I know that a VPN may be used in lots of different ways for lots of different things, so I'm not suggesting that IPv6 removes the need for a VPN completely.
I'm interested in one particular use-case:
I have a cellular (GSM) router, and traditionally, a standard SIM from my local network operator will give me a dynamic IPv4 address. In order to be able to reach my router from the internet, today I use a VPN. This does 2 things:
- It gives my router a static IPv4 address. This will not change, if the dynamic IPv4 address assigned by the operator changes, or if I change operators.
- It allows me to traverse the operator's NAT firewall. If my router is acting as a server, I can initiate a connection to it.
I'm still learning about IPv6, but it seems to me that if a network operator supports IPv6 (say Verizon Wireless in the US), then I no longer need a VPN:
- 3GPP cellular operators use SLAAC, and I get a Global Unicast Address. This, by definition, is globally-routable. There is no NAT.
- I know what /64 prefix the operator assigns, and I know what Interface ID will be used (either EUI-64 or RFC 7217), so I have a static IPv6 address.
Is this correct? Or am I missing something?
Of course, I'm aware that a VPN provides extra security, because it adds authentication and encryption. But lets assume for the purposes of this discussion that I will use an IPv6 firewall, or IPsec, or TLS at the application layer, for security.
I know I could continue to use a VPN with IPv6, and this would allow me to use Unique Local IPv6 Addresses just like my old private IPv4 addresses. But why would I need to?
Best Answer
I think your idea that consumer and mobile ISPs will give out static IPv6 is optimistic to say the least. Some may do so but many probably will not.
VPNs provide two main features.
Feature 2 is useful for many reasons.
Some of these may be less of an issue in a v6 world but I expect that VPNs will still be useful in general and will likely remain a good solution for administering remote devices.