[strongSwan] IPv6-to-IPv6 tunnel configuration help
Tony Zhou
tonytzhou at gmail.com
Fri Feb 28 04:54:43 CET 2014
Hi,
I have a KVM VPS running Strongswan 5.1.0, and I am trying to set up an
IKEv2 IPv6-to-IPv6 tunnel such that all road warrior's traffic should go
through this VPS. This VPS has a /64 routed subnet. The roadwarriors
have IPv6 access. Now the problem is that the tunnel can be established,
but no traffic can go between the VPS server and road warriors. The IPv4
part of this VPN works fine. Here are my configurations:
ipsec.conf
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
rekey=no
keyingtries=3
dpdaction=clear
dpddelay=30
dpdtimeout=120
left=server.public.ipv4.addr
leftsubnet=0.0.0.0/0
right=%any
conn IKEv2
keyexchange=ikev2
ike=aes256-sha1-modp1024!
auto=add
leftauth=pubkey
leftcert=serverCertv4.pem
right=%any
rightsourceip=ipv4.private.addr/24
rightauth=eap-radius
rightsendcert=never
eap_identity=%any
conn IKEv2-IPv6
left=server.public.ipv6.addr
leftsubnet=::/0
keyexchange=ikev2
ike=aes256-sha1-modp1024!
auto=add
leftauth=pubkey
leftcert=serverCertv6.pem
leftfirewall=yes
right=%any
rightsourceip=subnet.prefix/112
rightauth=eap-radius
rightsendcert=never
eap_identity=%any
And ip6tables:
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A FORWARD -s subnet.prefix/64 -j ACCEPT
Thanks a lot,
TZ
More information about the Users
mailing list