Re: [opensuse] Moving to IPv6



James Knott wrote:
Anders Johansson wrote:
You are aware, I hope, that many companies today run VPNs to their internal
LANs even though every single machine has a real IPv4 address. The external
connection is heavily locked down, and you only get in to your destination
machine after seriously authenticating yourself. IPv6 will reduce the number
of steps needed here by exactly zero!

There is nothing in IPv6 that prevents that. As I mentioned in another note, IPv6 has the equivalent of RFC1918 addresses. It just doesn't require NAT to use them. As has been mentioned, IPv6 easily supports multiple addresses on an interface. You could assign both public and local address to an interface and use the local address (there's another name for them that escapes me at the moment) for VPNs between sites and use the public address for outbound connections and specifically authorized inbound.

I just remember that other name. It's "unique local".
http://en.wikipedia.org/wiki/Unique_local_address

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



Relevant Pages

  • Re: [opensuse] Moving to IPv6
    ... LANs even though every single machine has a real IPv4 address. ... connection is heavily locked down, and you only get in to your destination ... There is nothing in IPv6 that prevents that. ... You could assign both public and local address to an interface and use the local address for VPNs between sites and use the public address for outbound connections and specifically authorized inbound. ...
    (SuSE)
  • Re: ipv6 question
    ... connection now has a nice, routable IPv6 address back to the machine ... now have to have to be routed through an external IPv6 SPI firewall ... you've got a webserver, it can see if you've got a mail server, etc. ...
    (Fedora)
  • Re: strange problems with Internet connection
    ... So I did the same, set up a static IP, but left IPv6 ... Linksys router, or if I connect directly to the cable modem. ... my connection is slow and intermittent. ... I have had the same issues with IPv6 in both Ubuntu and Debian. ...
    (Ubuntu)
  • Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
    ... I have an ADSL connection for my home network. ... My ISP has given me an IPv6 address to try out. ... interface ppp0 { ...
    (Debian-User)
  • [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
    ... End-to-end has less do with addressing and more to do with where you put functionality. ... End-to-end was directed at the notion of "smart connection endpoints, dumb network", as opposed to a telephony model of "smart network, dumb endpoints ". ... I agree with much of what you say about writing an IPv6 firewall. ... Aside from writing secure code for the IPv6 kernel, a big chunk of the work is deciding what of the IPv6 datagram header pose security threats and how you intend to use or dispose of them. ...
    (Firewall-Wizards)