For the last few weeks, I worked on my Smarthome, which I built with HomeAssistant. But then a seemingly easy-to-fix problem occurred. Some services like Google Home needed to access my Smarthome from the public internet. Creating an IPv4 port share is really simple with my FRITZ!Box router. But I don’t have a dedicated IPv4. To still connect to IPv4 services, I use a shared IPv4 through a DS-Lite tunnel. This is also called Dual-Stack Lite.
So then, just create a port share on IPv6 to my Smarthome device.
Well, yes, but it’s not that easy.
- It just didn’t work
- The IPv6 prefix changes frequently, so we need to use a DNS server to redirect a domain to the ever-changing IPv6 address
The reason that the IPv6 port share didn’t work for me was that I trusted the FRITZ!Box to know my device’s IPv6 address. But that was not the case. Upon further inspection, it became clear that the router indeed received my requests (thanks to tracert/traceroute) but did not route them to my device. And this was due to the fact that the router just didn’t know about my device’s IPv6 for some reason. When selecting the device from the network tab, all kinds of IPv6 addresses showed up, but not the one that my device displayed when executing the `ipconfig` (on Windows) or `ip addr` (on Linux) command.
So the fix is to create a port share and specify the IPv6 interface ID manually with the value that the device is actually using. Also, make sure that “Enable PING6” and “Open firewall for delegated IPv6 prefixes of this device” are enabled.
So now the device should be reachable. Make sure that it also does not change its IPv6 so that you don’t have to adjust the port share every day. But the IPv6 prefix assigned to your router will still change. To fix that, we can use a DynDNS service that supports IPv6 like https://dynv6.com/. You can choose a domain and a device IPv6 for an AAAA record, whose prefix is always updated to match the one from your router.