Layer 3 Virtual Private Network Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
RFC 7359, “Layer 3 Virtual Private Network Tunnel Traffic Leakages in Dual-Stack Hosts/Networks”, is an Informational document published in August 2014 by F. Gont. The canonical text is published by the RFC Editor.
Abstract
The subtle way in which the IPv6 and IPv4 protocols coexist in typical networks, together with the lack of proper IPv6 support in popular Virtual Private Network (VPN) tunnel products, may inadvertently result in VPN tunnel traffic leakages. That is, traffic meant to be transferred over an encrypted and integrity- protected VPN tunnel may leak out of such a tunnel and be sent in the clear on the local network towards the final destination. This document discusses some scenarios in which such VPN tunnel traffic leakages may occur as a result of employing IPv6-unaware VPN software. Additionally, this document offers possible mitigations for this issue.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7359 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7358 Label Advertisement Discipline for LDP Forwarding Equivalence Classes
- RFC 7360 Datagram Transport Layer Security as a Transport Layer for RADIUS
- RFC 7357 Transparent Interconnection of Lots of Links : End Station Address Distribution Information Protocol
- RFC 7361 LDP Extensions for Optimized MAC Address Withdrawal in a Hierarchical Virtual Private LAN Service
- RFC 7356 IS-IS Flooding Scope Link State PDUs
- RFC 7362 Latching: Hosted NAT Traversal for Media in Real-Time Communication
- RFC 7355 Indicating WebSocket Protocol as a Transport in the Session Initiation Protocol Common Log Format
- RFC 7363 Self-Tuning Distributed Hash Table for REsource LOcation And Discovery