Join the community today
Become a Member

IPv6 and Security

Discussion in 'System Administration' started by Jon Snow, Mar 15, 2018.

  1. Jon Snow

    Jon Snow Active Member

    367
    59
    28
    Jun 30, 2017
    Ratings:
    +89
    Local Time:
    6:08 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    Linode seems to enable IPv6 by default. If I choose to enable it for one of my domains, will there be any security related issues if I leave it as is with my current CMM setup or should I be worried?
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,030
    7,731
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,922
    Local Time:
    7:08 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    There shouldn't be as Centmin Mod initial install detects if IPv6 is enabled and enables CSF Firewall IPv6 support by default. But usually I disable IPv6 for stability as sometimes IPv6 networks tend to flake out and cause issues.
     
  3. Jon Snow

    Jon Snow Active Member

    367
    59
    28
    Jun 30, 2017
    Ratings:
    +89
    Local Time:
    6:08 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    Could you give me any examples please?
     
    • Agree Agree x 1
  4. wmtech

    wmtech Member

    57
    16
    8
    Jul 22, 2017
    Ratings:
    +36
    Local Time:
    11:08 PM
    If you enable IPv6 it is like you have 2 servers in 1. It doubles your work as an administrator. If you don't have many people/visitors that need IPv6 it is easier (and less error-prone) to have that disabled and just offer IPv4 access.
     
  5. eva2000

    eva2000 Administrator Staff Member

    35,030
    7,731
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,922
    Local Time:
    7:08 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    examples of what disabling or issues ? issues are plenty in xenforo forums sections here of smtp communication issues with google mail servers due to their server/web host IPv6 network connectivity having issues relying on web hosts to fix IPv6 network issues.

    to disable ipv6 plenty of centos guides http://lmgtfy.com/?q=how+tp+disable+ipv6+on+centos :)

    like
     
  6. Jon Snow

    Jon Snow Active Member

    367
    59
    28
    Jun 30, 2017
    Ratings:
    +89
    Local Time:
    6:08 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    Alright but if you do things for both IPv4 and IPv6, would it work or is it something not suitable for live sites yet?
    I already know how to disable it. I just wanted to know what problems it can cause if it isn't disabled.

    But wouldn't we all have to enable it at some point in the future?
     
  7. JJC84

    JJC84 Premium Member Premium Member

    139
    56
    28
    Jan 31, 2018
    Ratings:
    +80
    Local Time:
    4:08 PM
    1.13.9
    10.1
    Example if you don't know how to setup your firewall for both ipv4 and ipv6 and understand the differences in vulnerabilities/exploits, etc... it could cause a security issue.
     
    • Agree Agree x 1
  8. Jon Snow

    Jon Snow Active Member

    367
    59
    28
    Jun 30, 2017
    Ratings:
    +89
    Local Time:
    6:08 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    We're done pass that part as CSF takes care of that on install. @eva2000 mentioned other issues.
     
  9. eva2000

    eva2000 Administrator Staff Member

    35,030
    7,731
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,922
    Local Time:
    7:08 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    From what i seen you can search the xenforo forums for ipv6 network connectivity issues causing problems with connecting to google smtp servers. If you have IPv4 IPs, you don't need IPv6 to be honest, even if you do run out in future - your current server is still using IPv4 right now.
     
  10. JJC84

    JJC84 Premium Member Premium Member

    139
    56
    28
    Jan 31, 2018
    Ratings:
    +80
    Local Time:
    4:08 PM
    1.13.9
    10.1
    You honestly don't need it and yea CSF comes with a fairly robust configuration but things change and exploits pop up when you're not paying attention at least that's what happens to me.
     
  11. wmtech

    wmtech Member

    57
    16
    8
    Jul 22, 2017
    Ratings:
    +36
    Local Time:
    11:08 PM
    IMHO IPv6 can be used for live sites and -if all has been done correctly- won't be a source for technical problems at servers with any current OS.

    However, many admins are not used to IPv6 and therefore it is more likely to run into problems with it. Inside and outside your own server. It generates more work for server admins which is not worth it currently because you don't have any advantage if you offer IPv4 and IPv6 access to your server.

    If you have IPv4 connectivity you most likely will never be forced to switch to IPv6 as a server admin. There won't be a global deactivation of the IPv4 network ever. The only problem is that some times in the future you won't get new servers with IPv4 any more. This is when you have to use and to deal with IPv6.
     
    • Like Like x 1
  12. Jon Snow

    Jon Snow Active Member

    367
    59
    28
    Jun 30, 2017
    Ratings:
    +89
    Local Time:
    6:08 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    There is no guarantee that we'll stay on the same server forever (eg. hosting company decides to raise prices or their quality of service has degraded by a lot), so I'll enable IPv6 on at least one of my servers and try to troubleshoot any problems that come my way to learn for the future.
     
    • Like Like x 1
  13. wmtech

    wmtech Member

    57
    16
    8
    Jul 22, 2017
    Ratings:
    +36
    Local Time:
    11:08 PM
    It's always good to learn... :)

    Since each provider has its own pool of IPv4 addresses there may be providers in the future who have and who have not IPv4 addresses. I also assume that most providers will add a special price tag to even the first IPv4 address in the future (most already charge high for additional IPv4 addresses). It will soon pay to know how to use IPv6 (or to stay with an already IPv4 connected server).
     
  14. eva2000

    eva2000 Administrator Staff Member

    35,030
    7,731
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,922
    Local Time:
    7:08 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah that's the key as you're ultimate at the mercy of how well your web host configures their IPv6 networking.
     
  15. JJC84

    JJC84 Premium Member Premium Member

    139
    56
    28
    Jan 31, 2018
    Ratings:
    +80
    Local Time:
    4:08 PM
    1.13.9
    10.1
    Definitely, learn if you're up for it because nobody has ever gone wrong educating themselves and enhancing their knowledge and skillset.
     
    • Like Like x 1
    • Agree Agree x 1
..