On Tue, Oct 23, 2012 at 4:18 AM, Michael Thomas <m...@mtcc.com> wrote:
> No, sorry. Corporate VPN's using v6 and the lack of a coherent source > address selection mechanism causes breakage in bizarre and unpredictable > ways. You are not going to get the results you hope for if your mac uses an > ISP prefix to get back inside the corpro firewall, uRPF if nothing else. > SLAAC changes a lot of things over v4. > VPN clients already modify the routing table to ensure traffic going through the VPN goes through the VPN, to enforce policies around split tunneling, and so on. Mine even monitors the routing table for changes so it can act on them. Can you explain why this behaviour, combined with the "prefer matching interface" rule in RFC 3484, is not sufficient? If not, then there is no problem to solve here.
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet