[ipv6-wg] IPv6 ipsec tunnel server on linux server
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Tue Nov 6 15:49:33 CET 2018
Hi, On Mon, Nov 05, 2018 at 08:18:31PM +0100, Gert Doering wrote: > On Mon, Nov 05, 2018 at 11:39:54AM +0100, Michael Hock wrote: > > I'm trying to set up an ipsec server on a linux machine. The connection > > between clients and server should be IPv6 only but also needs to transport > > IPv4 packets. > > However, the linux kernel doesn't seem to support a feature which is > > required to transport IPv4 packets within an IPv6 ipsec connection, as > > shown here: > > https://wiki.strongswan.org/issues/939 > > > > Does maybe one of you know how to transport IPv4 packets in an IPv6 ipsec > > connection, or do we need to wait for the linux kernel to support this > > feature? Because this stops me from switching to IPv6 ipsec connections and > > I would like to reduce the usage of IPv4 as much as possible ... > > Without wanting to understand whether Linux can actually *do* this, what > you generally do is "put an intermediate tunnel header here". It has been pointed out to me that I read your post upside-down - not "IPv6 over IPv4 IPSEC" was the goal, but "IPv4 (+IPv6) over IPv6 IPSEC". But the net recommendation is the same - build an outer IPSEC connection over IPv6, set up a tunnel interface to use that, route IPv4 through this second tunnel. (And, of course, OpenVPN could do IPv4-over-IPv6 over 10+ years ago ;-)) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/ipv6-wg/attachments/20181106/916702e5/attachment.sig>
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]