[strongSwan] Problem with 4in6 and 6in4 ipsec tunnel

rakesh bansod rakesh.bansod1209 at gmail.com
Sat Apr 26 08:47:02 CEST 2014


On 04/26/2014 12:04 PM, Andreas Steffen wrote:
> Hi Rakesh,
>
> with a Linux 3.x or a relatively new 2.6 kernel, 4in6 and 6in4 tunnels
> should work out of the box without any changes or additions to the
> kernel. Have a look at our example scenario:
>
> http://www.strongswan.org/uml/testresults/ipv6/net2net-ip4-in-ip6-ikev2/
>
> Best regards
>
> Andreas
>
> On 26.04.2014 07:43, rakesh bansod wrote:
>> Hello,
>>
>> I am trying to configure a  4in6 ipsec tunnel in strongswan with ipv4
>> subnets and ipv6 end points.
>> What changes or additions to be done in kernel to achieve this?
>> Is there any documentation available related to this??
>>
>> Thank you.
>>
>>
>> Regards,
>> Rakesh Bansod
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
Hello Andreas,

Thanks for quick response.

I have kernel 2.6.39.4, in this 4in6 connection is created easily but 
the policies created are incorrect.
these are the policies for end points 2121::1515 and 2121::1616. its 
considering wrong address family and gving 2121::1515 as 33.33.0.0.

src 192.168.1.0/24 dst 192.168.2.0/24
         dir out priority 2344
         tmpl src 33.33.0.0 dst 33.33.0.0
                 proto esp reqid 16389 mode tunnel
src 192.168.2.0/24 dst 192.168.1.0/24
         dir fwd priority 2344
         tmpl src 33.33.0.0 dst 33.33.0.0
                 proto esp reqid 16389 mode tunnel
src 192.168.2.0/24 dst 192.168.1.0/24
         dir in priority 2344
         tmpl src 33.33.0.0 dst 33.33.0.0
                 proto esp reqid 16389 mode tunnel


I have included following modules

CONFIG_INET6_ESP=m

CONFIG_INET6_IPCOMP=m

CONFIG_IPV6_MIP6=m

CONFIG_INET6_XFRM_TUNNEL=m

CONFIG_INET6_XFRM_MODE_TRANSPORT=m

CONFIG_INET6_XFRM_MODE_TUNNEL=m



I think I missed out some kernel modules.


Thanks and Regards,
Rakesh Bansod


More information about the Users mailing list