[strongSwan] IPv6 Addresses

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 12 13:06:20 CEST 2010

IPv6-based address pools are fully supported although /64
is way to large to keep in memory since we must instantiate
the whole address space due to lookup performance reasons.

The real problem is that the Linux kernel does not support
routing table entries with the src parameter being an IPv6
address, so that virtual IPv6 addresses can be checked out
by a VPN gateway and are transported via the IKEv2 configuration
payload or the IKEv1 Mode Config payload but cannot be
installed in the kernel. Thus we cannot force IPv6 packets
to leave via a physical interface but assuming a different
source address.

Best regards


Claude Tompers wrote:
> Hi,
> I fear my email has been overseen, so I repost it again with further
> details. In an IPv4 VPN, I can assign IP addresses from a given pool
> to the roadwarriors by using i.e. :
> rightsourceip=192.168.128/25
> Is it possible to do the same with IPv6 ?
> rightsourceip=fec0:1234:5678::/64
> regards Claude Tompers
> On Thursday 08 April 2010 11:48:38 Claude Tompers wrote:
>> Hi,
>> Is there a way to distribute IPv6 addresses to road warriors ? i.e.
>> : rightsourceip=<IPv6-subnet> I've tried this but it always
>> distributes the same address to every host.
>> thanks in advance Claude

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list