On Sun, May 28, 2017 at 05:46:22AM -0700, pixel fairy wrote: > > > > > > Are you suggesting that VM's no longer have internal ipv4 addresses? You > > mean > > via the ipv4-in-ipv6 address range or something else? > > > > i was thinking dual stack and nat for both 4 and 6. my first thought was > using the v6 addresses to internally address the vms, but that seems to be > mostly done through vchan. proxy, firewall, and network vms, would need to > support both anyway. > > the only other way ive tried was nat64, and i remember hitting a problem > with tls verification, but my setup could have been wrong. tried googling > for "nat64 ssl" and "nat64 tls" and cant find anything on it.
Right, with nat64 you're requiring the VM's and the software in them to use IPv6 addresses, which get translated to IPv4. That's inevitably going to have compatibility issues, as nat64 just isn't very common, and there's plenty of software around that can only talk IPv4. I think a dual-stack arrangement is much preferable to this, even if both IPv4 and IPv6 end up having to use NAT. It's notable how the relative rarity of IPv6 NAT may be a problem - the IPv6 infrastructure wasn't designed with clients running multiple VM's at a time in mind. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170529144548.GA7082%40fedora-23-dvm. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature