90 lines
2.9 KiB
Markdown
90 lines
2.9 KiB
Markdown
title: Corporate VPNs are dead
|
|
---
|
|
pub_date: 2019-12-16
|
|
---
|
|
author: ungleich network team
|
|
---
|
|
twitter_handle: ungleich
|
|
---
|
|
_hidden: no
|
|
---
|
|
_discoverable: yes
|
|
---
|
|
abstract:
|
|
It's a hard truth, but that's how it is. You need to act now.
|
|
---
|
|
body:
|
|
|
|
Your company has given you a VPN to securely connect to your company
|
|
network. Now you can access resources of your company network
|
|
securely. Great, isn't it?
|
|
|
|
Besides it doesn't work anymore. Traditional corporate VPNs are
|
|
dead. Literally.
|
|
|
|
## Dead? Why?
|
|
|
|
There is a single problem with corporate VPNs: they try to use IPv4.
|
|
And if you are in an IPv6 only network, your corporate VPN stops to
|
|
work.
|
|
|
|
## IPv6 only networks - who has that?
|
|
|
|
Turns out that
|
|
[RIPE ran out of IPv4
|
|
space](https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses).
|
|
a couple of weeks ago. This practically means that companies cannot
|
|
get new IPv4 addresses anymore. Modern companies have already switched
|
|
to IPv6 only networks and mobile networks are converted to IPv6 only
|
|
everywhere in the world.
|
|
|
|
Basically, everyone is moving towards IPv6 only networks.
|
|
Running dual stack networks is significantly more complexity, so the
|
|
tendency is to skip this step and go IPv6 only directly.
|
|
|
|
So in short:
|
|
|
|
* IPv4 ran out
|
|
* Networks are already switching to IPv6
|
|
* Dual stack networks (both IPv4 and IPv6) is too complex
|
|
* IPv6 only is the new default
|
|
* Your corporate VPN does not work in IPv6 only enviroments
|
|
|
|
## Can't things just stay as they are?
|
|
|
|
Unfortunately not. The main problem is that your VPN is intended to be
|
|
used while you are out of the office. The cost for acquiring or
|
|
running IPv4 networks is growing on a daily basis. So while your
|
|
company might be able to buy expensive IPv4 addresses, the network
|
|
that you travel to, might not be able to afford IPv4 space anymore.
|
|
|
|
## ... but I have never seen an IPv6 only network!
|
|
|
|
That might be fully true and we have no doubt about this. However,
|
|
providers everywhere in the world are changing to IPv6 only networks
|
|
and especially modern IT startups will not build networks with IPv4
|
|
anymore.
|
|
|
|
So you are more likely to encounter IPv6 only networks in modern
|
|
organisations. And the fact that you haven't seen one yet, does not
|
|
make it more unlikely that you will encounter one soon.
|
|
|
|
## ... but I need the corporate VPN
|
|
|
|
There are two easy ways to get the corporate VPN back working:
|
|
|
|
* update the corporate VPN to support IPv6
|
|
* switch to an Open Source alternative that fully supports IPv6
|
|
|
|
## Help!
|
|
|
|
If your local network group does not know how adopt either of the two
|
|
technologies, feel free to send a mail to **support -at-
|
|
ungleich.ch**, we can support you in finding a solution.
|
|
|
|
Or if you want to talk to like minded people, we invite you to join
|
|
the [IPv6.Chat](https://IPv6.chat), where many people are successfully
|
|
migrated to IPv6.
|
|
|
|
Or you can checkout the [IPv6VPN](https://IPv6VPN.ch) as an
|
|
alternative to your current VPN solution.
|