On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:
But which address space do you put in the network behind the VPN?
RFC1918!? Oh, already using that on the DSL link to where you are
VPN'ing in from..... oopsy ;)
Actually, NBD, because you can handle that with a VPN client which
does a virtual adaptor-type of deal and overlapping address space
doesn't matter, because once you're in the tunnel, you're not sending/
receiving outside of the tunnel. Port-forwarding and NAT (ugly, but
people do it) can apply, too.
That is the case for globally unique addresses and the reason why
banks
that use RFC1918 don't like it when they need to merge etc etc etc...
Sure, and then you get into double-NATting and who redistributes what
routes into who's IGP and all that kind of jazz (it's a big problem
on extranet-type connections, too). To be clear, all I was saying is
that the subsidiary point that there are things which don't belong on
the global Internet is a valid one, and entirely separate from any
discussions of universal uniqueness in terms of address-space, as
there are (ugly, non-scalable, brittle, but available) ways to work
around such problems, in many cases.
-----------------------------------------------------------------------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
Technology is legislation.
-- Karl Schroeder
