[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"
Gert Doering
gert at space.net
Tue Sep 4 22:09:14 CEST 2012
Hi,
On Tue, Sep 04, 2012 at 04:36:25PM +0000, The Fungi wrote:
> This latter paradigm is also common amongst smaller companies who
> may not be able to afford the bandwidth necessary for hair-pinning
> all their remote VPN client systems back out to the Internet through
> their office upstream circuits. All VPN client solutions I've ever
> managed (and I've managed most of the major vendors' implementations
> at some point, as well as a fair number of free/open source ones)
> supported split-tunnel configurations.
Yeah, but that's sort of missing the point. "The big names" in VPN
client software used to provide stuff that administrators configure
for "full tunneling", and the software did so - for IPv4 only, leaving
IPv6 completely alone.
I found this immensely practical, still being able to access my local
stuff over v6 while being logged into a customer network with Cisco VPN
client which blocked all local v4 - but that's a big gaping security
problem.
(As are "personal firewall" products for windows that mess with the v4
side of things, and leave v6 wide open - replacing the built-in windows 7
firewall that handles v4+v6 just fine).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the Ipv6hackers
mailing list