[ipv6-wg] IPv6 Only Network at RIPE 67
- Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
- Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Philipp Kern
phil at philkern.de
Thu Oct 17 20:57:28 CEST 2013
Gert,
am Wed, Oct 16, 2013 at 03:37:01PM +0200 hast du folgendes geschrieben:
> As expected, connecting using OpenVPN profiles that have IPv4-literals
> in there ("server 1.2.3.4") fail. Don't do that, then.
there is one instance where this is actually needed: if split DNS is in
use and the resolvers are not available from outside the tunnel and if
you're on Linux (the latter is a guess, and I only tested with
resolvconf present).
In this case, when the client loses its tunnel, the DNS servers are not
reset to the non-VPN ones. OpenVPN will do a fresh DNS lookup for the
VPN server to a now unreachable DNS server, which fails. Hence the
tunnel will not come back up.
That's the reason why we opted for IPv4 literals in the OpenVPN
deployment at my alma mater.
Kind regards
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ripe.net/ripe/mail/archives/ipv6-wg/attachments/20131017/97686646/attachment.sig>
- Previous message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
- Next message (by thread): [ipv6-wg] IPv6 Only Network at RIPE 67
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]