Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 11 Sep 2010 14:59:30 +0200
  • Message-id: <i6fufi$ejo$1@xxxxxxxxxxxxxxxx>
James Knott wrote:

Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
future.

I'm primarily interested in the bottom line; what happens in the near
future might well affect that, but I don't see it affecting my use of
NAT on my local networks.


You have a new customer, who finds they can only get a NAT address
from the ISP. They also want VPN access to their network. How would
you arrange that?

Impossible for you to know, but my customers networks are none of my
concern. Regardless, what you're asking is impossible unless you've
got at least one routable IP for that customer.

If they get a real IP address and use NAT internally, you could still
run a VPN to their firewall, but what if they want to have VPNs
directly to computers behind their firewall? Now things start to
get messy.

A bit far fetched I think, but it's up the customer to sort out, not me.

As I've mentioned in another note, NAT rules out IPSecauthentication
headers. This means that even if a company has a real address, where
the vpn terminates and you want to connect from home, where you use
NAT, you can't use that security feature.

Correct. Still doesn't affect _my_ bottom line.

Perhaps NAT is fine for you right now, but what happens tomorrow when
you want to use something that fails with NAT?

If it's mission critical, I'll sort it out when the time comes.



--
Per Jessen, Zürich (19.6°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread