[ipv6-wg] IPv6 ipsec tunnel server on linux server
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Schäfer
thomas at cis.uni-muenchen.de
Tue Nov 6 15:25:14 CET 2018
Am 05.11.18 um 11:39 schrieb Michael Hock: > Hello, > > I'm trying to set up an ipsec server on a linux machine. The > connection between clients and server should be IPv6 only but also > needs to transport IPv4 packets. > However, the linux kernel doesn't seem to support a feature which is > required to transport IPv4 packets within an IPv6 ipsec connection, as > shown here: > https://wiki.strongswan.org/issues/939 > > Does maybe one of you know how to transport IPv4 packets in an IPv6 > ipsec connection, or do we need to wait for the linux kernel to > support this feature? Because this stops me from switching to IPv6 > ipsec connections and I would like to reduce the usage of IPv4 as much > as possible ... > I am not sure if I understand you correctly. I am also not very familiar with ipsec and with strongswan. They are on my long to do list...for rainy days. I also know there are thousand kinds of "ipsec". I found a very old script(2013). Some people told me, this kind of ipsec may be obsoleted already. But it makes two things clear to me: you can use ipsec IPv6 as transport with payload IPv4 or IPv4/IPv6. https://gist.github.com/vi/5628320 allows only IPv4-payload, with a little bit rewriting I have got dual stack payload over IPv6. (tested between my work place and my home ISP) I am not sure if it helps you. But I don't see limitations by Linux at the moment. (ok, I did not speak about dual stack transport, but in worst case you can use different instances for that) Regards, Thomas -------------- next part -------------- --- simplevpn 2013-05-22 17:54:10.000000000 +0200 +++ simplevpn-n 2018-11-06 14:53:13.679887350 +0100 @@ -23,7 +23,7 @@ if [ "$1" == "-6" ]; then shift; - MODE=ipip6 + MODE=any PROT="-6" fi @@ -41,6 +41,8 @@ true ${LOCALIP:="192.168.77.1"} true ${REMOTEIP:="192.168.77.2"} +true ${LOCALIP6:="fd00:1::1"} +true ${REMOTEIP6:="fd00:1::2"} true ${DEVNAME:="simplevpn"} # 4 is encapsulated IPv4 both in IPv4 an IPv6 @@ -62,7 +64,8 @@ ip link set $DEVNAME up ip -4 addr add $LOCALIP/32 dev $DEVNAME ip -4 route add $REMOTEIP/32 dev $DEVNAME - +ip -6 addr add $LOCALIP6/128 dev $DEVNAME +ip -6 route add $REMOTEIP6/128 dev $DEVNAME "$@" << EOF set -e @@ -85,4 +88,6 @@ ip link set $DEVNAME up ip -4 addr add $REMOTEIP/32 dev $DEVNAME ip -4 route add $LOCALIP/32 dev $DEVNAME + ip -6 addr add $REMOTEIP6/128 dev $DEVNAME + ip -6 route add $LOCALIP6/128 dev $DEVNAME EOF \ Kein Zeilenumbruch am Dateiende.
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]