Dynamic IPv6 Prefix Problems and VPNs

Presented at TROOPERS18 (2018), March 13, 2018, 1:30 p.m. (Unknown duration)

While the usage of VPNs and DynDNS accounts for IPv4 Internet connections are quite common, those cannot be used properly with dynamic (non-persistent) IPv6 prefixes. This talk outlines the challenges with variable IPv6 addresses for small offices / home offices and gives some hints how to solve them.

With IPv6 everything is easier and better? Really everything? While it solves the addressing problems due to its size it brings a few new challenges to network and firewall admins such as unintended routing through the default route or multiple DynDNS changes. While companies will have static (PI-) IPv6 prefixes, Small Offices / Home Offices won't. This brings even unsolved "dynamic prefix" problems. This talk compares common IPv4/IPv6 Internet scenarios with respect to routing and firewall policies especially related to dynamic IPv6 prefixes. It outlines best practices for site-to-site VPNs and DNS servers.


  • Johannes Weber
    Johannes is working as a Network Security Consultant at TÜV Rheinland i-sec GmbH with the focus on network security. He has a Master's degree in IT-Security (Ruhr-Universität Bochum, Master Thesis: IPv6 Security) and blogs regularly at https://blog.webernetz.net.


Similar Presentations: