pjs: your first VPS order has been completed just now Hello guys hi I'm trying to set up ipv6 multihoming without BGP. Does LISP(Locations/ID seperation protocol) work when the other endpoint doesn't support LISP? Should I use ULA with prefix translation? Does it break anything? Are there any other options? i have no idea sorry What are the benefits of enabling IPv6 for an average home user? nil :) the main advantage of ipv6 is more ip addresses with direct connectivity. but the majority of things do not use it. it has more benefit to mobile providers who are running out of ip addresses and are starting to use nat, and it may in some cases stop you having to use carrier grade not of your provider but as of right now, it's mostly useful if you want to "play" with more ip addresses, or if you want direct connectivity to multiple hosts. which home users don't generally need. OK, thank you very much the amount of usage of ipv6 is increasing, but it's mostly to things like google, facebook etc which are all on ipv4 as well as ipv6 with businesses there are some advantages. if you want to connect two networks together and directly access each other, you can each have your own ip address space and not have to renumber. but so many things depend on ipv4 right now you still have to renumber. and just using an ip address space other than 10.0.0.0/8, 192.168.1.0/24, 192.168.0.0/24 means you're less likely to clash. if you really want to multihome then it's reasonably easy to get ip address space to multihome. it's easier in most instances than increasing your amount of ip address space. well my mobile provider uses 172.x and my college uses some 10.x and 192.168 :) i wouldn't say there's anything bad about playing with ipv6. i can't get my own ip address because my upstream(college) won't route it well you'd need two providers to be of benefit anyway. do you want multiple incoming addresses at home? err at your college? er...yes why? :) because of the great firewall of china you mean you want to bypass firewall? you can vpn you could vpn to somewhere which may let you have incoming connections. it's not about incoming connections, but outgoing ones from my understanding, the most consistent performance from china for vpn'ing comes from vpn'ing to hong kong. but if you want to access the US, then as long as you have a route that doesn't give evening congestion than vpn'ing to the US should work ok. i've been doing this but the problem comes when you want to route some stuff over vpn and some stuff not. but then if you want to visit a website in china you're going china-->us-->china yes, exactly exactly. that's why i'm trying to do multihoming ok there are other solutions. do you have a linux box there? yes i'm using one as a router can it run squid? i think so can you code in perl? not really :) if you can fake it you're probably fine :) i did a perl plugin for squid before that can proxy to various proxies depending on what country a destination is in or go direct if within the same country it's really sloppy and proof of concept, but i think it'd work the best/easiest for normal usage for you this can only proxy http connections right? http and https so can do fakebook etc how does https work? you set proxy as explicit proxy on your computer doesnt it break the end to end model? and then it does a CONNECT www.facebook.com etc and looks like http http://en.wikipedia.org/wiki/HTTP_tunnel like that HTTP tunnel :: HTTP tunneling is a technique by which communications performed using various network protocols are encapsulated using the HTTP protocol, the network protocols in question usually belonging to the TCP/IP family of protocols. The HTTP protocol therefore acts as a wrapper for a channel that the network protocol being tunneled uses to communicate. The HTTP stream with its covert channel is termed an HTTP tunnel. HTTP tunnel... so it proxies https from the tcp layer? i'm in new zealand, i played with having it proxy for US, UK etc. but it can probably be simplified acttually even how it is now it goes direct for china :) because NZ -> CN is faster than NZ -> US -> CN yeah } elsif ($geoip =~ m/CN/) { print "ERR\n"; it's hackish like that :) basically squid just has to see OK or ERR if it's a china or non china web site :) but you probably want TW etc to go direct too http://pastebin.com/mpFQW11r what about things other than http(s)? well you'd have to VPN properly for that lots of things can use http/https proxy even things like skype can afaik that's just a subsection basically i just added a few things hah but you still have to set the proxy setting yourself? most things listen to internet explorer proxy settings in windows well i'm trying to set up wireless network for my roommates who doesn't know what is http... it's just using the maxmind database for geoip well i'd do it the squid way myself :) there is an alternative way but it's the simplest way to get good performance for web now i'm routing everything over vpn but they complain it's too slow for websites within china yeah the other way is using BGP and the other way still is to vpn to hong kong # lookmeup www.china.cn Rev 1: CN 22 Beijing so i have a script like that what is that? if all the web sites end in .cn, ,tw etc you can make rules in squid too it's a maxmind lookup geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat $1 | mawk -F, '{ print $2, $3, $4 }' it just formats it a little nicer oh ok http://dev.maxmind.com/geoip/geoip2/geolite2/ seems there's a new format but you can basically download database of where ip's are i'm thinking of a global routing table you can do that too but it's still complicated :/ like this:https://github.com/fivesheep/chnroutes gets subnet allocation from apnic then add routes to a specific country works at ip layer instead of squid layer ok try that then ;) i imagine you'll have to force it to route things like google through it i haven't tried it well google gives me an apnic ip but i'd imagine it would have some trouble with anycast ips? google doesn't anycast normally 8.8.8.8 is anycasted but it's not the norm and 8.8.8.8 is ARIN ip are you receiving ip for google.co.nz? google.co.nz is a cname to google.com so it's the same oh, ok 74.125.237.216 i usually get ip's like that though which i assume is arin yeah that's arin but it sometimes can give APNIC results, google are kind of weird. :) and there's nothing worse than thinsg that randomly break yeah but yeah as a first shot try bypassing for all apnic ip addresses should be able to find a list of their ranges somewhree http://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range so uhh that should be easy, it's all /8? yeah hangon http://pastebin.com/D3Ey4fJy try that but change 192.168.1.1 to your gateway i'm not trying now only have ssh access to my router will do when i get back ok it may still go via US to some universitys etc at least here some universities have legacy pre-apnic address space but it should fix most stuff even just 202.0.0.0/8 and 203.0.0.0/8 would probably fix qutie a lot