Corporate VPNs are dead

Posted on 2019-12-16 by ungleich network team

Your company has given you a VPN to securely connect to your company network. Now you can access resources of your company network securely. Great, isn't it?

Besides it doesn't work anymore. Traditional corporate VPNs are dead. Literally.

Dead? Why?

There is a single problem with corporate VPNs: they try to use IPv4. And if you are in an IPv6 only network, your corporate VPN stops to work.

IPv6 only networks - who has that?

Turns out that RIPE ran out of IPv4 space. a couple of weeks ago. This practically means that companies cannot get new IPv4 addresses anymore. Modern companies have already switched to IPv6 only networks and mobile networks are converted to IPv6 only everywhere in the world.

Basically, everyone is moving towards IPv6 only networks. Running dual stack networks is significantly more complexity, so the tendency is to skip this step and go IPv6 only directly.

So in short:

  • IPv4 ran out
  • Networks are already switching to IPv6
  • Dual stack networks (both IPv4 and IPv6) is too complex
  • IPv6 only is the new default
  • Your corporate VPN does not work in IPv6 only enviroments

Can't things just stay as they are?

Unfortunately not. The main problem is that your VPN is intended to be used while you are out of the office. The cost for acquiring or running IPv4 networks is growing on a daily basis. So while your company might be able to buy expensive IPv4 addresses, the network that you travel to, might not be able to afford IPv4 space anymore.

... but I have never seen an IPv6 only network!

That might be fully true and we have no doubt about this. However, providers everywhere in the world are changing to IPv6 only networks and especially modern IT startups will not build networks with IPv4 anymore.

So you are more likely to encounter IPv6 only networks in modern organisations. And the fact that you haven't seen one yet, does not make it more unlikely that you will encounter one soon.

... but I need the corporate VPN

There are two easy ways to get the corporate VPN back working:

  • update the corporate VPN to support IPv6
  • switch to an Open Source alternative that fully supports IPv6

Help!

If your local network group does not know how adopt either of the two technologies, feel free to send a mail to support -at- ungleich.ch, we can support you in finding a solution.

Or if you want to talk to like minded people, we invite you to join the IPv6.Chat, where many people are successfully migrated to IPv6.

Or you can checkout the IPv6VPN as an alternative to your current VPN solution.