[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

Gert Doering gert at space.net
Tue Sep 4 22:09:14 CEST 2012


On Tue, Sep 04, 2012 at 04:36:25PM +0000, The Fungi wrote:
> This latter paradigm is also common amongst smaller companies who
> may not be able to afford the bandwidth necessary for hair-pinning
> all their remote VPN client systems back out to the Internet through
> their office upstream circuits. All VPN client solutions I've ever
> managed (and I've managed most of the major vendors' implementations
> at some point, as well as a fair number of free/open source ones)
> supported split-tunnel configurations.

Yeah, but that's sort of missing the point.  "The big names" in VPN
client software used to provide stuff that administrators configure
for "full tunneling", and the software did so - for IPv4 only, leaving
IPv6 completely alone.

I found this immensely practical, still being able to access my local
stuff over v6 while being logged into a customer network with Cisco VPN 
client which blocked all local v4 - but that's a big gaping security

(As are "personal firewall" products for windows that mess with the v4
side of things, and leave v6 wide open - replacing the built-in windows 7
firewall that handles v4+v6 just fine).

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the Ipv6hackers mailing list