[Swan] IPv4 and IPv6 through a single IPSec connection

Nestor Melo Nestor.Melo at zpesystems.com
Sat Oct 29 01:19:21 EEST 2022


Hi,


We would like to configure a single IPSec connection that would handle both IPv4 and IPv6 traffic.

We considered multiple child SA sharing a single IKE SA:

conn tunnel46
        auto=start
        leftid=@left
        left=%eth0
        rightid=@right
        right=172.31.0.1
        authby=secret
        ipsec-interface=yes
        leftsourceip=192.168.61.1
        rightsourceip=192.168.60.1
        leftsubnets={192.168.61.0/24,fc02::/64}
        rightsubnets={192.168.60.0/24,fc01::/64}

However, when we tried that, only the IPv4 traffic came through.

Paul mentioned in issue #375 (https://github.com/libreswan/libreswan/issues/375) that:

"For libreswan 4.2, we are working on allowing to combine these into one
conn, and also to combine them as traffic selectors on a single IPsec SA."

Are mixed address families in {left|right}subnets something that is supported in libreswan 4.9? If not, is there any alternative to achieve IPv4 and IPv6 traffic through a single tunnel?


Thank you,

Nestor Melo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221028/36e067b1/attachment.htm>


More information about the Swan mailing list