This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/

[ipv6-wg] IPv6 Only Network at RIPE 67

Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Philipp Kern phil at philkern.de
Thu Oct 17 20:57:28 CEST 2013

Gert,

am Wed, Oct 16, 2013 at 03:37:01PM +0200 hast du folgendes geschrieben:
> As expected, connecting using OpenVPN profiles that have IPv4-literals
> in there ("server 1.2.3.4") fail.  Don't do that, then.

there is one instance where this is actually needed: if split DNS is in
use and the resolvers are not available from outside the tunnel and if
you're on Linux (the latter is a guess, and I only tested with
resolvconf present).

In this case, when the client loses its tunnel, the DNS servers are not
reset to the non-VPN ones. OpenVPN will do a fresh DNS lookup for the
VPN server to a now unreachable DNS server, which fails. Hence the
tunnel will not come back up.

That's the reason why we opted for IPv4 literals in the OpenVPN
deployment at my alma mater.

Kind regards
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </ripe/mail/archives/ipv6-wg/attachments/20131017/97686646/attachment.sig>

Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ipv6-wg Archives ]