well as a valid mail address. The newly created user account is then activated via this mail address. With your access data, you can now connect to your home network from any browser-enabled client on the Internet. Practical: Providers of a relay service usually also provide apps for mobile remote access.
The second way out to access a DS-Lite port from IPv4 is more complicated and runs over a 6in4 tunnel provider. The tunnel provider allows devices connected to a pure IPv4 port to communicate with IPv6 ports, such as your DS-Lite router. The tunnel provider packs IPv6 packets into IPv4 packets and routes them through the IPv4 network of the mobile connection to the tunnel provider's IP4 / IP6 gateway. From there goes the connection then over IPv6 to the DS-Lite router. The website www.sixxs.net offers such a tunnel free of charge for private individuals. How to get an account and set up the 6in4 tunnel on a computer or smartphone is described in detail on the website.
Important: The connection only works if both devices are IPv6-enabled and an IPv6 forwarding has been established in the router firewall.
Soon problems with DS-Lite connections will no longer be an issue as the support for IPv6 is rapidly advancing. By the time, however, manufacturers of home networking products should provide Relay servers for uncomplicated remote access.
Remote access via 6in4 tunnel
Conclusion
No comments:
Post a Comment