Re: [v6ops] v6-only (with NAT64) as default network during a conference?
Gert Doering <gert@space.net> Thu, 23 January 2014 09:09 UTC
Return-Path: <gert@Space.Net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114541A0282 for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 01:09:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.435
X-Spam-Level:
X-Spam-Status: No, score=-2.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5oddFpLTui6 for <v6ops@ietfa.amsl.com>; Thu, 23 Jan 2014 01:09:03 -0800 (PST)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) by ietfa.amsl.com (Postfix) with ESMTP id 858A51A0355 for <v6ops@ietf.org>; Thu, 23 Jan 2014 01:09:00 -0800 (PST)
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id E615062CBB for <v6ops@ietf.org>; Thu, 23 Jan 2014 10:08:58 +0100 (CET)
X-SpaceNet-Relay: true
Received: from moebius3.space.net (moebius3.Space.Net [IPv6:2001:608:2:2::250]) by mobil.space.net (Postfix) with ESMTPS id C265E62CB8 for <v6ops@ietf.org>; Thu, 23 Jan 2014 10:08:58 +0100 (CET)
Received: (qmail 9992 invoked by uid 1007); 23 Jan 2014 10:08:58 +0100
Date: Thu, 23 Jan 2014 10:08:58 +0100
From: Gert Doering <gert@space.net>
To: George Michaelson <ggm@algebras.org>
Message-ID: <20140123090858.GS40453@Space.Net>
References: <CAD77+gReP-weV3=_hz-rm0KvDbDjkmsZYc0H_rdQ=R9qpcNhJQ@mail.gmail.com> <24696EC9-3CC7-4518-A029-E385F1C987DD@nominum.com> <CAKr6gn35dWXxmDyuaRVzMfzm508-QBGGz3XnxjsokCXMYOm5ow@mail.gmail.com> <01E2D4B2-ECB1-4601-81A2-15C5D59F42EE@nominum.com> <CAKr6gn2yyhLwPc5O+QWs3LVK-tGWzsrdu=h7m7NDNgJ5Wk6RLg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAKr6gn2yyhLwPc5O+QWs3LVK-tGWzsrdu=h7m7NDNgJ5Wk6RLg@mail.gmail.com>
X-NCC-RegID: de.space
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] v6-only (with NAT64) as default network during a conference?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 09:09:07 -0000
Hi,
On Thu, Jan 23, 2014 at 11:48:35AM +1000, George Michaelson wrote:
> Aren't the VPN failure modes you mention in the NAT64 case also plausible
> examples which will break in a 464XLAT case?
OpenVPN will not work if you force it to use 464xlat by connecting to an
IPv4 literal.
OTOH, the *Android* build of OpenVPN handles automatic failover from
IPv4 to IPv6 just fine, so if you point your VPN client at the server's
host name, NAT64 will do it's job. So the 464xlat case is only relevant
if you put an IPv4 literal into your configs, and you're not supposed
to do that anyway...
The issue with NAT64 and OpenVPN affects the 2.3.x releases for "classic"
OSes (MacOS, Linux, Windows) - this one has no AFI failover support, so
it will be "IPv4-only" or "IPv6-only", and you need to manually change
the AFI used if behind a NAT64. Then it will also work. (Fixed in
git master, to be released as 2.4.0 eventually)
Can't say anything about Cisco VPN client or any of the other ones
floating around.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
- Re: [v6ops] v6-only (with NAT64) as default netwo… Cb B
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- [v6ops] v6-only (with NAT64) as default network d… Richard Hartmann
- Re: [v6ops] v6-only (with NAT64) as default netwo… Lorenzo Colitti
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- Re: [v6ops] v6-only (with NAT64) as default netwo… George Michaelson
- Re: [v6ops] v6-only (with NAT64) as default netwo… George Michaelson
- Re: [v6ops] v6-only (with NAT64) as default netwo… Ted Lemon
- Re: [v6ops] v6-only (with NAT64) as default netwo… Gert Doering
- [v6ops] ODP: v6-only (with NAT64) as default netw… Czerwonka Michał - Hurt
- Re: [v6ops] v6-only (with NAT64) as default netwo… holger.metschulat