IETF Logo Mail Archive

[v6ops] ODP: v6-only (with NAT64) as default network during a conference?

Czerwonka Michał - Hurt <Michal.Czerwonka1@orange.com> Thu, 23 January 2014 16:24 UTC

Return-Path: <Michal.Czerwonka1@orange.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B7441A0014 for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 08:24:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.735
X-Spam-Level: *
X-Spam-Status: No, score=1.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQJ1Vc3-rosJ for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 08:24:30 -0800 (PST)
Received: from mailin.tpsa.pl (mailout.tpsa.pl [212.160.172.10]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDA81A0022 for <v6ops@ietf.org>; Thu, 23 Jan 2014 08:24:29 -0800 (PST)
Received: from 10.236.62.137 (EHLO OPE10HT03.tp.gk.corp.tepenet) ([10.236.62.137]) by mailin.tpsa.pl (MOS 4.4.2a-FCS FastPath queued) with ESMTP id AWQ47081; Thu, 23 Jan 2014 17:24:23 +0100 (CET)
From: Czerwonka Michał - Hurt <Michal.Czerwonka1@orange.com>
To: Gert Doering <gert@space.net>, George Michaelson <ggm@algebras.org>
Thread-Topic: [v6ops] v6-only (with NAT64) as default network during a conference?
Thread-Index: AQHPGBrLf3I8luPKiEakYA4MfnKgfJqSe7KQ
Date: Thu, 23 Jan 2014 16:24:05 +0000
Message-ID: <2D29C51862222E49B991EF64EEB0B5B745F6AEB0@OPE10MB05.tp.gk.corp.tepenet>
References: <CAD77+gReP-weV3=_hz-rm0KvDbDjkmsZYc0H_rdQ=R9qpcNhJQ@mail.gmail.com> <24696EC9-3CC7-4518-A029-E385F1C987DD@nominum.com> <CAKr6gn35dWXxmDyuaRVzMfzm508-QBGGz3XnxjsokCXMYOm5ow@mail.gmail.com> <01E2D4B2-ECB1-4601-81A2-15C5D59F42EE@nominum.com> <CAKr6gn2yyhLwPc5O+QWs3LVK-tGWzsrdu=h7m7NDNgJ5Wk6RLg@mail.gmail.com> <20140123090858.GS40453@Space.Net>
In-Reply-To: <20140123090858.GS40453@Space.Net>
Accept-Language: pl-PL, en-US
Content-Language: pl-PL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2014.1.23.131219:17:8.129, ip=217.113.224.9, rules=__HAS_FROM, FROM_NAME_PHRASE, __TO_MALFORMED_2, __IMS_MSGID, __HAS_MSGID, __SANE_MSGID, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __MIME_VERSION, __ANY_URI, __URI_NO_PATH, __FRAUD_CONTACT_NUM, SUPERLONG_LINE, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=mailin.tpsa.pl
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0C0207.52E14237.01C0, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2012-12-31 09:39:00, dmn=2013-03-21 17:37:32, mode=multiengine
X-Junkmail-IWF: false
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0C0207.52E14237.01C0, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2012-12-31 09:39:00, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 8611fa7222258b05a7cbc49fdf4e83fe
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: [v6ops] ODP: v6-only (with NAT64) as default network during a conference?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 16:24:31 -0000

Hi,

we use 464xlat for IPv6-only access, but without DNS64 and most of problem are gone.
In this scenario CLAT+NAT64+DNS-DualStack, Cisco VPN client works fine. It does not matter if the server is ipv4 literal or ipv4 domain. Of course NAT-T (IPSEC/UDP) is enabled, because android-clat does not process packet of ESP protocol. 

BR,
mcz
 

-----Wiadomość oryginalna-----
Od: v6ops [mailto:v6ops-bounces@ietf.org] W imieniu Gert Doering
Wysłano: 23 stycznia 2014 10:09
Do: George Michaelson
DW: IPv6 Operations
Temat: Re: [v6ops] v6-only (with NAT64) as default network during a conference?

Hi,

On Thu, Jan 23, 2014 at 11:48:35AM +1000, George Michaelson wrote:
> Aren't the VPN failure modes you mention in the NAT64 case also plausible
> examples which will break in a 464XLAT case?

OpenVPN will not work if you force it to use 464xlat by connecting to an
IPv4 literal.

OTOH, the *Android* build of OpenVPN handles automatic failover from 
IPv4 to IPv6 just fine, so if you point your VPN client at the server's 
host name, NAT64 will do it's job.  So the 464xlat case is only relevant
if you put an IPv4 literal into your configs, and you're not supposed
to do that anyway...


The issue with NAT64 and OpenVPN affects the 2.3.x releases for "classic"
OSes (MacOS, Linux, Windows) - this one has no AFI failover support, so
it will be "IPv4-only" or "IPv6-only", and you need to manually change
the AFI used if behind a NAT64.  Then it will also work.  (Fixed in 
git master, to be released as 2.4.0 eventually)


Can't say anything about Cisco VPN client or any of the other ones
floating around.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279
_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email