[strongSwan] IPv6-to-IPv6 tunnel configuration help

Tony Zhou tonytzhou at gmail.com
Fri Feb 28 04:54:43 CET 2014


Hi,

I have a KVM VPS running Strongswan 5.1.0, and I am trying to set up an 
IKEv2 IPv6-to-IPv6 tunnel such that all road warrior's traffic should go 
through this VPS. This VPS has a /64 routed subnet. The roadwarriors 
have IPv6 access. Now the problem is that the tunnel can be established, 
but no traffic can go between the VPS server and road warriors. The IPv4 
part of this VPN works fine. Here are my configurations:

ipsec.conf

conn %default
         ikelifetime=60m
         keylife=20m
         rekeymargin=3m
         rekey=no
         keyingtries=3
         dpdaction=clear
         dpddelay=30
         dpdtimeout=120
         left=server.public.ipv4.addr
         leftsubnet=0.0.0.0/0
         right=%any

conn IKEv2
         keyexchange=ikev2
         ike=aes256-sha1-modp1024!
         auto=add
         leftauth=pubkey
         leftcert=serverCertv4.pem
         right=%any
         rightsourceip=ipv4.private.addr/24
         rightauth=eap-radius
         rightsendcert=never
         eap_identity=%any

conn IKEv2-IPv6
         left=server.public.ipv6.addr
         leftsubnet=::/0
         keyexchange=ikev2
         ike=aes256-sha1-modp1024!
         auto=add
         leftauth=pubkey
         leftcert=serverCertv6.pem
         leftfirewall=yes
         right=%any
         rightsourceip=subnet.prefix/112
         rightauth=eap-radius
         rightsendcert=never
         eap_identity=%any

And ip6tables:
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A FORWARD -s subnet.prefix/64 -j ACCEPT

Thanks a lot,
TZ



More information about the Users mailing list