[Openswan Users] Tunneling IPv6 over IPsec+IPv4

i.grok at comcast.net i.grok at comcast.net
Sun Aug 29 19:23:46 EDT 2010


I'm trying to set up a roadwarrior configuration which has the outer
addresses being IPv4 and the inner addresses being IPv6. This way, I can
avoid address overlap between RFC1918 addresses used on the road vs.
RFC1918 addresses on my network.

Looking at the man ipsec_pluto, there is discussion of a distinction
between host (outer) addresses and client (inner) addresses, so this
should be possible, but I haven't succeeded entirely.

Here's my attempt:

conn rw--net
    connaddrfamily=ipv6
    left=%any
    leftsourceip=2001:db8:1::1
    leftsubnet=2001:db8:1::/64
    leftrsasigkey=%cert
    leftcert=rw
    right=192.0.2.1
    rightsourceip=2001:db8::1
    rightsubnet=2001:db8::/64
    rightrsasigkey=%cert
    rightcert=gw
    auto=add

This generates no errors at the commandline when I do ipsec setup start,
but the connection does not show up when I do ipsec auto --status

If I change %any to a specific IPv4 address, this works, but rather
defeats the purpose of having a roadwarrior configuration...

Is this a bug, or should I be doing something differently?


More information about the Users mailing list