Hi,
I'm trying to connect IPv4 networks over an IPv6 tunnel using OpenIKED
without success.
Here a short overview:
Site-A:
- several IPv4 networks
- OpenIKED (OpenBSD 6.5) on a multihomed host, internal IPv4 address,
external IPv6 address
Site-B:
- one IPv4 network
- Cisco something (not under my control), external IPv6 address
IKEv2 tunnel using OpenIKED between the external IPv6 addresses of both sites.
IPv4 networks of Site-A should be able to communicate with the IPv4
network of Site-B and the other way round through the IKEv2 tunnel.
The actual state:
The IKEv2 tunnel is established and all flows and SAs are showing up
correctly in 'ipsecctl -s all'.
If I run a ping on a host in Site-A to another host in Site-B I can
see the packets arrive on the internal interface of the
OpenIKED/OpenBSD machine. The pinging host in Site-A immediately
receives a "Destination Host Unreachable" from the OpenIKED/OpenBSD
machine.
If I listen on 'enc0' to see the packets traveling through the tunnel
nothing appears at all.
It seems that the flows are not correctly evaluated so the
OpenIKED/OpenBSD machine has no route to the destination host/network.
Testing:
If both sites use IPv4 addresses on the external interface to
establish the IKEv2 tunnel, everything is working as expected without
changing the configuration beside the IP address relevant parts.
Question:
Is the above scenario, routing IPv4 networks over IPv6-only IKEv2
tunnel. supported at all?
Am I hitting some sort of bug?
Am I missing something in my configuration?
Kind regards
Joerg
smime.p7s
Description: S/MIME Signature
