[strongSwan] IPv6 dynamic prefix usage

driesm.michiels at gmail.com driesm.michiels at gmail.com
Tue Jan 7 21:56:31 CET 2020



I'm a user of strongSwan on FreeBSD and all works fine for IPv4.

I'm currently trying to figure out what the best way is to get IPv6 native
VPN clients that can reach the internet.


1.	Preferably: assign a global prefix to the clients in some way, the
problem is that it's a dynamic prefix that was once allocated to me through

I can put it on a interface on my machine or even extract it from the lease
file, but hard coding it as a virtual IP pool is a no go as it can change
each restart.

2.	Virtual IP's with ULA addresses that are NAT-ed to reach the
internet with a NAT rule that can handle a dynamic prefix


Is there a way to get the preferable way working ^^? Are there any plans to
the source code that could facilitate IPv6 prefix handling?

The beauty of IPv6 is to give a global address to every client on it ^^,
which I currently don't see an easy way to do (because of the dynamic nature
of it).


Thanks in advance



