<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Not yet in 4.9. But work to support this has recently started. <br><br><div dir="ltr">Sent using a virtual keyboard on a phone</div><div dir="ltr"><br><blockquote type="cite">On Oct 28, 2022, at 19:52, Nestor Melo <Nestor.Melo@zpesystems.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">



<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<span class="x_elementToProof ContentPasted0" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">Hi,</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<div class="x_elementToProof" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br class="ContentPasted0">
</div>
<div class="x_elementToProof" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br class="ContentPasted0">
</div>
<div class="x_elementToProof ContentPasted0" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
We would like to configure a single IPSec connection that would handle both IPv4 and IPv6 traffic.<br class="ContentPasted0">
<br class="ContentPasted0">
We considered multiple child SA sharing a single IKE SA:</div>
<div class="x_elementToProof" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br class="ContentPasted0">
</div>
<div class="x_elementToProof x_ContentPasted0 x_ContentPasted2" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">conn tunnel46</span>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        auto=start</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        leftid=@left</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        left=%eth0</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        rightid=@right</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        right=172.31.0.1</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        authby=secret</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        ipsec-interface=yes</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        leftsourceip=192.168.61.1</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        rightsourceip=192.168.60.1</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        leftsubnets={192.168.61.0/24,fc02::/64}</span></div>
<div class="x_ContentPasted0" style="margin:0px"><span style="font-family:Consolas, Courier, monospace;margin:0px" class="ContentPasted0">        rightsubnets={192.168.60.0/24,fc01::/64}</span></div>
<div style="margin:0px"><br class="ContentPasted0">
</div>
<div style="margin:0px" class="ContentPasted0">However, when we tried that, only the IPv4 traffic came through.</div>
<div style="margin:0px"><br class="ContentPasted0">
</div>
<div class="x_ContentPasted1 ContentPasted0" style="margin:0px">Paul mentioned in issue #375 (<a href="https://github.com/libreswan/libreswan/issues/375" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-safelink="true" data-linkindex="0" style="margin:0px" class="ContentPasted0">https://github.com/libreswan/libreswan/issues/375</a>)
 that:</div>
<div class="x__Entity x__EType_OWALinkPreview x__EId_OWALinkPreview x__EReadonly_1" style="margin:0px">
</div>
<br class="ContentPasted0">
</div>
<div class="x_elementToProof x_ContentPasted0 x_ContentPasted2" style="font-size: 12pt; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<i class="ContentPasted0">"For libreswan 4.2, we are working on allowing to combine these into one</i>
<div class="x_ContentPasted2" style="margin:0px"><i class="ContentPasted0">conn, and also to combine them as traffic selectors on a single IPsec SA.<span style="margin:0px" class="ContentPasted0">"</span></i></div>
<div class="x_ContentPasted2" style="margin:0px"><span style="margin:0px"><br class="ContentPasted0">
</span></div>
<div class="x_ContentPasted2 ContentPasted0" style="margin:0px">Are mixed address families in {left|right}subnets something that is supported in libreswan 4.9? If not, is there any alternative to achieve IPv4 and IPv6 traffic through a single tunnel?</div>
<div class="x_ContentPasted2" style="margin:0px"><br class="ContentPasted0">
</div>
<div class="x_ContentPasted2" style="margin:0px"><br class="ContentPasted0">
</div>
<span class="x_ContentPasted2 ContentPasted0" style="margin:0px">Thank you,</span></div>
</div>
<div class="elementToProof">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Nestor Melo</div>
</div>


<span>_______________________________________________</span><br><span>Swan mailing list</span><br><span>Swan@lists.libreswan.org</span><br><span>https://lists.libreswan.org/mailman/listinfo/swan</span><br></div></blockquote></body></html>