[strongSwan] ipv4 and IPv6 traffice H2H ikev2 ipv6 strongswan -help

lux-integ lux-integ at btconnect.com
Sun Sep 21 20:56:28 CEST 2014

On Saturday 30 August 2014 14:31:11 Noel Kuntze wrote:
> Hash: SHA256
> Hello luxInteg,
> You can have mixed IPv4 and IPv6 subnets in your right/leftsubnet settings.
> There is no difference in the syntax from iptables to ip6tables. They just
> take different subnets and some modules/targets are different or have
> different options/parameters. With IKEv2, you only need one tunnel. If you
> mix IPv4 and IPv6 subnets in the subnet settings, you get distinct IPsec
> SAs for the IPv4 subnets and the IPv6 subnets. e.g. only foo::1 == bar::1
> and ==, not foo::1 ==
>, obviously. The same thing happens if you have a list
> of subnets from only one IP version in your TS. The notation of several
> subnets in leftsubnet and rightsubnet is "leftsubnet =
>,". There may be spaces between the
> comas and the individual subnets and between the parameter name and the
> equal sign, as well as between the equal sign and the subnets.

thanks AGAIN for the advice. I have two questions:-
If I have a setup as the following


(Host has x509 certificate (call this Host.crt)  from an intermediate CA and a 
concatenated Certificate of the RootCA and the IntermediataCA 
(call this CatCA.crt )

Suppose  a tunnel is desired between Host and ExtHost
are multiple  crl   validations  requred at points A, B and C ?

Does  CatCA.crt only go on the host or is it required on the  machines bearing 
the crl(s)?

Thanks in advance

More information about the Users mailing list