[strongSwan] strongSwan and IPv6?
ck at conrad-kostecki.de
Sun Oct 26 15:25:49 CET 2014
I am trying to setup ipsec with strongSwan, in order to get VPN working on my Windows Phone 8.1.
Currently, ipsec I a new world for me, as I was using OpenVPN previously with my old Android phone.
I've emerged using Gentoo the current strongSwan:
net-misc/strongswan-5.2.0-r1 USE="caps curl dhcp eap gmp non-root openssl pkcs11"
The server itself is a dedicated one with a public IPv4 and IPv6/64 subnet. The Windows Phone is behind an IPv4 NAT and native IPv6.
CLIENT (dynamic IPv4 and/or dynamic native IPv6) <-> INTERNET <-> DEDICATED SERVER (static native IPv4, static native IPv6) <-> INTERNET
Currently, I've created a configuration, which is working for IPv4 fine. My Windows Phone can connect and is being tunnelled fine. The connection itself connects both via IPv4 or IPv6.
After I am being connected, I can only reach IPv4 stuff, which would be normal, as I don't have configured any IPv6 with strongSwan? But I've some troubles to understand how I can configure IPv6.
My first try was, to change rightsourceip=192.168.164.0/24 to rightsourceip=192.168.164.0/24, 2a01:XXX:YYY:ZZZ:1::/64.
2a01:XXX:YYY:ZZZ:1::/64 is my native IPv6 subnet on the dedicated server. After connecting, one IPv6 is being pushed, but obviously that is not enough. I still can only reach ipv4 sites. I am missing maybe some routing?
I am not sure, if that even can work. Can someone help me with setting ipv6 up? With OpenVPN, I was only pushing RA via TAP and the client was connected via IPv6 and could reach those sites.
I've also found some ipv6 examples on the strongSwan site, but there are used some fec1 addresses, which I don't understand. Those seems not to be public ipv6 addresses?
More information about the Users