Date: Mon, 15 Jan 2024 15:35:43 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-net@freebsd.org Subject: Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible? Message-ID: <9339DE28-07F6-4855-927B-824360603CB2@ellael.org> In-Reply-To: <ad871cb9-6226-496b-b936-a41be140a40f@yandex.ru> References: <33923504-0ECC-46D7-9F6C-91D47CEE4594@ellael.org> <ad871cb9-6226-496b-b936-a41be140a40f@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey V. Elsukov <bu7cher@yandex.ru> wrote:
> ifconfig_ipsec0_ipv6=3D"inet6 fd00:b:b:b::250 fd00:a:a:a::254 =
prefixlen 128"
Thanks, now do get the tunnel set (after adding the tunnel to your =
hint):
ifconfig_ipsec0=3D"inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 =
10.20.30.40"
ifconfig_ipsec0_ipv6=3D"inet6 fd00:b:b:b::250 fd00:a:a:a::254 =
prefixlen 128 tunnel 1.2.3.4 10.20.30.40"
route_tunnel0=3D"10.1.1.0/24 10.1.1.254"
route_tunnel0=3D"fd00:a:a:a::/64 fd00:a:a:a::254"
ipsec0 (stripped to the relevant part):
ipsec0: flags=3D1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> =
metric 0 mtu 1400
tunnel inet 1.2.3.4 --> 10.20.30.40
inet 10.2.2.250 --> 10.1.1.254 netmask 0xffffff00
inet6 fd00:b:b:b::250 --> fd00:a:a:a::254 prefixlen 128
=20
netstat -rn (stripped to the relevant part):
Internet:
Destination Gateway Flags Netif Expire
10.1.1.0/24 10.1.1.254 UGS ipsec0
10.1.1.254 link#4 UH ipsec0
10.2.2.250 link#3 UHS lo0
Internet6:
Destination Gateway =
Flags Netif Expire
fd00:a:a:a::254 link#4 UH =
ipsec0
fd00:b:b:b::250 link#3 UHS =
lo0
Thus, the IPv6 routing is still missing (error: "route: bad address: =
fd00:a:a:a::").
Thank you very much, any further help regarding IPv6 routing through the =
tunnel is very much appreciated.
Regards,
Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9339DE28-07F6-4855-927B-824360603CB2>