[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

Jim Small jim.small at cdw.com
Fri Sep 7 14:28:33 CEST 2012


> > Assuming the VPN product does not disable local v6 support, and that the
> > VPN does not provide IPv6 connectivity (*), this attack vector could
> > prove to be an interesting one ("unexpected", to some extent).
> 
> I have inadvertently done this to myself on several occasions. Supposedly
> the latest version of the VPN client in question will disable IPv6 networking
> when attached to the VPN, mitigating the problem.
> 
> There is a similar, annoying, problem with DNS: if my client PC has IPv6 DNS
> servers configured, it will use those in precedence to the IPv4 DNS servers
> handed out by the VPN gateway. This can cause some confusion when split-
> horizon DNS is being used.

If you're interested, you may be able to alter this behavior by changing your local prefix policies - however, the behavior varies somewhat by O/S so you'll have to try it.

--Jim





More information about the Ipv6hackers mailing list