"David" == David Morris <dwm(_at_)xpasc(_dot_)com> writes:
>> Partly. I also expect "VPN" use to get reduced, since 90% of VPNs
>> are really just remote-access systems necessary due to NAT, not
>> security.
David> In my experince, VPNs are used for secure connections between
David> two private networks ... the existance of NAT is incidental
David> to the objectives of the network owners. Firewalls, yes, NAT,
David> n/a.
Of course, I'm not rejecting this use. That's the 10% that I didn't mention.
If you take the pool of IPv4 speaking endpoints that have IPsec running,
I'm claiming that 90% of those are doing some kind of remote-access
situation. While you might argue the remaining 10% of site-to-site VPNs
might overshadow the 90% in terms of backbone traffic, that wasn't my
point.
Further, about every third question the Freeswan/openswan support gets
is basically:
how do I run IPsec when both my gateways are behind NAPT?
(and I want to use IKEv1 with main mode with PSK auth...)
The answer is that you can't do it if your identity is ID_IPV4.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca
http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf