[Swan] IPv6 Question
Mirsad Goran Todorovac
mirsad.todorovac at alu.hr
Thu Jul 14 14:20:45 EEST 2022
On 7/14/2022 9:53 AM, Tuomo Soini wrote:
> On Thu, 14 Jul 2022 09:23:10 +0200
> Mirsad Goran Todorovac <mirsad.todorovac at alu.hr> wrote:
>
>> So, yes, it appears that it is not listening on IPv6 UDP
>> [2001:b68:2:2600::3]:ipsec-nat-t .
> But another note: kernel doesn't support ipv6 nat-traversal.
Well, Tuomo, there should not be nat-traversal because IPv6 addr is
static, right? But the VPN client still probes
the IPv6 4500 port on the server.
1. I can't seem to Google a way to tell MS Win 10 native VPN client not
to try IPv6 address when it is present in DNS.
2. How would I instruct MS Win 10 VPN client not to attempt nat-traversal?
As Paul said this is a bug for libreswan not to listen on 4500, is there
a hope it will be fixed, or does the kernel's
lack of support incur a theoretical impossibility?
Of course, I could revert to the old configuration (without AAAA address
record), but then the server wouldn't have
IPv6 connectivity for any service. And it might be bad for server's
reputation? Am I making any sense?
Thank you.
Mirsad
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
More information about the Swan
mailing list