Re: [Full-disclosure] IPv6 security myths

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "David" == David Morris <dwm@xxxxxxxxx> writes:
    >> Partly. I also expect "VPN" use to get reduced, since 90% of VPNs
    >> are really just remote-access systems necessary due to NAT, not
    >> security.

    David> In my experince, VPNs are used for secure connections between
    David> two private networks ... the existance of NAT is incidental
    David> to the objectives of the network owners. Firewalls, yes, NAT,
    David> n/a. 

Of course, I'm not rejecting this use. That's the 10% that I didn't mention.
If you take the pool of IPv4 speaking endpoints that have IPsec running,
I'm claiming that 90% of those are doing some kind of remote-access
situation.  While you might argue the remaining 10% of site-to-site VPNs
might overshadow the 90% in terms of backbone traffic, that wasn't my
point.

Further, about every third question the Freeswan/openswan support gets
is basically:
   how do I run IPsec when both my gateways are behind NAPT?
   (and I want to use IKEv1 with main mode with PSK auth...)

The answer is that you can't do it if your identity is ID_IPV4.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 



_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]