Nevermind! Worked it out⦠I spotted that the pings I were doing from the
gateways were using the source address of the external interface, which was
not part of the SA.
explicitly adding the source address of the *internal* interface means it now
looks good:
# traceroute6 -s 2001:470:1f1d:301::
Hi all,
I’ve just tried to set up an IPSec tunnel between two IPv6 networks, over
IPv6 between the OpenBSD gateways. Isakmpd seems to have set the SAs up, but
traffic is not flowing over the tunnel.
A ipsec.conf:
ike dynamic esp from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 local
2001:
2 matches
Mail list logo
