Date: Thu, 31 Dec 2015 00:27:18 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-net@FreeBSD.org, freebsd-questions <freebsd-questions@freebsd.org> Subject: How to define outgoing IP address? Needed to route local traffic through IPSEC tunnel. Message-ID: <D40A24B1-3B04-4F7D-BE30-B590B08C7E5D@ellael.org>
next in thread | raw e-mail | index | archive | help
Hi =E2=80=94 Is there a way to set the default outgoing IPv6 address of a network = interface? To my understanding the IPv6 address is used that is bound to = the interface by ifconfig_IFNAME_ipv6, right? I need to route all my traffic to a remote server via an IPSEC tunnel = (racoon) that has a setkey.conf as follows: spdadd fd00:1234:1234:1234::/64 fd00:abcd:abcd:abcd::/64 any -P = out ipsec = esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require; spdadd fd00:abcd:abcd:abcd::/64 fd00:1234:1234:1234::/64 any -P = in ipsec = esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require; I can use that tunnel from my jails because they have addresses from the = fd00:1234:1234:1234::/64 or fd00:abcd:abcd:abcd::/64 address space bound = to their epairXb interfaces. But, my hosts have addresses from = 2001:dead:beaf:aaaa::/56 or 2001:dead:beaf:bbbb::/56 respectively. And, = here my tunnel won't work. I did try to set a local address to ifconfig_IFNAME_ipv6, though. But = then the host is working, but the jails are failing to route through the = tunnel. I did try to add to my setkey.conf: spdadd 2001:dead:beaf:aaaa::/56 fd00:abcd:abcd:abcd::/64 any -P = out ipsec = esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require; spdadd 2001:dead:beaf:bbbb::/56 fd00:1234:1234:1234::/64 any -P = in ipsec = esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require; But that doesn't work either. Every help is highly welcome and thanks in advance. Regards, Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D40A24B1-3B04-4F7D-BE30-B590B08C7E5D>