Alexandru Petrescu <[EMAIL PROTECTED]> writes: > Warly wrote: > > Hmmm... I'm not sure how the user can get an IPv6 address through a VPN > tunnel. Do you mean the end user PC has a virtual interface (put up by > the VPN software) on which it will receive IPv6 Router Advertisements? > The stateless address auto-config doesn't really work with Ethernet > 64bit Interface ID in this case. > > Or do you mean the end user uses DHCPv6 Prefix Delegation on that VPN > virtual interface? > > Or does the user PC use 6to4? > > Or are the user PC IPv6 addresses hard-coded on the PC? (e.g. I sell > this PC to this end user and its address I decide to be e.g. 1::1).
PC will have, first at least, a fixed IPv6 address in its configuration. I am doing the PCs configuration in our production center (my company is also manufacturing the PCs) Later on I may use DHCPv6, but as far as I could read, this is not yet working very well through IPSec. >> Through this VPN IPv6-in-IPv4 network the user can access the IPv6 >> backbone, or other computers in the same network with global IPv6 >> addresses. > > I'm not sure how this can work. Generally speaking I'm used to VPN to > mean exclusively IPv4-in-IPv4 with an initial IKE exchange. I'm not > sure whether IPv6-in-IPv4 is still called 'VPN'. Secure IPv6-in-IPv6 is > maybe ssh... but I'm not sure what you mean precisely by IPv6-in-IPv4 VPN. Well, technically speaking, this is some kind of UDPv4 encapsulation of IPSecv6 packets. >> This is an interesting point. I was thinking that household will >> preferably masquerading techniques for internal network, > > Well there are no masquerading techniques for IPv6, as they exist in > IPv4 linux parlance. There's no IPv6 NAT currently (no software, no > standards). Ok. >> The current goal is to include all the computers in a IPv6 network >> for remote management and peer 2 peer exchanges with the collateral >> effect to have an IPv6 ready computer and a uplink to the IPv6 >> backbone. So the IPv6 connectivity is not the primary target, but >> somehow be practical. > > Makes sense. It sounds as if you want to build an IPv6 network that > looks like an overlay network over the IPv4 network. This makes a lot > of sense for IPv6 in general. The details are relevant. This is exactly what I would like to do. And as the number of households could be several tens of thousands, I wanted to be sure my IPv6 addressing policy was correct and admitted. -- Warly _______________________________________________ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
