Hughesnet Community

Getting Started with IPv6 on HughesNet

cancel
Showing results for 
Search instead for 
Did you mean: 
MattWA
Freshman

Getting Started with IPv6 on HughesNet

I've recently had HN installed at my home. It was disappointing to learn that gen5 technology doesn't allow the use of IPv4 based dynamic DNS services, but I guess good for them for embracing the future.

 

With past ISP's I've always been able to point a dynamic DNS service to my home router and set up access to my home devices from the road (like SSH, cameras, file sharing, etc.). 

 

The less-than-desirable solution I've implemented for now is to have a host on my home network connect as a client to an OpenVPN server that I have running on a virtual private server (Linode). That host pushes my home network through the VPN and I can get to everything through that.

 

My knowledge of IPv6 is basically nil, and I've tried multiple times to contact HN tech support to help with remote access to my hughes net modem. The support techs rarely know what I'm talking about and can't understand what I'm trying to do. 

 

Does anyone that has successfully set up access through their public-facing IPv6 WAN address have resources on how to set this up? The HT2000 modem does claim to show a WAN IPv4 address (which is meaningless) and a WAN IPv6 address, but the v6 address shown is a fd0d:: Unique Local Address, which in my limited understanding is just a private subnet address. 


What am I missing? Do I need to forget about a WAN IP for the modem and just worry about the individual host's v6 address? How will traffic reach the host if it's behind a fd0d:: private subnet?

 

Thanks for any pointers.

 

-Matt

1 ACCEPTED SOLUTION
Liz
Moderator
Moderator

Hi Matt, 

 

I'm glad you found the community, thank you for posting. I checked with our top network engineer on this and this was his input on the matter:

 

The user is correct that he can’t use the fd0d:: ULA address to access from the outside.  However, Hughes does provide a 2001:5b0:: prefix that is globally routable and can be reached from the outside. 

While the prefix can be found on the terminal (as LAN prefix; not WAN prefix), the actual IPv6 address that the user needs to use is the one assigned to whatever device the user is trying to access.  E.g., windows : ipconfig; linux: ifconifg, etc.

This is different than IPv4 because there is no NAT in between the end device and the Internet with IPv6.

Because this prefix and, thus, the IPv6 address of the device, can and does change, a dynamic DNS service is needed to use a name to map to current IPv6 address.

 

Hope that sheds light on your concern!

 

 

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

View solution in original post

9 REPLIES 9
MattWA
Freshman

As a follow up, it appears that HN doesn't even use static v6 addresses. This seems crazy. Wasn't IPv6 supposed to solve / eliminate the need for carrier grade NAT and roaming IP addresses?

 

Both of the below threads are 2+ years old. Has anything changed?

 

https://community.hughesnet.com/t5/Tech-Support/Any-plan-to-make-IPv6-prefixes-static/m-p/22186#M156...

https://community.hughesnet.com/t5/Tech-Support/HT2000W-IPv6-inbound-services/m-p/83342#M58814

maratsade
Distinguished Professor IV

If @MarkJFine is still around, he may be able to address this; but you may also want to wait for the mods to post a reply before engaging in further speculation. 

HughesNet does use public facing static IPv6 addresses. However, I believe the issue is that the IP is only forward facing, because of the satellite-based architecture and you're still behind a double-NAT. So places like web sites will be able to rDNS your public IP for ID purposes, but will still not be able to reach into your network. If I understand correctly, HughesNet reserves the kind of access you're looking for on special SME/business accounts.

 

BTW: If I could stick my 2 cents in, I'd be more than a little wary of Linode. I regularly see some pretty sketchy and malicious behavior coming from them on the two server sites I administer: One domestically located, another on a 1&1 server in Germany. The nature of the behavior leads me to believe it's not coming from internet security companies, but hackers probing for vulnerabilities. For that reason I have Linode completely firewalled all over the place.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.

OK, thanks for the info. 

 

Regarding Linode (and digital ocean, etc.) I always keep them locked down pretty good and use SSL for SSH and OpenVPN access. It's pretty shocking to watch the kernel log for iptables ping requests that are dropped. 

DigitalOcean, Google Cloud, AmazonAWS, Oracle Cloud, OVH, Proxad, ColoCrossing...

Anything Chinese, Russian, Ukranian, or Brazillian... (just about to add Iranian or Turkish)

and that's just the tip of the iceberg. My htaccess files are in excess of 278kb.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
Liz
Moderator
Moderator

Hi Matt, 

 

I'm glad you found the community, thank you for posting. I checked with our top network engineer on this and this was his input on the matter:

 

The user is correct that he can’t use the fd0d:: ULA address to access from the outside.  However, Hughes does provide a 2001:5b0:: prefix that is globally routable and can be reached from the outside. 

While the prefix can be found on the terminal (as LAN prefix; not WAN prefix), the actual IPv6 address that the user needs to use is the one assigned to whatever device the user is trying to access.  E.g., windows : ipconfig; linux: ifconifg, etc.

This is different than IPv4 because there is no NAT in between the end device and the Internet with IPv6.

Because this prefix and, thus, the IPv6 address of the device, can and does change, a dynamic DNS service is needed to use a name to map to current IPv6 address.

 

Hope that sheds light on your concern!

 

 

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

Fantastic! That's the answer I was looking for. Thanks for your help Liz!

Awesome, glad that was useful for you!

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

I stand corrected. I have tried a couple of 2001:5b0 addresses with no luck - might be just that I'm using the modem's address and not the actual end device... something new to play with.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.