[v6ops] ODP: v6-only (with NAT64) as default network during a conference?
Czerwonka Michał - Hurt <Michal.Czerwonka1@orange.com> Thu, 23 January 2014 16:24 UTC
Return-Path: <Michal.Czerwonka1@orange.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B7441A0014 for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 08:24:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.735
X-Spam-Level: *
X-Spam-Status: No, score=1.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQJ1Vc3-rosJ for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 08:24:30 -0800 (PST)
Received: from mailin.tpsa.pl (mailout.tpsa.pl [212.160.172.10]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDA81A0022 for <v6ops@ietf.org>; Thu, 23 Jan 2014 08:24:29 -0800 (PST)
Received: from 10.236.62.137 (EHLO OPE10HT03.tp.gk.corp.tepenet) ([10.236.62.137]) by mailin.tpsa.pl (MOS 4.4.2a-FCS FastPath queued) with ESMTP id AWQ47081; Thu, 23 Jan 2014 17:24:23 +0100 (CET)
From: Czerwonka Michał - Hurt <Michal.Czerwonka1@orange.com>
To: Gert Doering <gert@space.net>, George Michaelson <ggm@algebras.org>
Thread-Topic: [v6ops] v6-only (with NAT64) as default network during a conference?
Thread-Index: AQHPGBrLf3I8luPKiEakYA4MfnKgfJqSe7KQ
Date: Thu, 23 Jan 2014 16:24:05 +0000
Message-ID: <2D29C51862222E49B991EF64EEB0B5B745F6AEB0@OPE10MB05.tp.gk.corp.tepenet>
References: <CAD77+gReP-weV3=_hz-rm0KvDbDjkmsZYc0H_rdQ=R9qpcNhJQ@mail.gmail.com> <24696EC9-3CC7-4518-A029-E385F1C987DD@nominum.com> <CAKr6gn35dWXxmDyuaRVzMfzm508-QBGGz3XnxjsokCXMYOm5ow@mail.gmail.com> <01E2D4B2-ECB1-4601-81A2-15C5D59F42EE@nominum.com> <CAKr6gn2yyhLwPc5O+QWs3LVK-tGWzsrdu=h7m7NDNgJ5Wk6RLg@mail.gmail.com> <20140123090858.GS40453@Space.Net>
In-Reply-To: <20140123090858.GS40453@Space.Net>
Accept-Language: pl-PL, en-US
Content-Language: pl-PL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2014.1.23.131219:17:8.129, ip=217.113.224.9, rules=__HAS_FROM, FROM_NAME_PHRASE, __TO_MALFORMED_2, __IMS_MSGID, __HAS_MSGID, __SANE_MSGID, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __MIME_VERSION, __ANY_URI, __URI_NO_PATH, __FRAUD_CONTACT_NUM, SUPERLONG_LINE, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=mailin.tpsa.pl
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0C0207.52E14237.01C0, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2012-12-31 09:39:00, dmn=2013-03-21 17:37:32, mode=multiengine
X-Junkmail-IWF: false
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0C0207.52E14237.01C0, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2012-12-31 09:39:00, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 8611fa7222258b05a7cbc49fdf4e83fe
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: [v6ops] ODP: v6-only (with NAT64) as default network during a conference?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 16:24:31 -0000
Hi, we use 464xlat for IPv6-only access, but without DNS64 and most of problem are gone. In this scenario CLAT+NAT64+DNS-DualStack, Cisco VPN client works fine. It does not matter if the server is ipv4 literal or ipv4 domain. Of course NAT-T (IPSEC/UDP) is enabled, because android-clat does not process packet of ESP protocol. BR, mcz -----Wiadomość oryginalna----- Od: v6ops [mailto:v6ops-bounces@ietf.org] W imieniu Gert Doering Wysłano: 23 stycznia 2014 10:09 Do: George Michaelson DW: IPv6 Operations Temat: Re: [v6ops] v6-only (with NAT64) as default network during a conference? Hi, On Thu, Jan 23, 2014 at 11:48:35AM +1000, George Michaelson wrote: > Aren't the VPN failure modes you mention in the NAT64 case also plausible > examples which will break in a 464XLAT case? OpenVPN will not work if you force it to use 464xlat by connecting to an IPv4 literal. OTOH, the *Android* build of OpenVPN handles automatic failover from IPv4 to IPv6 just fine, so if you point your VPN client at the server's host name, NAT64 will do it's job. So the 464xlat case is only relevant if you put an IPv4 literal into your configs, and you're not supposed to do that anyway... The issue with NAT64 and OpenVPN affects the 2.3.x releases for "classic" OSes (MacOS, Linux, Windows) - this one has no AFI failover support, so it will be "IPv4-only" or "IPv6-only", and you need to manually change the AFI used if behind a NAT64. Then it will also work. (Fixed in git master, to be released as 2.4.0 eventually) Can't say anything about Cisco VPN client or any of the other ones floating around. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
- Re: [v6ops] v6-only (with NAT64) as default netwo… Cb B
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- [v6ops] v6-only (with NAT64) as default network d… Richard Hartmann
- Re: [v6ops] v6-only (with NAT64) as default netwo… Lorenzo Colitti
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- Re: [v6ops] v6-only (with NAT64) as default netwo… George Michaelson
- Re: [v6ops] v6-only (with NAT64) as default netwo… George Michaelson
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- Re: [v6ops] v6-only (with NAT64) as default netwo… Gert Doering
- [v6ops] ODP: v6-only (with NAT64) as default netw… Czerwonka Michał - Hurt
- Re: [v6ops] v6-only (with NAT64) as default netwo… holger.metschulat