[Swan] IPv4 and IPv6 through a single IPSec connection
Paul Wouters
paul at nohats.ca
Sat Oct 29 04:49:19 EEST 2022
Not yet in 4.9. But work to support this has recently started.
Sent using a virtual keyboard on a phone
> On Oct 28, 2022, at 19:52, Nestor Melo <Nestor.Melo at zpesystems.com> wrote:
>
>
> Hi,
>
>
> We would like to configure a single IPSec connection that would handle both IPv4 and IPv6 traffic.
>
> We considered multiple child SA sharing a single IKE SA:
>
> conn tunnel46
> auto=start
> leftid=@left
> left=%eth0
> rightid=@right
> right=172.31.0.1
> authby=secret
> ipsec-interface=yes
> leftsourceip=192.168.61.1
> rightsourceip=192.168.60.1
> leftsubnets={192.168.61.0/24,fc02::/64}
> rightsubnets={192.168.60.0/24,fc01::/64}
>
> However, when we tried that, only the IPv4 traffic came through.
>
> Paul mentioned in issue #375 (https://github.com/libreswan/libreswan/issues/375) that:
>
> "For libreswan 4.2, we are working on allowing to combine these into one
> conn, and also to combine them as traffic selectors on a single IPsec SA."
>
> Are mixed address families in {left|right}subnets something that is supported in libreswan 4.9? If not, is there any alternative to achieve IPv4 and IPv6 traffic through a single tunnel?
>
>
> Thank you,
>
> Nestor Melo
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221028/70cdd7d3/attachment-0001.htm>
More information about the Swan
mailing list