Hi,

I'm trying to connect IPv4 networks over an IPv6 tunnel using OpenIKED without success.

Here a short overview:

Site-A:
- several IPv4 networks
- OpenIKED (OpenBSD 6.5) on a multihomed host, internal IPv4 address, external IPv6 address

Site-B:
- one IPv4 network
- Cisco something (not under my control), external IPv6 address

IKEv2 tunnel using OpenIKED between the external IPv6 addresses of both sites.
IPv4 networks of Site-A should be able to communicate with the IPv4 network of Site-B and the other way round through the IKEv2 tunnel.


The actual state:

The IKEv2 tunnel is established and all flows and SAs are showing up correctly in 'ipsecctl -s all'. If I run a ping on a host in Site-A to another host in Site-B I can see the packets arrive on the internal interface of the OpenIKED/OpenBSD machine. The pinging host in Site-A immediately receives a "Destination Host Unreachable" from the OpenIKED/OpenBSD machine. If I listen on 'enc0' to see the packets traveling through the tunnel nothing appears at all. It seems that the flows are not correctly evaluated so the OpenIKED/OpenBSD machine has no route to the destination host/network.


Testing:

If both sites use IPv4 addresses on the external interface to establish the IKEv2 tunnel, everything is working as expected without changing the configuration beside the IP address relevant parts.


Question:

Is the above scenario, routing IPv4 networks over IPv6-only IKEv2 tunnel. supported at all?
Am I hitting some sort of bug?
Am I missing something in my configuration?

Kind regards
Joerg

Attachment: smime.p7s
Description: S/MIME Signature

Reply via email to