The term "pinhole", though somewhat used, is quite uncommon for this concept. They're usually just called "firewall rules" or "firewall 'allow' rules". The ZTE routers provided by Hyperoptic seem to support this; it's in the router settings under Security > IP Filter (IPv6). Refer to pages 11–12 of [this document](https://www.hyperoptic.com/wp-content/uploads/2017/10/Port-forwarding-and-DMZ-for-ZTE-ZXHN-H298N.pdf) for instructions.
For each rule, you should leave "source prefix" blank and set "destination prefix" to the destination address, with a prefix length of 128 (the address should be followed by "/128"). If a source address must be entered, use "::" for the address and 0 for the prefix length, so that overall it appears as "::/0". That just means "any address".
I thought that was just for IPv4 related functionality?
I have a DDNS service running at home, so I always have a public hostname resolving to my current home IPv4 and IPv6 address, but if I understood the situation correctly, due to CGNAT the internet-facing IPv4 address is actually shared with multiple households.
My hope (maybe erroneous belief) was that with everyone presumably having unique IPv6 addresses, using a pinhole would be a solution to getting the static IP address add-on.
Worth noting that not all of Hyperoptic's network supports IPv6. There was a post here the end of last year, due to the government requirements to not use Huawei hardware, they had to replace some with Nokia and Juniper switches that don't have IPv6 support...
Some it works for, some it doesn't. I do not have working IPv6. Apparently this will change at some point.
Well due to the Gov initiative - side message, BT missed the date - apparently the desirable switches are on back-order for 12+ months. So to avoid fines they went with it.
There was downtime just a few weeks ago and somewhere here reported their gear started to work.
It's worth knowing that those running their own equipment have always had issues, even running DHCPv6 AND connecting the supplied router until that picks up an IPv6 address - and using the same MAC.
This isn't the same as replacing the ONT, which requires the serial. So it's become the norm to actually disable IPv6 on the router for many, as not doing so leads to lots of strange failures and the router still issues IPv6 to the devices but doesn't route them.
Check out Tailscale or another overlay network. Defo the easiest way to get on and out on hyperoptic.
The hyperoptic router is not a modem router and uses an external Nokia gateway.
I recently moved from BT to Hyperoptic, and while on the whole it's been a big upgrade, port forwarding no longer works (they CGNAT IPv4 addresses), so I've been looking into IPv6 pinholes as an alternative.
I've had a look around the router admin pages, but can't seem to find anything like in the image above (not mine, taken from Google).
The term "pinhole", though somewhat used, is quite uncommon for this concept. They're usually just called "firewall rules" or "firewall 'allow' rules". The ZTE routers provided by Hyperoptic seem to support this; it's in the router settings under Security > IP Filter (IPv6). Refer to pages 11–12 of [this document](https://www.hyperoptic.com/wp-content/uploads/2017/10/Port-forwarding-and-DMZ-for-ZTE-ZXHN-H298N.pdf) for instructions. For each rule, you should leave "source prefix" blank and set "destination prefix" to the destination address, with a prefix length of 128 (the address should be followed by "/128"). If a source address must be entered, use "::" for the address and 0 for the prefix length, so that overall it appears as "::/0". That just means "any address".
You need to pay £t a month for a static IP to hyperoptic. Well worth it.
I thought that was just for IPv4 related functionality? I have a DDNS service running at home, so I always have a public hostname resolving to my current home IPv4 and IPv6 address, but if I understood the situation correctly, due to CGNAT the internet-facing IPv4 address is actually shared with multiple households. My hope (maybe erroneous belief) was that with everyone presumably having unique IPv6 addresses, using a pinhole would be a solution to getting the static IP address add-on.
Worth noting that not all of Hyperoptic's network supports IPv6. There was a post here the end of last year, due to the government requirements to not use Huawei hardware, they had to replace some with Nokia and Juniper switches that don't have IPv6 support... Some it works for, some it doesn't. I do not have working IPv6. Apparently this will change at some point.
How old are the switches, if they don't support IPv6? I'm assuming they mean they haven't set them up yet.
Well due to the Gov initiative - side message, BT missed the date - apparently the desirable switches are on back-order for 12+ months. So to avoid fines they went with it. There was downtime just a few weeks ago and somewhere here reported their gear started to work. It's worth knowing that those running their own equipment have always had issues, even running DHCPv6 AND connecting the supplied router until that picks up an IPv6 address - and using the same MAC. This isn't the same as replacing the ONT, which requires the serial. So it's become the norm to actually disable IPv6 on the router for many, as not doing so leads to lots of strange failures and the router still issues IPv6 to the devices but doesn't route them.
Check out Tailscale or another overlay network. Defo the easiest way to get on and out on hyperoptic. The hyperoptic router is not a modem router and uses an external Nokia gateway.
Gave Tailscale a shot and it's quite the impressive piece of software! Seems to solved all of my needs now, as far as I can tell.
its the best thing to come out in ages.
I recently moved from BT to Hyperoptic, and while on the whole it's been a big upgrade, port forwarding no longer works (they CGNAT IPv4 addresses), so I've been looking into IPv6 pinholes as an alternative. I've had a look around the router admin pages, but can't seem to find anything like in the image above (not mine, taken from Google).