This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] IPv6 Only Network at RIPE 67
- Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
- Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Wed Oct 16 15:37:01 CEST 2013
Hi, On Wed, Oct 16, 2013 at 04:03:27PM +0300, Tore Anderson wrote: > I'm successfully using OpenVPN on the IPv6-only LAN. Seconded, using "Android for OpenVPN" and "OpenVPN Connect" on Android (Nexus 7, with the caveat of "needing static IPv4 address and manual DNS config" to make ipv6-only wifi work in the first place), connecting to an IPv6-enabled server (over UDP, server running with --proto udp6). Connecting to a test OpenVPN server that deliberately has only IPv4 in DNS worked as well (udp). So OpenVPN handles NAT64/DNS64 fine, and both the 2.3 and 3.0 code bases work on an IPv6-only network (yay). As expected, connecting using OpenVPN profiles that have IPv4-literals in there ("server 1.2.3.4") fail. Don't do that, then. > However there are a few caveats: > > 3) The OpenVPN server pushes a DNS server which gets higher priority > than the DNS64 one here, which in turn breaks NAT64 and access to > IPv4-only content. I found no way to override this in NM-OpenVPN, > although I suppose I could do chattr +i /etc/resolv.conf instead... (not > saying this is a bug in OpenVPN, more a general caveat when doing VPN > from NAT64/DNS64 networks). In my case, the server does *not* push a DNS server, which means that trying to use the VPN to access *IPv4* hosts *inside* the VPN fails in interesting ways - DNS64 interferes, and due to the way routing is set up, IPv4 hosts *inside* the VPN are now accessed via NAT64 *around* the VPN (my test host - http://v6.de/ - is purposely available over that VPN or without it). So indeed, DNS and VPN interaction is more complex if DNS64/NAT64 is also intermixed, and if you are not redirecting "all IPv4+IPv6 traffic" through the tunnel (redirect-gateway). Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: </ripe/mail/archives/ipv6-wg/attachments/20131016/20943b41/attachment.sig>
- Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
- Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]