If you've got an IPv4 address that responds to ICMP, HE's https://tunnelbroker.net/ offers free IPv6 ranges (a bunch of /64s and a /48) for free. You can configure a tunnel to work through many routers, but with some setup you could also have something like a Raspberry Pi announce itself as an IPv6 router.

Sites like Netflix treat HE tunnels as VPNs, though, so if you run into weird playback errors, consider configuring your device's DNS server/network not to use IPv6 for that.

As for your questions:

> how you do this

Open port 8888 to (prefix):abcd:ef01:2345:56, or whatever IP your device obtains, in your firewall. It's the same process as with IPv4, except you can use the same port on multiple devices.

> And how do you prevent someone spamming your devices or is the risk so low you don't care?

While some services have started scanning IPv6, a home network from a semi-competent ISP will contain _at least_ 2^64 IPv6 addresses. Scanning the entire IPv6 network is unfeasible for most automated scanners.

That's the job of a firewall and is unchanged between ipv4 and IPv6. Theyre both equally vulnerable to denial of service attacks

What do you mean by spamming? People are scanning the Internet the whole time to see what's there, and it isn't a threat unless you are doing something terribly insecure. Scanning IPv6 is impossible in practice anyway, due to the high number of available addresses.

IPv6 lets you do this -- nearly every client will use privacy addressing, so your (default) source address rotates daily. However you can still connect to the machine on its main (non-privacy protected) IPv6 address.

Right.

> It unlocks the type of use case where technical people can host something from home for fun, although many can’t access it because both parties need ipv6.

At this point, that's an obstacle, but at some future point hopefully IPv6 will hit a critical mass and network effects will take off because there'll be enough stuff that _doesn't work without IPv6_, so customers will demand it.

> if you set your sights higher and want to build true p2p apps for non-techies

Definitely.

Restoring the universal endpoint-to-endpoint connectivity on the IP network overcomes a _major hurdle_, a hurdle that's so big and longstanding that people have come to just assume its existence and fear and removal… but it certainly doesn't solve all the problems.

> or if you want “roaming” servers (say an FTP server on your laptop)

https://en.wikipedia.org/wiki/Multipath_TCP will take a big dent out of this, I think.

> - Opening up ports in both a residential router and sometimes the OS or 3p firewall. Most people don’t know what a port is.

I mean, UPnP makes big improvements in this area, but a lot of devices stupidly don't handle it, or block it for alleged security reasons. Frustrating.

> - DNS & certs which require a domain name and a fixed connection (if the peer moves around across networks, eg a laptop or phone, DNS is not responsive enough)

There's no real reason why TLS clients _must_ only trust certs when they see that the CN or SAN matches the _domain name_ through which they looked up the IP address. I think that with a better issuing infrastructure and UX, a TOFU-based (https://en.wikipedia.org/wiki/Trust_on_first_use) approach to self-signed certs for peer-to-peer services could be both comprehensible for non-techies and highly secure.