This hole stems from the fact that some of these remote-access VPNs are
configured to inspect and apply security controls only to IPv4 traffic
as it passes through a VPN concentrator without enabling similar
protections for IPv6 traffic.This leaves IPv6 traffic free to access the
Internet directly without those controls being applied. Known as IPv6
VPN breakout, the issue is well known yet often remains overlooked.
There are solutions for IPv6 VPN breakout, but the first step is to understand it in order to appreciate its importance.
Why IPv6 VPN breakout is overlooked
Many enterprises do not realize how often IPv6 is being used on devices that
access their networks via VPN. Phones, tablets and laptops used for
remote access to corporate networks commonly support IPv6 as do
broadband and cellular services they might use to access the internet.
As a result, enterprises often don’t recognize IPv6 as a security factor.
They configure their VPNs to inspect only IPv4 traffic, which can leave
mobile devices free to access IPv6 sites that could prove dangerous to
business networks, devices and data.
The way IPv4 protections work is, once the VPN has been established, the VPN concentrator
inspects traffic bound for the internet and blocks traffic bound for
destinations judged out of bounds by the policies the enterprise has
configured. (See Figure 1).Most corporate VPNs enforce what is called no
split-tunneling to enhance security by forcing all IPv4 connections to
traverse the VPN. With no split-tunneling, once a VPN connection has
been established, remote devices cannot make a separate connection to
the internet at large.When comes to the issue of online privacy and
security, we suggest to use a VPN, and our recommendation is