[Openswan Users] IPV6 ipsec connection question.

Gary Smith gary.smith at holdstead.com
Fri Feb 11 17:02:33 EST 2011

We have 5 IPV6 tunnels through HE's tunnel broker that we would like to secure. Are there any clear examples of setting up an IPV6 network with openswan? I can't find any examples on what the config would look like for this. Also, if the firewall/primary router isn't the VPN concentrator (i.e. the VPN sits inside the DMZ), how do you route in that case?

Net C:
2001:470:1001::1/64 (GW)
2001:470:1001::2/64 (Firewall A)
2001:470:1001:0001::1/64 (Block A)
2001:470:1001:0001::2/64 (Openswan A)
2001:470:2002::/48 (Block A)

< == >

Net B
2001:470:1002::1/64 (GW)
2001:470:1002::2/64 (Firewall B)
2001:470:1002:0001::1/64 (Block B)
2001:470:1002:0001::2/64 (Openswan B)
2001:470:2002::/48 (Block B)

For routing, on Firewall A would I need to specific that /48 Block B should be routed through Openswan A (and vice versa) so that it goes through OpenSwan and not just the front door? I suspect that I would also need to setup the /64 Block A as not part of the ipsec so that it would router properly (I'm probably way off on this though).

Examples anyone?

Assume that I have a blank OpenSwan 11.3 config ;)

Gary Smith

More information about the Users mailing list