<p dir="ltr">Isn't the subnet extraneous in that example since the right IP is fully specified?</p>
<div class="gmail_quote">On May 26, 2015 11:04 PM, "Paul Wouters" <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, 26 May 2015, Brandon Enochs wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Are IPv6 host to host connections with right specified as a subnet supported?<br>
</blockquote>
<br>
Yes, for example:<br>
<br>
ipsec.conf:<br>
<br>
conn ipv6<br>
left=2001:db8:1:2::45<br>
leftid="@west"<br>
right=2001:db8:1:2::23<br>
rightsubnet=2001:db8:0:2::/64<br>
rightid="@east"<br>
auto=ondemand<br>
authby=secret<br>
<br>
ipsec.secrets:<br>
<br>
2001:db8:1:2::45 2001:db8:1:2::23 : PSK "secret"<br>
<br>
If your endpoints (left/right) are IPv4, and your subnet is IPv6, then<br>
you need a leftsubnet as well (with an ipv6 range) because both need to<br>
be of the same IP address family, and you need to add connaddrfamily=6<br>
<br>
Paul<br>
</blockquote></div>