[strongSwan] IPv6 Addresses
Jan Engelhardt
jengelh at medozas.de
Mon Apr 12 13:34:10 CEST 2010
On Monday 2010-04-12 13:06, Andreas Steffen wrote:
>The real problem is that the Linux kernel does not support
>routing table entries with the src parameter being an IPv6
>address,
I would not call it a problem. If I understand right, the src addr,
if it has not been explicitly been set or specified using bind(2) or
sendto(2), is not determined by looking at the "src" attribute in
IPv6, but at the address list of an interface, and picking one that
has an appropriate lifetime. Since reproducing the same lookup logic
in strongswan would be sort of an unwanted fork, the kernel does have
a way to calculate the routing entry src address, by using `ip route
get` or the respective netlink calls. Does that help?
>so that virtual IPv6 addresses can be checked out
>by a VPN gateway and are transported via the IKEv2 configuration
>payload or the IKEv1 Mode Config payload but cannot be
>installed in the kernel. Thus we cannot force IPv6 packets
>to leave via a physical interface but assuming a different
>source address.
More information about the Users
mailing list