[Swan] IPv6 implicit connection

Brandon Enochs enochs.brandon at gmail.com
Wed May 27 06:06:06 EEST 2015


Isn't the subnet extraneous in that example since the right IP is fully
specified?
On May 26, 2015 11:04 PM, "Paul Wouters" <paul at nohats.ca> wrote:

> On Tue, 26 May 2015, Brandon Enochs wrote:
>
>  Are IPv6 host to host connections with right specified as a subnet
>> supported?
>>
>
> Yes, for example:
>
> ipsec.conf:
>
> conn ipv6
>         left=2001:db8:1:2::45
>         leftid="@west"
>         right=2001:db8:1:2::23
>         rightsubnet=2001:db8:0:2::/64
>         rightid="@east"
>         auto=ondemand
>         authby=secret
>
> ipsec.secrets:
>
> 2001:db8:1:2::45 2001:db8:1:2::23 : PSK "secret"
>
> If your endpoints (left/right) are IPv4, and your subnet is IPv6, then
> you need a leftsubnet as well (with an ipv6 range) because both need to
> be of the same IP address family, and you need to add connaddrfamily=6
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150526/0ccdcbec/attachment-0001.html>


More information about the Swan mailing list