[strongSwan] ipv4 and IPv6 traffice H2H ikev2 ipv6 strongswan -help
lux-integ
lux-integ at btconnect.com
Tue Sep 2 00:19:15 CEST 2014
On Saturday 30 August 2014 14:31:11 Noel Kuntze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello luxInteg,
>
> You can have mixed IPv4 and IPv6 subnets in your right/leftsubnet settings.
> There is no difference in the syntax from iptables to ip6tables. They just
> take different subnets and some modules/targets are different or have
> different options/parameters. With IKEv2, you only need one tunnel. If you
> mix IPv4 and IPv6 subnets in the subnet settings, you get distinct IPsec
> SAs for the IPv4 subnets and the IPv6 subnets. e.g. only foo::1 == bar::1
> and 123.123.123.123/32 == 234.234.234.234/32, not foo::1 ==
> 123.123.123.123/32, obviously. The same thing happens if you have a list
> of subnets from only one IP version in your TS. The notation of several
> subnets in leftsubnet and rightsubnet is "leftsubnet =
> 123.123.123.123/24,234.234.234.234/32". There may be spaces between the
> comas and the individual subnets and between the parameter name and the
> equal sign, as well as between the equal sign and the subnets.
>
> Regards,
> Noel Kuntze
-thanks for the advice. I will give it a try.
sincerely
luxInteg
More information about the Users
mailing list