[strongSwan] ipv4 and IPv6 traffice H2H ikev2 ipv6 strongswan -help

Noel Kuntze noel at familie-kuntze.de
Sat Aug 30 15:31:11 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello luxInteg,

You can have mixed IPv4 and IPv6 subnets in your right/leftsubnet settings.
There is no difference in the syntax from iptables to ip6tables. They just take different subnets and some modules/targets are different or have different options/parameters.
With IKEv2, you only need one tunnel. If you mix IPv4 and IPv6 subnets in the subnet settings, you get distinct IPsec SAs for the IPv4 subnets and the IPv6 subnets.
e.g. only foo::1 == bar::1 and 123.123.123.123/32 == 234.234.234.234/32, not foo::1 == 123.123.123.123/32, obviously. The same thing happens if you have a list of subnets from only one IP version in your TS.
The notation of several subnets in leftsubnet and rightsubnet is "leftsubnet = 123.123.123.123/24,234.234.234.234/32".
There may be spaces between the comas and the individual subnets and between the parameter name and the equal sign, as well as between the equal sign and the subnets.

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 30.08.2014 um 09:08 schrieb lux-integ:
> Greetings,
>
> I have an application where I want  to use strongswan Host-to-Host
> configuration (IKev2)    (
> http://www.strongswan.org/uml/testresults/ipv6/host2host-ikev2/ )
> Both  ends have IPv6//and IPv4-enabled  interfaces.  I want to send  both IPv6
> and IPv4-addressed  packets across the tunnel
>
> I dont know if I can use  IP6tables for the IPv6-addressed packets and
> IPtables for the IPv4-addressed pakets  across the single tunnel
> as  there are  differences in the  netfilter syntaxes
>
> OR
> whether I need two tunnels  the other one being
> (  http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/ )
>
>
> Advice would be appreciated.
>
> Yours sincerely
> luxInteg
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUAdIfAAoJEDg5KY9j7GZYTBYP/1VMMbSqvzW48Gvo5qD9euVe
UOZ8IndH/TIvNYUuGgGAhjdyJMTn2yTzaSSZa137R55c6twmDsnvIgk1N1lX70pP
tZtAaxIz8crFqUt8kdJuZakQV1UXv1LBsaBHzE8vWGhIRlZ1zB9/8NR4g4DVWzmt
nE7ica8MV1uIGgluovXC9Ray+Z0yb3WHpHfAH6Y9tmLH6GopHwR/341hqjVyXr1U
pEDUTVz42uuyVnij9+ROgse3BFMgnZL7A5ENjVqDI55a74D2A/rYWJCUbOvWl+Yr
yniuJP4jT6FIY9cfSt427h6djr/01L+qBsPEPp0YkvidUbzPA3lDL54wcN0rJa/4
JKvQuVTfJURjX71K83Fm5V3f+SC52nW+/OFHob8D3z2yyLsSNpCrr2hbv7TiN1k7
ah6DENYvIXOS93XY+kccnX76jAhCY/d8cT1eFns5jKuK/Ro+CBqmNEBSDsCvxM7w
KoANrLJXcqO23bZkX58FkzVMAJKJjeZhYKzqzclFaWoqw5GUyh3zm35fmOSowIr8
hBcvlH1FoXfMDfPkOVHloPMHhfPMRuC7vsRkzL5VF7wQ5hHs8//mEkaWsQZdIX+z
5Dd4/lWN7Fo8JBmX7MFOB8O7vflQI1T8ounTwuSBqiCQ5fESAMTGflfKm4NSVaKr
80rDE4xALwfN+/3LdKSM
=X5AO
-----END PGP SIGNATURE-----




More information about the Users mailing list