No, Tailscale creates both IPv4 and IPv6 connectivity over .. well pretty much anything. If there's IPv4 - it will use it, if there's IPv6 - it will use it. If there's some traversable NAT - it will use it. I think we should dig out the old meme about ADSL running over a pair of wet strings.
> If there's some traversable NAT - it will use it.
But there is no traversable NAT if you’re stuck in CGNAT hell with no IPv6 and the CGNAT subnet they gave conflicts with the one you have. Unless you NAT it again or do some other route fuckery.
I kind of just winged it. But IPv6 is really super similar to IPv4. The key differences are:
- 128-bit addresses, expressed in hexadecimal. A single character is 4 bits (making every 4 bits a nibble boundary, making allocations really easy)
- All subnets are /64 (if you really want to have a different size subnet, you can, but it’s against the standard, and anything other than /64 will break SLAAC. There is one exception to the standard—point to point links are allowed to have a /127)
- The concept of a network address or a broadcast address within the subnet doesn’t exist. ff02::1 is the all-nodes link-local multicast address (serves the same purpose as a broadcast address in v4).
- ARP is gone. A very similar protocol, ND takes its place
- The preferred way to assign addresses to endpoint devices is SLAAC. Which is basically the router telling the endpoints to self-assign. Ridiculously small chance of a collision, and in case a collision happens, just run the rng again. It’s 64 bits after all. You can use DHCPv6 instead or in tandem with SLAAC if you need more granularity.
- You don’t need to use NAT. Which means you have to set up a firewall on the router correctly. Default-deny, while still allowing ALL ICMP traffic through, as ICMP is kinda vital for IPv6 because it’s used to communicate error conditions.
I’m sure I’ve missed something, but these are all the differences I can recall from the top of my head.
> You don’t need to use NAT. Which means you have to set up a firewall on the router correctly. Default-deny, while still allowing ALL ICMP traffic through, as ICMP is kinda vital for IPv6 because it’s used to communicate error conditions.
I do think using NAT in the form of NPTv6 is awesome for home use because it allows you to have a consistent address regardless of your ISP prefix assignment.
Think of NPTv6 as a kind of "stateless NAT" where the prefix is mapped 1:1 to your internal prefix. This means if your ISP changes your address, you only need to your external DNS versus all of your devices.
A nibble is half a byte. (4 bits) Arcane binary maths wizardry from way back when every single bit had value to the programmers, and 64 Kilobytes was a lot of RAM. ;)
If you have an agent installed on every node that can already traverse NAT, you don't have to care about what your ISP supports.
There are many more IPv6-centric solutions to their problem. Sounds like they didn't even try to think of alternatives and instead reached straight for NAT. That wasn't necessary, at least from the amount of information we can glean from this one post.
(Tailscale cofounder here) Tailscale already gives every node on every tailnet a globally unique internal IPv6 address, that is reachable even if you don't have IPv6 on the "outside" network. If your apps and OSes are all willing to use IPv6, you haven't had a problem since the early days of Tailscale; they've been solved for years.
Alas, the "apps and OSes are all willing to use IPv6" problem is a persistent one, so we have to make IPv4 work too.
This is a needed feature if you have no IPv6 AND are stuck in CGNAT hell.
And I’m an IPv6 evangelist.