[strongSwan] Encrypting connection between two public IPv6 prefixes

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jun 6 23:05:43 CEST 2017


Hello,

On 06.06.2017 22:07, Marek Szuba wrote:
> On 2017-06-06 19:37, Noel Kuntze wrote:
> 
>> Your ipsec.conf is wrong and crap.
> Umm, you might want to compare my ipsec.conf to
> 
> https://www.strongswan.org/testing/testresults/ipv6/net2net-ikev2/
> 
> which is is what I used as reference having read in "Introduction to
> strongSwan", right at the beginning of the "Site-to-Site Configuration"
> section, "For site-to-site connections you may refer to any of the
> net2net scenarios (and many others) of our test suite" and following
> that link to the IPv6 section.

Those are test scenarios and just examples. They're in no way supposed to be
usable verbatim. I corrected the text in the introduction to point
users to the UsableExamples page now first and explicitely mention the
test scenarios as such. The primary problem in your configuration is that
your subnet configuration isn't related in any way to your IKE configuration,
so you only have two conns where one doesn't specify any remote peer
and the other doesn't specify any subnets.

Kind regards

Noel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170606/c3d11e22/attachment.sig>


More information about the Users mailing list