[Swan-dev] [Swan] Cisco IOS IPv6 Transport with IKEv2 to Libreswan

Paul Wouters paul at nohats.ca
Tue Jun 12 21:49:25 UTC 2018


On Tue, 12 Jun 2018, Reuben Farrelly wrote:

> Paul wrote:

>>  I assume you have right=%any ?
>>
>>  Can you try right=::
>>
>>  I think there might be an issue with not havin a proper %any6

> Indeed.  It looks a lot better now, I can see the connection is being 
> matched.

Ok, good.

> Is there any way to support both families concurrently (a type of autodetect)

Not yet. You will have to define a v4 and a v6 conn.

> But back to this connection, it's now progressing a lot further - but not 
> quite completing still and data is still not flowing:

The below only shows liveness. So that assumes the connection
established? So can you show "ip xfrm pol" and "ip xfrm state" and
"ipsec status |grep router-2.reub.net"

Paul


More information about the Swan-dev mailing list