IPv6 OFF. How?

So? One would expect the IPv6 range used by ReadyNAS Remote to be different to the IPv4 one.

mdgm wrote:
So? One would expect the IPv6 range used by ReadyNAS Remote to be different to the IPv4 one.

But one would expect the IP range to match that used by Remote, yes? (5.xx.xx.xx etc?)

I don't think that necessarily follows. Using a different range could be easier.

mdgm wrote:
I don't think that necessarily follows. Using a different range could be easier.

But all refernece to IPv6 is set to off on the ReadyNAS, yet Remote is enabling by itself, and also disguising it's VPN address with a fake LAN address? That makes absolutely no sense to me?

I'm not sure what you meant by "disguising it's VPN address with a fake LAN address". 5.xxx.xxx.xxx is the termination VPN address (a bad choice on Netgear's part, but that's another subject).

The IPv6 assignment in Remote is a bit of a puzzle. Like the ipv4 address, it could be the termination of the tunnel (and only used by the NAS itself, not any devices on your network). In this scenario, the vpn tunnel is tunneling both IPv4 and IPv6. One rationale for this is that it would allow an IPv6 remote device to use the tunnel. It would do no harm, and wouldn't depend on your local LAN equipment supporting IPv6 - since the tunnel itself is opaque to your local LAN (all the traffic it is tunneling is encapsulated)

It could also be a bug - in which case the ipv6 address is not used, but does no harm.

Either way, there is no reason to be concerned. The remote addresses are purely local, none of your LAN equipment (including your router) ever sees them.

StephenB wrote:
I'm not sure what you meant by "disguising it's VPN address with a fake LAN address". .................. Either way, there is no reason to be concerned.

Hmmm maybe, maybe not, but it's really not the point. However, as you say, I'm clearly not describing my questions properly so I'll sign off on the thread and continue on my merry way.

BTW, disabling Remote solves the problem completely and IPv6 remains off. (Stayed off for 48 hours or so now)

That will do me for me now and I'll look at alternatives for Remote/VPN.

TVM

Well, I'm not a big fan of Remote myself. I use ftps for remote access.

But I really don't understand why you are worried about a VPN tunnel termination that is totally invisible to your local network. I think you are likely not understanding my replies (as I am perhaps not understanding what you are worried about).

StephenB wrote:
But I really don't understand why you are worried about a VPN tunnel termination that is totally invisible to your local network

Mate, I'm not worried, as you put it, at all.

I'm "worried" (curious) why NTGR consider it necessary to enable something surreptitiously, that has been specifically disabled by the user. It's as simple as that.

Were Microsoft to do something akin to that, they'd have people jumping all over their arse about it.

I get why folks would be bothered by the inability to totally prevent OS6 from "phoning home". But I really don't get your issue here.

IPV6 is disabled on your LAN, as you configured it to be. The VPN termination isn't configurable at all (IPv4 or IPv6), and it is a completely separate (though virtual) network from the local LAN network. You can't reach your NAS using the VPN addresses unless you are using ReadyNAS remote - and even then those addresses only show up inside the encrypted tunnel. If there are IPV6 packets sent over the VPN, they are also encapsulated inside the encrypted IPv4 tunnel. The LAN only sees IPv4 (using the IPv4 address you or your router assigned to the NAS).

The real problem with remote's IP configuration is that it is hijacking IPv4 addresses that are in use by real servers who are paying for those addresses. So when the remote client is installed (PC, iPad, NAS, smartphone), there are web sites, etc. that those devices can no longer access. A forum member here told me in a PM that he can't reach a storage service he is using unless he uninstalls Remote - because his server is assigned an address in the 5.x.x.x range that remote is hijacking. Now if Microsoft did that, people would be screaming (for good reason).

Anyway, there's probably no point in continuing the discussion - I suspect we will just continue to talk past each other.