From owner-freebsd-questions@freebsd.org Fri May 27 07:09:04 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A63CB4B6D4; Fri, 27 May 2016 07:09:04 +0000 (UTC) (envelope-from niklaas@box-fra-01.niklaas.eu) Received: from box-fra-01.niklaas.eu (box-fra-01.niklaas.eu [46.165.253.68]) by mx1.freebsd.org (Postfix) with ESMTP id 3162713A0; Fri, 27 May 2016 07:09:03 +0000 (UTC) (envelope-from niklaas@box-fra-01.niklaas.eu) Received: by box-fra-01.niklaas.eu (Postfix, from userid 1001) id 17D6961FEC; Fri, 27 May 2016 09:09:01 +0200 (CEST) Date: Fri, 27 May 2016 09:09:01 +0200 From: Niklaas Baudet von Gersdorff To: freebsd-net@freebsd.org, tinc@tinc-vpn.org, Mailinglists FreeBSD Subject: Re: IPv6, ULAs and FreeBSD Message-ID: <20160527070901.GA7911@box-fra-01.niklaas.eu> Mail-Followup-To: freebsd-net@freebsd.org, tinc@tinc-vpn.org, Mailinglists FreeBSD References: <20160519124446.GB2444@box-fra-01.niklaas.eu> <20160523034855.GA37797@box-fra-01.niklaas.eu> <20160524061707.GA77980@box-fra-01.niklaas.eu> <20160526193602.GF49239@box-fra-01.niklaas.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2016 07:09:04 -0000 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Kevin Oberman [2016-05-26 21:11 -0700] : > There are a lot of excellent reasons to avoid ULAs. There are a very > few good, or even so-so reasons to use them. The most commonly cited > reason is security which is almost always wrong. In almost 20 years of > working with IPv6 I have yet to see any valid security reason for > using ULAs. There are any number of excellent papers on this. Kevin, thanks for your comment. I have no professional background in IT, so I really appreciate your remarks. > The most valid use is when you can only get a /64 from your provider. I got a /112 for each of my virtual servers... So, I decided to go for ULAs for the VPN between them. > I really guess all of this needs to be in the handbook so people don't > waste time trying to do things that are documented to either not work > or not work effectively. And, unless you are really, really sure you > need ULAs, They mostly just break things. I agree. In addition, I would like to emphasise that it should be in both FreeBSD's and tinc's handbook. I guess I could have known, if I had read the RFCs, but adding some notes in the handbook(s) would ease things a lot. --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXR/KHAAoJEG2fODeJrIU/ai8P/jQRlPHFPp7cZ7Ws1jwo5erm knh1UJHdNUknRyxgLAYxFK35tYiEKgWNS3m/Ra03iRmXozS9R+IrDkJdxI4ik9o5 5DlSIr8MMB9dsghOoPQfIAEwW8yOsIFdPs+FohpbSevm7MIEpjncvhV+6yTA6LDs +ZP0bGTGTm+/wFwVNYjvbwhCd7PtRXTsUGPNjU/byMT48eNg/mHDnIszJQTE00JM 0KXtzbsPBETjc8FPTJqYfOR0EjrPO99y1uF9ZKVSyw37D7nRIgTAQFO1nZmZ7Q27 U7eIbwwOIW12M1fl2YA+HSWkW1tXDxOAznwi27Cjz/YHETqmqECYa4Gkl9/NIUvS i8MM6VsLD/62gr6CvfaMMugLm9gqxx/OoQtYAYwdE0a4J1y/PoIvVfxfqb1tmdw2 DO0qePwrTHh5YBaXaUIOTjhgMxjtyxfJh41gM0viATNkVRo6B19oTnen+9ba3TST Fm2u4+r8wT+HvPZJvk5VLaHAj5Ic5wDR8WiiDxgLDMOtka+2k7uW5dS7gk7I3lQ1 4nxpLAdD+DKyuhlc91VVAJwG0RQ3V3iecLHe3xeg/bM+8KZYCqxJ5FL9Pwati8mt iETPapfToPvskh38gQluOXidbhnqjc5QDZ3rinNke7AK1a07odLO2ayi2rq77YEq l72rDOf2bEfsA1vXLDqi =etyx -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm--