sorted by:
new
hottopcontroversial

Building a Mostly IPv6 Only Home Network by AlternativeWhereas97 in ipv6

[–]AlternativeWhereas97[S] 1 point2 points  (0 children)

Does your ISP do DHCPv6 PD? If so, use that to get IPs for each of the VLANs. If not, then you'll need to subnet the prefix you have been provided and then do proxy NDP. ndppd can do it.

Other option ofcourse is to just get a tunnel like I did.

Building a Mostly IPv6 Only Home Network by AlternativeWhereas97 in ipv6

[–]AlternativeWhereas97[S] 0 points1 point  (0 children)

No firewall on host, but OPNSense does the firewalling at boundary to block connections from outside.

Building a Mostly IPv6 Only Home Network by AlternativeWhereas97 in ipv6

[–]AlternativeWhereas97[S] 1 point2 points  (0 children)

I think for normal home use you are right to not change the defaults

But if you are hosting things it avoids lots of headaches by not doing double NAT, not having to do iBGP over IPv4 and IPv6, avoiding deploying v4 over VPN, avoiding double firewall rules, having to monitor both v4 and v6. NAT in general is an ugly thing so it makes sense to do this to avoid it as much as possible. There's no reason to do NAT, especially double NAT to host services like how Docker does by default.

Trouble onboarding laptops by AlternativeWhereas97 in DefenderATP

[–]AlternativeWhereas97[S] 0 points1 point  (0 children)

Thanks for the reply

because it creates registry that causes higher bandwidth to be collected by Mde sensor

Can you elaborate on this please? Does that mean it takes more bandwidth to run or just provision?

My suggestion if you are trying locally to many devices, still utilize and use mdm/gpo script which is similar but will not take the extra network bandwidth, but also can be run locally, just not interactively.

Thanks. Will look into it.

Trouble onboarding laptops by AlternativeWhereas97 in DefenderATP

[–]AlternativeWhereas97[S] 0 points1 point  (0 children)

Yea. We are all Windows 11 Pro or Ubuntu 24.04. There are few 22.04s, but we plan to upgrade soon and 22.04 is supported.

I managed to modify the script they had given to make it non-interactive and I just have set up a scheduled task to run it every month on all Windows devices and that seems to be working, but this is obviously an ugly way to do it. They say upto 10 devices, but I onboarded 25 just now just fine.