Re: VPN over IPv6

[Philippe Clérié <philippe@gcal.net>]

On 04/14/2016 08:38 PM, John Hasler wrote:
> Philippe Clérié wrtes:
> > I thought it somewhat strange since I believe IPv6 essentially removes
> > the need for VPN.
>
> How?

Well, it's just the way IPv6 works.

By now, I suspect most IPv4 networks use private addresses, i.e. 
10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/24. So, it makes sense to have a 
VPN between two different networks with such addresses so that they can 
communicate.

With IPv6, every* address is routable over the internet, and there is
no equivalent set of private addresses like the above. Therefore any two 
IPv6 networks should be directly accessible to each other, obviating the 
need for VPN or NAT for that matter.

Plus IPv6 is already encrypted.

[*] There are reserved address blocks but not for private addressing.

> > So what might be a use case for VPN over IPv6?
>
> The need for a Virtual Private Network.  For example I might have cash
> registers in multiple stores and want them all to connect to a single
> server or have employees working from home with sensitive data.

It is possible to have a single block of IPv6 addresses that covers that 
example.

Say you have 10 locations, so you need 10 local networks. So you get 
something like a /60 IPv6 block that gives you 16 networks of 64 bits 
addresses. That should cover it nicely.

No need for a VPN here.

--
Philippe

------
The trouble with common sense it that it is so uncommon.
<Anonymous>