Hi, On Mon, Nov 05, 2018 at 08:18:31PM +0100, Gert Doering wrote: > On Mon, Nov 05, 2018 at 11:39:54AM +0100, Michael Hock wrote: > > I'm trying to set up an ipsec server on a linux machine. The connection > > between clients and server should be IPv6 only but also needs to transport > > IPv4 packets. > > However, the linux kernel doesn't seem to support a feature which is > > required to transport IPv4 packets within an IPv6 ipsec connection, as > > shown here: > > https://wiki.strongswan.org/issues/939 > > > > Does maybe one of you know how to transport IPv4 packets in an IPv6 ipsec > > connection, or do we need to wait for the linux kernel to support this > > feature? Because this stops me from switching to IPv6 ipsec connections and > > I would like to reduce the usage of IPv4 as much as possible ... > > Without wanting to understand whether Linux can actually *do* this, what > you generally do is "put an intermediate tunnel header here".
It has been pointed out to me that I read your post upside-down - not
"IPv6 over IPv4 IPSEC" was the goal, but "IPv4 (+IPv6) over IPv6 IPSEC".
But the net recommendation is the same - build an outer IPSEC connection
over IPv6, set up a tunnel interface to use that, route IPv4 through this
second tunnel.
(And, of course, OpenVPN could do IPv4-over-IPv6 over 10+ years ago ;-))
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
