/27 the new /24

Mel Beckman mel at beckman.org
Sun Oct 4 14:27:27 UTC 2015


Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need to be in the router. 

Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, with IPv6 it's built into every device, because IPsec is a mandatory component for IPv6, and therefore, the IPsec security model is required to be supported for all IPv6 implementations. 

Thus it is a true end-to-end secure transport between two nodes -- even when those nodes are behind a firewall. You can still created IPv6 VPNs from site-to-site (called "tunnel mode"), but the idea with IPv6 is that since you can directly encrypt every TCP session, eventually the need for tunnels will diminish, if not go away completely. 

Interestingly, IPsec came out of funding from Clinton administration for securely hosting the whitehouse.gov email server. Trusted Information Systems software engineer Wei Xu started researching IP security methods in July 1994, and ultimately developed the first rendition of IPSec. He ported it to several server OSes of the time. 

 -mel beckman

> On Oct 4, 2015, at 6:41 AM, Matthias Leisi <matthias at leisi.net> wrote:
> 
> The built-in VPN which only supports IPv4 (that one specifically on an Asus router).



More information about the NANOG mailing list