[Openswan dev] [Openswan Users] Tunneling IPv6 over IPsec+IPv4
Paul Wouters
paul at xelerance.com
Sun Aug 29 23:05:38 EDT 2010
On Sun, 29 Aug 2010, i.grok at comcast.net wrote:
> I'm trying to set up a roadwarrior configuration which has the outer
> addresses being IPv4 and the inner addresses being IPv6. This way, I can
> avoid address overlap between RFC1918 addresses used on the road vs.
> RFC1918 addresses on my network.
>
> Looking at the man ipsec_pluto, there is discussion of a distinction
> between host (outer) addresses and client (inner) addresses, so this
> should be possible, but I haven't succeeded entirely.
>
> Here's my attempt:
>
> conn rw--net
> connaddrfamily=ipv6
> left=%any
> leftsourceip=2001:db8:1::1
> leftsubnet=2001:db8:1::/64
> leftrsasigkey=%cert
> leftcert=rw
> right=192.0.2.1
> rightsourceip=2001:db8::1
> rightsubnet=2001:db8::/64
> rightrsasigkey=%cert
> rightcert=gw
> auto=add
>
> This generates no errors at the commandline when I do ipsec setup start,
> but the connection does not show up when I do ipsec auto --status
>
> If I change %any to a specific IPv4 address, this works, but rather
> defeats the purpose of having a roadwarrior configuration...
>
> Is this a bug, or should I be doing something differently?
That's a bug.
Paul
More information about the Dev
mailing list