Back to list
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
Aug 27 2014 04:19AM
Fernando Gont (fgont si6networks com)
-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor (at) rfc-editor (dot) org [email concealed]
Reply-To: ietf (at) ietf (dot) org [email concealed]
To: ietf-announce (at) ietf (dot) org [email concealed], rfc-dist (at) rfc-editor (dot) org [email concealed]
CC: drafts-update-ref (at) iana (dot) org [email concealed], rfc-editor (at) rfc-editor (dot) org [email concealed]
A new Request for Comments is now available in online RFC libraries.
Title: Layer 3 Virtual Private Network
(VPN) Tunnel Traffic Leakages in Dual-Stack
Author: F. Gont
Date: August 2014
Mailbox: fgont (at) si6networks (dot) com [email concealed]
I-D Tag: draft-ietf-opsec-vpn-leakages-06.txt
The subtle way in which the IPv6 and IPv4 protocols coexist in
typical networks, together with the lack of proper IPv6 support in
popular Virtual Private Network (VPN) tunnel products, may
inadvertently result in VPN tunnel traffic leakages. That is,
traffic meant to be transferred over an encrypted and integrity-
protected VPN tunnel may leak out of such a tunnel and be sent in the
clear on the local network towards the final destination. This
document discusses some scenarios in which such VPN tunnel traffic
leakages may occur as a result of employing IPv6-unaware VPN
software. Additionally, this document offers possible mitigations
for this issue.
This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/rfc.html
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor (at) rfc-editor (dot) org. [email concealed] Unless
specifically noted otherwise on the RFC itself, all RFCs are for
The RFC Editor Team
Association Management Solutions, LLC
e-mail: fernando (at) gont.com (dot) ar [email concealed] || fgont (at) si6networks (dot) com [email concealed]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
[ reply ]
Copyright 2010, SecurityFocus