[Swan] IPv4 and IPv6 through a single IPSec connection
Nestor Melo
Nestor.Melo at zpesystems.com
Sat Oct 29 01:19:21 EEST 2022
Hi,
We would like to configure a single IPSec connection that would handle both IPv4 and IPv6 traffic.
We considered multiple child SA sharing a single IKE SA:
conn tunnel46
auto=start
leftid=@left
left=%eth0
rightid=@right
right=172.31.0.1
authby=secret
ipsec-interface=yes
leftsourceip=192.168.61.1
rightsourceip=192.168.60.1
leftsubnets={192.168.61.0/24,fc02::/64}
rightsubnets={192.168.60.0/24,fc01::/64}
However, when we tried that, only the IPv4 traffic came through.
Paul mentioned in issue #375 (https://github.com/libreswan/libreswan/issues/375) that:
"For libreswan 4.2, we are working on allowing to combine these into one
conn, and also to combine them as traffic selectors on a single IPsec SA."
Are mixed address families in {left|right}subnets something that is supported in libreswan 4.9? If not, is there any alternative to achieve IPv4 and IPv6 traffic through a single tunnel?
Thank you,
Nestor Melo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221028/36e067b1/attachment.htm>
More information about the Swan
mailing list