[Swan] 6in4 road warrior?
Keith Young
stripydog7 at gmail.com
Sat Feb 29 17:51:01 UTC 2020
Is it possible to create a 6in4 tunnel with libreswan for a "road warrior"
with ipv4-only connectivity behind NAT? I'm using libreswan 3.30 on Centos
7.
Left server is dual homed. I'm trying something like the below
conn wibble
authby=secret
pfs=no
rekey=no
auth=add
left=x.x.x.x
leftsubnet=::/0
rightaddresspool=2001:x:x:x:x::/96
right=%any
modecfgdns=2001:x:x::1
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=pam
ike-frag=yes
Like this I get:
Feb 29 17:27:06 xyzzy pluto[11673]: Failed to load connection "wibble":
subnets must have the same address family
Specifying clientaddrfamily=ipv6 didn't help. Having seen no examples of my
intended configuration I'm wondering if it's even supported.
To clarify: client (macOS catalina) has an ipv6-capable stack with no
global ipv6 addresses configured, RFC1918 IPv4 address behind NAT. Server
has a public IPv4 address and a routable /64 f which the /96 specified in
the configuration above is a part.
ipv4-in-ipv4 works just fine.
Thanks in advance
keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200229/24dee45f/attachment.html>
More information about the Swan
mailing list