Vista/WS08: Frequently asked questions on IPv6 support for remote access scenarios (RAS)

  • Article

Hi,

In this blog, I am giving quick FAQ on RAS IPv6 support in Vista and Longhorn Server

IPv6

How do we support IPv4 and IPv6?

First a little background: After you establish a VPN connectivity, you have two interfaces on your client machine – one is your Internet interface (i.e. like Ethernet, PPPoE, PPP over dialup) and other is your corporate or VPN interface (i.e. PPTP or L2TP or SSTP VPN tunnel). Which really means you have two set of IP addresses – can be IPv4 and/or IPv6.

In Vista, we support L2TP or SSTP VPN tunnel over IPv6 (i.e. when your ISP connectivity is IPv6) and continue to support both L2TP/SSTP/PPTP VPN tunnel over IPv4. In all scenarios IPv4 and/or IPv6 packets can be sent on top of VPN tunnel (i.e. packets going to/from corporate network can be IPv4/IPv6).

If you are confused between over/on top, my rule of thumb:

è Look at the connectivity between VPN client and VPN server i.e. your ISP connectivity. That determines how the tunnel packets flow “over” Internet.

è Look at the connectivity between VPN server and corporate network i.e. your corporate connectivity. That determines what flows “on top” of the tunnel.

How do I identify this while configuring?

Open a VPN connection properties in “Network and sharing Center”->”Manage Network Connections”. Right click on Properties.

1) Go under “General” tab, Hostname or IP address that you enter here is the IP address (v4 or v6) or hostname of the VPN server. i.e. the IP address you are going to connect to VPN server or the IP address over which VPN tunnel will be established. Or in other words determine your ISP connectivity.

If you enter IPv6 address, then L2TP or SSTP tunnel is supported. If you enter IPv4 address, then PPTP , SSTP or L2TP tunnel is supported.

But if you enter a hostname, then the type of tunnel selection is deferred till you do “connect” and a name lookup is done. Now DNS server can return you both IPv4 as well as IPv6 addresses. In that scenario, it is tried in order in which the addresses are returned by DNS server inside DNS response.

2) Now go under “Networking” tab, and see “This connection uses the following items”. The protocol listed there includes both IPv4 and IPv6. This protocol will be the protocol that gets negotiated on top of the VPN tunnel. Or in other words this determines your corporate connectivity – whether you will be sending IPv4 and/or IPv6 packets to the corporate network on top of the tunnel.

You can get both IPv4 as well as IPv6 address from your corporate VPN server. And then depending upon the name lookups, appropriate address will be taken.

How does it work when I select “automatic” as Type of VPN?

Automatic VPN tunnel logic is very simple. First try PPTP, if that fails try L2TP, then SSTP.

1) Now say you have configured IPv4 address as the destination VPN server. Then the logic remains same.

2) Lets say you have configured IPv6 address as the destination VPN server. Then L2TP is tried and if that fails PPTP is tried.

3) Lets say you have configured hostname as the destination VPN server. Now your DNS server returns only IPv4 address (i.e. A record), goto logic 1). If your DNS server returns only IPv6 address (i.e. AAAA record), goto logic 2). If your DNS server returns both IPv4 and IPv6 address, then logic will be to go through each IP address and then go to either 1) or 2) depending upon the IP address.

What will happen if I connect Vista client to a VPN server not supporting IPv6 (say 2k server)?

This means you cannot use IPv6 to connect to VPN server (i.e. IPv4 connectivity to ISP), which means your tunnel can be both L2TP or PPTP.

Secondly Vista client will try to get IPv4 as well as IPv6 address from the VPN server, but it will only get IPv4 address and the connection will still go through.

Note: The connection only fails if you are not able to get both IPv4 as well as IPv6 address on top of the VPN tunnel.

Will Vista support IPv6 for connection to my ISP?

Absolutely - Vista supports PPPv6 over Ethernet (very commonly used in broadband deployments like cable/DSL modem) as well as PPPv6 over Dialup. This way depending upon your ISP connectivity (broadband or dialup), you can get native IPv6 connectivity to Internet.

Please feel free to send your comments

Samir Jain
Lead Program Manager
RRAS, Windows Enterprise Networking

[This posting is provided "AS IS" with no warranties, and confers no rights.]