[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"
Henrik Lund Kramshøj
hlk at kramse.org
Wed Sep 5 08:42:00 CEST 2012
On 04/09/2012, at 18.28, Seth Hall <seth at icir.org> wrote:
>
> On Sep 4, 2012, at 12:22 PM, Marc Heuse <mh at mh-sec.de> wrote:
>
>> Where this is not the case or where there is a bug, this however would
>> be a problem. (I remember somone tellimg me that the Cisco VPN client
>> has or had this bug, that IPv6 was still possible while IPv4
>> connectivity was filtered for non-tunnel destinations.)
>
>
> It was like this with the Juniper SSL VPN at my previous job. The VPN software didn't do anything with IPv6 so anything over IPv6 went through my default gateway.
I can confirm the same with F5 BigIP Edge Gateway SSL VPN software, and Cisco VPN.
I consider it a feature, being able to lookup other stuff while testing things ;-)
Actually getting the VPN to slurp up all protocols and traffic - both IPv4 and IPv6 is not the default.
Our F5 has the capability, but I haven't had time to test it properly
The Juniper SSL VPN software with IPv6 is in beta right now (7.3).
I follow Mr Kevin Peterson @secureaccess on twitter who said this 13 days ago.
Best regards
Henrik
--
Henrik Lund Kramshøj, Follower of the Great Way of Unix
internet samurai cand.scient CISSP
hlk at kramse.org hlk at solidonetworks.com +45 2026 6000
http://solidonetworks.com/ Network Security is a business enabler
More information about the Ipv6hackers
mailing list