[Swan] IPv6 Question

Mirsad Goran Todorovac mirsad.todorovac at alu.hr
Thu Jul 14 14:20:45 EEST 2022

On 7/14/2022 9:53 AM, Tuomo Soini wrote:

> On Thu, 14 Jul 2022 09:23:10 +0200
> Mirsad Goran Todorovac <mirsad.todorovac at alu.hr> wrote:
>> So, yes, it appears that it is not listening on IPv6 UDP
>> [2001:b68:2:2600::3]:ipsec-nat-t .
> But another note: kernel doesn't support ipv6 nat-traversal.
Well, Tuomo, there should not be nat-traversal because IPv6 addr is 
static, right? But the VPN client still probes
the IPv6 4500 port on the server.

1. I can't seem to Google a way to tell MS Win 10 native VPN client not 
to try IPv6 address when it is present in DNS.
2. How would I instruct MS Win 10 VPN client not to attempt nat-traversal?

As Paul said this is a bug for libreswan not to listen on 4500, is there 
a hope it will be fixed, or does the kernel's
lack of support incur a theoretical impossibility?

Of course, I could revert to the old configuration (without AAAA address 
record), but then the server wouldn't have
IPv6 connectivity for any service. And it might be bad for server's 
reputation? Am I making any sense?

Thank you.


Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355

More information about the Swan mailing list