[strongSwan] IPv6 Remote Access

Dusan Ilic dusan at comhem.se
Fri May 26 16:52:52 CEST 2017


Hi everyone,

My ISP have just recently enabled IPv6 in their network (well, 6RD 
aactually) and I have it confiogured and working at the site.
I would now also like to enable it on my remote access VPN in Strongswan 
too, so I made a try with the following config however it doesnt seem 
work. According to Strongswan log the client asks for ipv6 (Android in 
this case) and get's assigned one (global from my public prefix).

leftsubnet=0.0.0.0/0,2000::/3 (also tried with ::/0)
rightsourceip=%dhcp,2001:2002:5ae1:c206:4466:d122:xxx:xxx

This is a test, so that's why Im only assigning one single IPv6 adress 
for the time being. IPv4 works as expected, but I can't neither reach an 
IPv6 internet site nor ping the gateway or the Android client from the 
gateway/clients behind the gateway.

What I'm reacting on is that a route gets created for the IPv4 adress in 
my routing table, but none for the IPv6 adress. Also checked with "ip -6 
route".
Is this a routing problem possibly, or maybe an firewall (iptables) problem?
Just to be clear, the client is connecting to the Strongswan server with 
IPv4, should receive an IPv6 global adress inside the tunnel and then my 
Strongswan server should route it out on the internet (through the 
6RD-tunnel).



More information about the Users mailing list