|
|
|
|
|
|
by bert64
1206 days ago
|
|
|
There's no reason you wouldn't use a VPN in exactly the same way. Just because devices have routable addresses doesn't mean they will allow connections from arbitrary sources. You can configure them to only allow connections from your IPv6 VPN pool.
On the other hand using globally unique IPv6 addresses means your VPN won't conflict with the source network where users are connecting from. SLAAC can provide DNS configuration, see RFC6106 for instance. You can do HA in the same way with VRRP or whatever too, as you point out the built in mechanisms are generally better but you don't necessarily have to use them. The chance of traffic leaking still exists, and does happen a lot with legacy IP too. The difference is that with v6 the traffic will be routed back to you, so you will be able to see it on your border firewalls. With legacy IP, the traffic will be dropped by the ISP or absorbed by the local network so you don't know it's happening and consequently you probably won't try to do anything about it. |
|
|