[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

Alastair Johnson aj at sneep.net
Thu Sep 6 19:09:47 CEST 2012

On 4/09/2012, at 7:48 AM, Fernando Gont <fgont at si6networks.com> wrote:

> Assuming the VPN product does not disable local v6 support, and that the
> VPN does not provide IPv6 connectivity (*), this attack vector could
> prove to be an interesting one ("unexpected", to some extent).

I have inadvertently done this to myself on several occasions. Supposedly the latest version of the VPN client in question will disable IPv6 networking when attached to the VPN, mitigating the problem.

There is a similar, annoying, problem with DNS: if my client PC has IPv6 DNS servers configured, it will use those in precedence to the IPv4 DNS servers handed out by the VPN gateway. This can cause some confusion when split-horizon DNS is being used. 

More information about the Ipv6hackers mailing list