[colug-432] IPv6: 20 years old, 10% deployed

Rick Troth rmt at casita.net
Mon Jan 4 20:05:09 EST 2016


On 01/04/2016 01:06 PM, Rob Funk wrote:
> That sounds dangerous. Unless you're using IPsec, an ipv6 tunnel
> doesn't give you the privacy advantages of a VPN. Someone can sniff
> your ipv4 traffic and see all your ipv6 traffic.

Too true.
And I take some care about what can and cannot use IPv6 in that role.

But on balance: VPN is a perimeter concept. (It expands your perimeter,
virtually, and (you hope) safely.) Some are now saying that perimeter
security doesn't cut it anymore. (Not meaning to be reckless and leave
the door unlocked or the yard unfenced.)


On 01/04/2016 12:34 PM, Chris Anderson wrote:
> I've never really liked using tunnels either, as they seem to be a bit
> of a temporary bandaid-fix. I prefer a dual IPv4/IPv6 stack until IPv4
> goes away. I don't really have a good reason beyond the "ick" feeling
> of adding yet another layer.

I here ya. I just don't get the same "ick". It's weird because I really
dislike excess layers (or excess any complexity). Maybe it's the control
freak in me: the access trumps concerns about thickening layers.

Maybe we should have a network security topic again at an upcoming COLUG
gathering. (Who did the Pi pitch in September? Wasn't router/gateway
part of that presentation? I missed that one. Rrreeeeplay!)

-- R; <><





More information about the colug-432 mailing list