On 20 dec 2007, at 19:38, Theodore Tso wrote:
Agreed, getting VPN's to work is going to be non-trivial. On the other hand, many VPN's are designed to work even in the presence of IPv4 NAT's, since they are so ubiquitous these days; road warriors who are using a variety of hotel and airport network services run into them all the time. So the question is whether some clever engineering might allow some or all of the VPN's to work correctly even without any cooperation or assistance of the corporate VPN server?
[...]
And if the first IETF meeting where we try this, there is a NAT box which provides IPv4 services over an IPv6 encapsulation, that might not be a bad thing.
Note that it's almost certain that a VPN thingy that was made to work with IPv4 (and NAT) won't work through an IPv6-to-IPv4 NAT-PT: the latter assumes that applications will be using the IPv6 socket API even though at some point IPv4 packets are generated.
This is one of the issues with NAT-PT we can hopefully fix in the relatively short term so that even IPv4-only applications can work over an IPv6-only network. (See thursday v6ops meeting from two weeks ago.)
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf