[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

Henrik Lund Kramshøj hlk at kramse.org
Wed Sep 5 08:42:00 CEST 2012

On 04/09/2012, at 18.28, Seth Hall <seth at icir.org> wrote:

> On Sep 4, 2012, at 12:22 PM, Marc Heuse <mh at mh-sec.de> wrote:
>> Where this is not the case or where there is a bug, this however would
>> be a problem. (I remember somone tellimg me that the Cisco VPN client
>> has or had this bug, that IPv6 was still possible while IPv4
>> connectivity was filtered for non-tunnel destinations.)
> It was like this with the Juniper SSL VPN at my previous job.  The VPN software didn't do anything with IPv6 so  anything over IPv6 went through my default gateway.

I can confirm the same with F5 BigIP Edge Gateway SSL VPN software, and Cisco VPN.

I consider it a feature, being able to lookup other stuff while testing things  ;-)

Actually getting the VPN to slurp up all protocols and traffic - both IPv4 and IPv6 is not the default.

Our F5 has the capability, but I haven't had time to test it properly

The Juniper SSL VPN software with IPv6 is in beta right now (7.3).
I follow Mr Kevin Peterson @secureaccess on twitter who said this 13 days ago.

Best regards


Henrik Lund Kramshøj, Follower of the Great Way of Unix
internet samurai cand.scient CISSP
hlk at kramse.org hlk at solidonetworks.com +45 2026 6000 
http://solidonetworks.com/ Network Security is a business enabler

More information about the Ipv6hackers mailing list