On 11/2/19 11:32, Aram Hăvărneanu wrote: > Hello, > > I am trying to set-up an dual-stack IKEv2/IPsec VPN. The server is > OpenBSD (obviously). The clients are macs (so far). IPv4 works, but > I can't get IPv6 working for the clients. The clients get a v6 IP > and a good route, but it seems routing doesn't work on OpenBSD's > side.
I haven't checked the OpenBSD-specific details of your post. That said, keep in mind that if you expect your VPN to work across the public Internet, there may be problems resulting from the widespread drop of packets that employ IPv6 Extension Headers (such as the IPsec EHs). See https://tools.ietf.org/html/rfc7872 for details. Note: while for some reason I didn't include the corresponding measurements in RFC7872, IPsec EHs *are* also dropped by many ASes. You may want to tunnel IPsec over, say, UDP, or employ something else. Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
