More

_bernd · 2026-04-16T13:12:18 1776345138

You only need to set nothing and it should setup ipv6 on all downstream vlan interfaces. For static prefix I'd you can set ip6hint per vlan interface. For each vlan interface you need a stanza in the DHCP config file. And regarding firewall, as with the default lan zone you might need to add new zones with the vlan interfaces and configure forwarding rules. That's it.

_bernd · 2026-04-12T06:45:25 1775976325

Do you have heared of IP addresses and that large institutions especially government institutions have their own blocks from the address space? Mapping these is kind of easy.

inemesitaffia · 2026-04-12T07:42:38 1775979758

They are likely behind (foreign) CDN's.

Not that there's no BYOIP and not that it's impossible to do with shared IP's

_bernd · 2026-04-08T11:52:58 1775649178

That's why server use a static suffix and do slaac to get their prefix. It's really as simple as that.

Regarding firewall policies:

just because most network OS are plain dumb, does not implies that's the fault of IPv6.

A zone based firewall solves that already. And for instance OpenWrt fw4 can make rules for suffixes in a zone too.

_bernd · 2026-04-04T15:28:18 1775316498

A path should be written `/root`...

_bernd · 2026-04-03T23:10:31 1775257831

You can also configure multiple CA for client auth, and on the client side multiple ca to verify host keys.

_bernd · 2026-03-31T21:29:42 1774992582

Tfa contains the whole session dude.

_bernd · 2026-03-28T22:15:50 1774736150

I will definitely start to read this out loud to my 5 year old. He will love it. Thanks for sharing your finding.

goku12 · 2026-03-29T07:57:19 1774771039

Just FYI. Almost every launcher that offers commercial services has such a user manual. I was involved in preparing one such manual. A collection of these manuals can be quite entertaining for 5 year olds. You should be able to easily find them from the websites of the respective companies or agencies.

_bernd · 2026-03-29T17:19:54 1774804794

Thanks for the tip. I only knew about old manuals of the space shuttle.

themafia · 2026-04-02T03:43:46 1775101426

NTRS is an amazing resource for that:

https://ntrs.nasa.gov/search?q=shuttle&page=%7B%22from%22:0,...

kevin_thibedeau · 2026-04-02T01:19:03 1775092743

Have an LLM rewrite it in Seussian verse.

_bernd · 2026-03-18T10:28:51 1773829731

You can also sign ssh host keys with an ssh ca.

See ssh_config and ssh-keygen man-pages...

_bernd · 2026-02-26T18:16:16 1772129776

In addition to equvinox (hey again): In enterprise networks you should rely on 802.1x or what's also valid use case is the use of ipsec to ensure the local client connection is "safe".

supernetworks · 2026-02-26T18:35:41 1772130941

Some 802.1x have inherent mitm attacks that have been called out since 2004 and never got the v2 (https://www.rfc-editor.org/rfc/rfc6677.html). EAP-TLS however is the best practice here + VLANs.

_bernd · 2026-02-26T19:02:55 1772132575

What do you think about to just use open networks and the use of IPsec/wireguard?

_bernd · 2026-02-13T17:29:26 1771003766

> and thought to myself "they do textbooks?".

Indeed: https://systemsapproach.org/books-html/

If you are cheap on money, but you do have time, and like to get into networking, I can only highly recommend https://book.systemsapproach.org/

_bernd · 2026-02-13T19:36:38 1771011398

The link to https://book.systemsapproach.org/internetworking/routing.htm... is in the first paragraph.