IPv6 VPN addressing

Question

I got two servers with public IPv4 and (now) IPv6 addresses. They have a VPN to do stuff like MySQL replication. With IPv4 I just took a RFC1918 range (10.0.0.0/8) and if you access the server via that range, it went through the VPN. With IPv6 everything has a globally unique address without NAT. How would you assign addresses to the endpoints? I got on each side a /48 subnet.

I see the following possibilities:

Use a private/documentation/... IPv6 address
Somehow route the traffic to the public IPv6 address through the VPN

How would you do it? VPN is tinc.

Documentational space is never a good idea, it has one very specific purpose. What endpoints are you talking about, the clients? Or are those servers connected with eachother through a VPN? — Teun Vink, Aug 12 '14 at 19:29

score 4 · Accepted Answer · answered Aug 12 '14 at 20:26

4

General rule of thumb: never use documentational space. It has a very specific purpose, don't ever use it for anything else or you'll regret it at a later time.

If these two servers only need to talk to eachother and don't require any other connectivity for the given IPv6 addresses I'd use ULA space: pick a somewhat random /64 from within fd00::/8 and use that between the servers.

answered Aug 12 '14 at 20:26

Teun Vink

17,233
6
44
70

3

@Aragon0 Don't just use fd00::/8 or you'll defeat the whole purpose. Use a generator to pick a random range within that block. – Michael Hampton Aug 15 '14 at 19:41
@MichaelHampton Thank you for pointing that out! Luckily I haven't had the time to set it up yet, so I will use the generator. – Lorenz Aug 15 '14 at 19:56

IPv6 VPN addressing

1 Answers1