[strongSwan] IPv6, whole /64 in transport mode
Victor Sudakov
vas at sibptus.ru
Mon Jan 20 17:30:02 CET 2020
Dear Colleagues,
If I want to set up an IPSec transport mode connection between two
hosts, I describe the following connection, and it works:
conn test-v6
left=X:X:X:X::2
right=Y:Y:Y:Y::10
type=transport
authby=psk
auto=route
However, the remote host uses several IP addresses from the Y:Y:Y:Y::/64
network, not just Y:Y:Y:Y::10. There is the static address, a SLAAC
address, an RFC4941 outgoing address, may be more...
1. How do I configure Strongswan so that the remote side can be any address
from the Y:Y:Y:Y::/64 network and the connection is still protected?
2. What if both the left and right hosts are like this?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list