[strongSwan] IPv6, whole /64 in transport mode
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Jan 20 21:16:30 CET 2020
Hello Victor,
Use a subnet wide transport mode config as shown on the UsableExamples page.
Kind regards
Noel
Am 20.01.20 um 17:30 schrieb Victor Sudakov:
> Dear Colleagues,
>
> If I want to set up an IPSec transport mode connection between two
> hosts, I describe the following connection, and it works:
>
> conn test-v6
> left=X:X:X:X::2
> right=Y:Y:Y:Y::10
> type=transport
> authby=psk
> auto=route
>
> However, the remote host uses several IP addresses from the Y:Y:Y:Y::/64
> network, not just Y:Y:Y:Y::10. There is the static address, a SLAAC
> address, an RFC4941 outgoing address, may be more...
>
> 1. How do I configure Strongswan so that the remote side can be any address
> from the Y:Y:Y:Y::/64 network and the connection is still protected?
>
> 2. What if both the left and right hosts are like this?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200120/2d9856c0/attachment-0001.sig>
More information about the Users
mailing list