Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?

Reply: Marek Zarychta : "Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?"
In reply to: Andrey V. Elsukov: "Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Grimm <trashcan_at_ellael.org>
Date: Mon, 15 Jan 2024 14:35:43 UTC

Andrey V. Elsukov <bu7cher@yandex.ru> wrote:

> ifconfig_ipsec0_ipv6="inet6 fd00:b:b:b::250 fd00:a:a:a::254 prefixlen 128"

Thanks, now do get the tunnel set (after adding the tunnel to your hint):

     ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.40"
     ifconfig_ipsec0_ipv6="inet6 fd00:b:b:b::250 fd00:a:a:a::254 prefixlen 128 tunnel 1.2.3.4 10.20.30.40"
     route_tunnel0="10.1.1.0/24 10.1.1.254"
     route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"

ipsec0 (stripped to the relevant part):

     ipsec0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1400
             tunnel inet 1.2.3.4 --> 10.20.30.40
             inet 10.2.2.250 --> 10.1.1.254 netmask 0xffffff00
             inet6 fd00:b:b:b::250 --> fd00:a:a:a::254 prefixlen 128
 
netstat -rn (stripped to the relevant part):

     Internet:
     Destination        Gateway            Flags     Netif Expire
     10.1.1.0/24        10.1.1.254         UGS      ipsec0
     10.1.1.254         link#4             UH       ipsec0
     10.2.2.250         link#3             UHS         lo0

     Internet6:
     Destination                       Gateway                       Flags     Netif Expire
     fd00:a:a:a::254                   link#4                        UH       ipsec0
     fd00:b:b:b::250                   link#3                        UHS         lo0


Thus, the IPv6 routing is still missing (error: "route: bad address: fd00:a:a:a::").

Thank you very much, any further help regarding IPv6 routing through the tunnel is very much appreciated.

Regards,
Michael