On 04/14/2016 08:38 PM, John Hasler wrote:
Philippe Clérié wrtes:
I thought it somewhat strange since I believe IPv6 essentially removes
the need for VPN.
How?
Well, it's just the way IPv6 works.
By now, I suspect most IPv4 networks use private addresses, i.e.
10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/24. So, it makes sense to have a
VPN between two different networks with such addresses so that they can
communicate.
With IPv6, every* address is routable over the internet, and there is
no equivalent set of private addresses like the above. Therefore any two
IPv6 networks should be directly accessible to each other, obviating the
need for VPN or NAT for that matter.
Plus IPv6 is already encrypted.
[*] There are reserved address blocks but not for private addressing.
So what might be a use case for VPN over IPv6?
The need for a Virtual Private Network. For example I might have cash
registers in multiple stores and want them all to connect to a single
server or have employees working from home with sensitive data.
It is possible to have a single block of IPv6 addresses that covers that
example.
Say you have 10 locations, so you need 10 local networks. So you get
something like a /60 IPv6 block that gives you 16 networks of 64 bits
addresses. That should cover it nicely.
No need for a VPN here.
--
Philippe
------
The trouble with common sense it that it is so uncommon.
<Anonymous>
