How to define outgoing IP address? Needed to route local traffic through IPSEC tunnel.
Michael Grimm
trashcan at ellael.org
Wed Dec 30 23:27:28 UTC 2015
Hi —
Is there a way to set the default outgoing IPv6 address of a network interface? To my understanding the IPv6 address is used that is bound to the interface by ifconfig_IFNAME_ipv6, right?
I need to route all my traffic to a remote server via an IPSEC tunnel (racoon) that has a setkey.conf as follows:
spdadd fd00:1234:1234:1234::/64 fd00:abcd:abcd:abcd::/64 any -P out ipsec esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd fd00:abcd:abcd:abcd::/64 fd00:1234:1234:1234::/64 any -P in ipsec esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
I can use that tunnel from my jails because they have addresses from the fd00:1234:1234:1234::/64 or fd00:abcd:abcd:abcd::/64 address space bound to their epairXb interfaces. But, my hosts have addresses from 2001:dead:beaf:aaaa::/56 or 2001:dead:beaf:bbbb::/56 respectively. And, here my tunnel won't work.
I did try to set a local address to ifconfig_IFNAME_ipv6, though. But then the host is working, but the jails are failing to route through the tunnel.
I did try to add to my setkey.conf:
spdadd 2001:dead:beaf:aaaa::/56 fd00:abcd:abcd:abcd::/64 any -P out ipsec esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd 2001:dead:beaf:bbbb::/56 fd00:1234:1234:1234::/64 any -P in ipsec esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
But that doesn't work either.
Every help is highly welcome and thanks in advance.
Regards,
Michael
More information about the freebsd-net
mailing list