VPN, dual stack NAT, IPV6
VPN, dual stack NAT, IPV6
Hello everyone, I’m trying to join my home network remotely via a VPN. My router includes a built-in VPN feature that would simplify the process, but there’s a limitation. My ISP gives me both IPv4 and IPv6 addresses, but only the IPv6 one is reachable since they’re using a "Dual Stack NAT." This means my IPv4 address isn’t publicly visible—it gets routed through their servers to the internet. The IPv6 address, however, is just a standard IP that changes every 24 hours for technical reasons. Now my phone, which I plan to use for the VPN connection, only returns an IPv4 address, so I can’t access the IPv6 one. I’m wondering if there’s a workaround to connect using my phone’s IPv4 while still connecting to the VPN via IPv6 without paying extra for a public IPv4 address.
That’s a really poor implementation they’re using. CGNAT is already problematic enough, yet the core idea of IPv6 is that you shouldn’t need to change your address at all—providing a consistent static IP range would be ideal. It’s surprising how many ISPs are ignoring these standards with half-baked solutions. In theory, you should be able to connect using IPv6 and set up some kind of IPv4 over 6 routing, but if your router can handle that, that’s another issue altogether. Plus, I’m not sure how to do it myself—I was thinking about diving into it but never made the effort.
It's not too costly at all. CG-NAT sounds like a bad choice now that online gaming is so common, honestly it's the least convenient option these days. I used IPv6 for a short time here but turned it off because it runs through the router for DNS but not on the local network. I don't get Microsoft's setup for Xbox One well enough. Changing the IP every time it restarts would give it a new address, and some devices can't handle DHCPv6 at all, so they get random IPs. Those who thought multiple methods were smart should be wrong! How do you even plan to allow certain clients through the firewall for incoming traffic if they can? I don't think just opening all LAN connections is safe. Who knows what open ports exist on IoT gadgets or a minor Windows firewall flaw could leave everything exposed? From my perspective, the router/firewall should be the first line of defense, and IPv6 really messes with that by not working consistently across devices.
If that's the cause, I hope they provide an alternative in my router settings.
The ideal setup for IPv6 involves a /64 network, accommodating up to 65,535 unique addresses. This size is necessary because NAT isn't supported in IPv6, requiring each device to have its own IP address. Your router should obtain one IPv6 address and direct traffic through a /64 subnet within your home. All devices can connect to the internet seamlessly. If you check an IPv6 lookup tool (such as https://www.whatismyip.com/), every device should display a distinct IP. It’s possible your DHCPv6 lease or router advertisement updates hourly, causing the router’s IP to shift. This scenario is uncommon but could happen due to network routing adjustments. IPv6 represents a significant shift, and many providers are hesitant or misconfiguring it due to its complexity. In short, if your PC doesn’t show an IPv6 address in that lookup site, you likely aren’t utilizing IPv6.
You can connect your home devices using zerotier. It functions as a VPN, assigning each device on your network a unique IP address. You can then access these devices from other gadgets that share the same zerotier network. The advantage is you don’t have to manually forward ports, and it supports multiple operating systems including Windows, macOS, Linux, Android, and iOS. Check out a helpful video if you’d like more details.
They seem to be attempting to keep up with the changes. IPv6 has only existed for about two decades... Now they’re running out of IPv4 addresses and are searching for alternatives. Some ISPs are replacing their equipment, which can be expensive. Luckily, Comcast has the ability to support both address types publicly. From what I understand, there are three methods ISPs use to implement IPv6. They generally need to adopt a single standard. I believe many ISPs do this because it’s more cost-effective than upgrading, and they prefer not to block residential users from running servers. They keep the public IPs reserved for business customers since gaming isn’t a priority for them.