I'm trying to connect IPv4 networks over an IPv6 tunnel using OpenIKED without success.

Here a short overview:

- several IPv4 networks
- OpenIKED (OpenBSD 6.5) on a multihomed host, internal IPv4 address, external IPv6 address

- one IPv4 network
- Cisco something (not under my control), external IPv6 address

IKEv2 tunnel using OpenIKED between the external IPv6 addresses of both sites.
IPv4 networks of Site-A should be able to communicate with the IPv4 network of Site-B and the other way round through the IKEv2 tunnel.

The actual state:

The IKEv2 tunnel is established and all flows and SAs are showing up correctly in 'ipsecctl -s all'. If I run a ping on a host in Site-A to another host in Site-B I can see the packets arrive on the internal interface of the OpenIKED/OpenBSD machine. The pinging host in Site-A immediately receives a "Destination Host Unreachable" from the OpenIKED/OpenBSD machine. If I listen on 'enc0' to see the packets traveling through the tunnel nothing appears at all. It seems that the flows are not correctly evaluated so the OpenIKED/OpenBSD machine has no route to the destination host/network.


If both sites use IPv4 addresses on the external interface to establish the IKEv2 tunnel, everything is working as expected without changing the configuration beside the IP address relevant parts.


Is the above scenario, routing IPv4 networks over IPv6-only IKEv2 tunnel. supported at all?
Am I hitting some sort of bug?
Am I missing something in my configuration?

Kind regards

Attachment: smime.p7s
Description: S/MIME Signature

Reply via email to