[Openswan dev] [Openswan Users] Tunneling IPv6 over IPsec+IPv4

Paul Wouters paul at xelerance.com
Sun Aug 29 23:05:38 EDT 2010


On Sun, 29 Aug 2010, i.grok at comcast.net wrote:

> I'm trying to set up a roadwarrior configuration which has the outer
> addresses being IPv4 and the inner addresses being IPv6. This way, I can
> avoid address overlap between RFC1918 addresses used on the road vs.
> RFC1918 addresses on my network.
>
> Looking at the man ipsec_pluto, there is discussion of a distinction
> between host (outer) addresses and client (inner) addresses, so this
> should be possible, but I haven't succeeded entirely.
>
> Here's my attempt:
>
> conn rw--net
>    connaddrfamily=ipv6
>    left=%any
>    leftsourceip=2001:db8:1::1
>    leftsubnet=2001:db8:1::/64
>    leftrsasigkey=%cert
>    leftcert=rw
>    right=192.0.2.1
>    rightsourceip=2001:db8::1
>    rightsubnet=2001:db8::/64
>    rightrsasigkey=%cert
>    rightcert=gw
>    auto=add
>
> This generates no errors at the commandline when I do ipsec setup start,
> but the connection does not show up when I do ipsec auto --status
>
> If I change %any to a specific IPv4 address, this works, but rather
> defeats the purpose of having a roadwarrior configuration...
>
> Is this a bug, or should I be doing something differently?

That's a bug.

Paul


More information about the Dev mailing list