From the moment I understood the weakness of my flesh, it disgusted me. I craved the strength and certainty of steel. I aspired to the purity of the Blessed Machine. Your kind cling to your flesh, as though it will not decay and fail you. One day the crude biomass you call a temple will wither, and you will beg my kind to save you. But I am already saved, for the Machine is immortal… Even in death I serve the Omnissiah.
Use ULA addresses for hosts inside your LAN, they are static, cannot be used to reach outside your LAN and use IPv6. Then give your server/VPN endpoint a real ipv6, that’s your VPN endpoint. This doesn’t require any nat and can be easily changed to GUA when you want to.
CGnat is a “solution” for running out of ipv4 addresses, it has the same problems as any other nat but the problems are even more noticeable because the out-facing ipv4 address changes more often than the typical home nat configuration and tricks like FTP- and other helpers don’t work as well.
Ipv6 would not only avoid the issues of cgnat, it would avoid cgnat entirely because you don’t need to Nat when you have enough ips.
Most (all?) advantage of ipv6 when compared to ipv4 don’t work behind Nat. Thus there’s no reason to use it.
Either Nat with ipv4 or don’t Nat with ipv6.
Why did you want to use ipv6 when you don’t want what it represents? (End to end communication/IPs)
Either use ipv6 privacy extension (enabled by default, so this can just be called ipv6) or don’t enable ipv6.
That way you have working ipv6 or wait until you come to your senses. Using nat6 ipv6 isn’t worth it.
Here’s what you can actually do:
Sure you wont always catch ai slop this way but you don’t need to read a line of code to at least be reasonably sure your arr stack won’t get to the family photos.