[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] ipv4 and IPv6 traffice H2H ikev2 ipv6 strongswan -help
From: Noel Kuntze <noel () familie-kuntze ! de>
Date: 2014-08-30 13:31:11
Message-ID: 5401D21F.3020701 () familie-kuntze ! de
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello luxInteg,
You can have mixed IPv4 and IPv6 subnets in your right/leftsubnet settings.
There is no difference in the syntax from iptables to ip6tables. They just take \
different subnets and some modules/targets are different or have different \
options/parameters. With IKEv2, you only need one tunnel. If you mix IPv4 and IPv6 \
subnets in the subnet settings, you get distinct IPsec SAs for the IPv4 subnets and \
the IPv6 subnets. e.g. only foo::1 == bar::1 and 123.123.123.123/32 == \
234.234.234.234/32, not foo::1 == 123.123.123.123/32, obviously. The same thing \
happens if you have a list of subnets from only one IP version in your TS. The \
notation of several subnets in leftsubnet and rightsubnet is "leftsubnet = \
123.123.123.123/24,234.234.234.234/32". There may be spaces between the comas and the \
individual subnets and between the parameter name and the equal sign, as well as \
between the equal sign and the subnets.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 30.08.2014 um 09:08 schrieb lux-integ:
> Greetings,
>
> I have an application where I want to use strongswan Host-to-Host
> configuration (IKev2) (
> http://www.strongswan.org/uml/testresults/ipv6/host2host-ikev2/ )
> Both ends have IPv6//and IPv4-enabled interfaces. I want to send both IPv6
> and IPv4-addressed packets across the tunnel
>
> I dont know if I can use IP6tables for the IPv6-addressed packets and
> IPtables for the IPv4-addressed pakets across the single tunnel
> as there are differences in the netfilter syntaxes
>
> OR
> whether I need two tunnels the other one being
> ( http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/ )
>
>
> Advice would be appreciated.
>
> Yours sincerely
> luxInteg
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUAdIfAAoJEDg5KY9j7GZYTBYP/1VMMbSqvzW48Gvo5qD9euVe
UOZ8IndH/TIvNYUuGgGAhjdyJMTn2yTzaSSZa137R55c6twmDsnvIgk1N1lX70pP
tZtAaxIz8crFqUt8kdJuZakQV1UXv1LBsaBHzE8vWGhIRlZ1zB9/8NR4g4DVWzmt
nE7ica8MV1uIGgluovXC9Ray+Z0yb3WHpHfAH6Y9tmLH6GopHwR/341hqjVyXr1U
pEDUTVz42uuyVnij9+ROgse3BFMgnZL7A5ENjVqDI55a74D2A/rYWJCUbOvWl+Yr
yniuJP4jT6FIY9cfSt427h6djr/01L+qBsPEPp0YkvidUbzPA3lDL54wcN0rJa/4
JKvQuVTfJURjX71K83Fm5V3f+SC52nW+/OFHob8D3z2yyLsSNpCrr2hbv7TiN1k7
ah6DENYvIXOS93XY+kccnX76jAhCY/d8cT1eFns5jKuK/Ro+CBqmNEBSDsCvxM7w
KoANrLJXcqO23bZkX58FkzVMAJKJjeZhYKzqzclFaWoqw5GUyh3zm35fmOSowIr8
hBcvlH1FoXfMDfPkOVHloPMHhfPMRuC7vsRkzL5VF7wQ5hHs8//mEkaWsQZdIX+z
5Dd4/lWN7Fo8JBmX7MFOB8O7vflQI1T8ounTwuSBqiCQ5fESAMTGflfKm4NSVaKr
80rDE4xALwfN+/3LdKSM
=X5AO
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic