Warly wrote: [...] > In the first place the end user will get a dynamic IPv4 address for > Internet connectivity, but will also get an IPv6 address through the > VPN network.
Hmmm... I'm not sure how the user can get an IPv6 address through a VPN tunnel. Do you mean the end user PC has a virtual interface (put up by the VPN software) on which it will receive IPv6 Router Advertisements? The stateless address auto-config doesn't really work with Ethernet 64bit Interface ID in this case. Or do you mean the end user uses DHCPv6 Prefix Delegation on that VPN virtual interface? Or does the user PC use 6to4? Or are the user PC IPv6 addresses hard-coded on the PC? (e.g. I sell this PC to this end user and its address I decide to be e.g. 1::1). > Through this VPN IPv6-in-IPv4 network the user can access the IPv6 > backbone, or other computers in the same network with global IPv6 > addresses. I'm not sure how this can work. Generally speaking I'm used to VPN to mean exclusively IPv4-in-IPv4 with an initial IKE exchange. I'm not sure whether IPv6-in-IPv4 is still called 'VPN'. Secure IPv6-in-IPv6 is maybe ssh... but I'm not sure what you mean precisely by IPv6-in-IPv4 VPN. > The IPv6 network will also be used for connections between users, > which may be behind firewalls, so I need the addresses to be routed. > Likely link-local will not be adequate Ah ok makes sense. > This is an interesting point. I was thinking that household will > preferably masquerading techniques for internal network, Well there are no masquerading techniques for IPv6, as they exist in IPv4 linux parlance. There's no IPv6 NAT currently (no software, no standards). [...] > The current goal is to include all the computers in a IPv6 network > for remote management and peer 2 peer exchanges with the collateral > effect to have an IPv6 ready computer and a uplink to the IPv6 > backbone. So the IPv6 connectivity is not the primary target, but > somehow be practical. Makes sense. It sounds as if you want to build an IPv6 network that looks like an overlay network over the IPv4 network. This makes a lot of sense for IPv6 in general. The details are relevant. Alex ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
