[Openswan Users] IPv6 status
Michael H. Warfield
mhw at WittsEnd.com
Tue Mar 9 18:46:06 EST 2010
On Tue, 2010-03-09 at 23:37 +0000, Jason White wrote:
> Jason White <jason at jasonjgw.net> wrote:
> >An example of desired usage would be to encrypt all traffic destined to an
> >IPv6 subnet, where the gateway belongs to the same subnet, e.g., the subnet is
> >a /64 and the gateway is xxxx:xxx:xxxx::1
> Following up to my own post, I managed to make this work without any
> difficulties, with OpenSwan at both ends.
> Specifying %defaultroute in any of the parameters gave an error stating that
> the wrong address family was being used. For now, my only solution is to
> specify the left/right and leftnexthop/rightnexthop parameters explicitly as
> IPv6 addresses. This will become problematic later with my laptop, for
> instance, which has different IPv6 addresses depending on whether it's at home
> on my native IPv6 network or elsewhere, connected via an IPv6 over IPv4
> tunnel.
That could get even more confusing with Linux routers where they are not
honoring the "default route" (::/0) if IPv6 forwarding is enabled.
That's intended to block things like site locals and link local
addresses and what not. Routers invariable add a route 2000::/3 for the
real default route which only routes the global unicast addresses.
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20100309/fabc69a6/attachment.bin
More information about the Users
mailing list