[eduVPN-deploy] NDP problems using public IPv6

[François Kooman]

On 15.09.22 10:00, Pascal Panneels wrote:
> Hi François,

Hi Pascal,

> Well, I've once again passed a few hours scratching my head on it, and 
> defitively, it cannot work as is even using source routing.

I still don't understand why not?

> My situation as compared to the one described in your document is a bit 
> different : there is no NAT implied anymore in the setup.
> I've suppressed NAT because our customer had a lot of problem to have 
> VoIP working (it is a well known fact that VoIP doesn't work well on 
> NAT, and a workaround such as STUN was not possible for him).   I was 
> using NAT before and it worked perfectly well indeed till the VoIP 
> problems pop up.

NAT is actually not relevant here, it functions as a bit of distraction 
in understanding what needs to be done / how things work.

> It is impossible in my setup that the VPN clients will be able to answer 
> any IPv6 sollicitation coming from the customer networks, without ndp 
> proxy on the server itself.

Why? How does your setup differ from the one discussed in 
SOURCE_ROUTING.md, obviously except for the NAT part?

We could add your scenario to the documentation, or at least _also_ show 
a non-NAT deployment...

> It works now perfectly well.

It would be easy for me to say: great, but I don't think this is great. 
It adds a lot of complexity and potential security problems. It would be 
better to dig to the bottom of this issue and properly solve it using 
routing.

Could you please provide a (graphical) overview of your network setup, 
similar to how it is done in SOURCE_ROUTING.md so we can compare and see 
what is the actual difference and how to properly solve it?

Regards,
François