Dear community,
I have a Debian 9 VPS assigned an IPv6 /64 address via SLAAC, running
strongSwan, and would like to make clients able to access IPv6 websites.
Here is the IPv6 setting in /etc/network/interfaces:
iface ens3 inet6 static
address 2001:19f0:6001:e4d:AAAA:BBBB:CCCC:1
netmask 64
dns-nameservers 2001:19f0:300:1704::6
/etc/ipsec.conf
conn %default
auto = add
keyexchange = ikev2
leftsubnet = 0.0.0.0/0,::/0
rightdns = 8.8.8.8,2001:4860:4860::8888
rightsourceip = 10.10.10.0/24,2001:19f0:6001:e4d::/112
conn EAP-MSCHAPv2
eap_identity = %identity
leftauth = pubkey
leftcert = fullchain.pem
leftid = example.com
leftsendcert = always
rightauth = eap-mschapv2
rightid = %any
rightsendcert = never
$ iptables -t nat -A POSTROUTING -j MASQUERADE
$ systctl -p
net.ipv4.ip_forward = 1
net.ipv6.conf.all.accept_ra = 2
With configuration above, the VPS and strongSwan seem working well with IPv4
network that clients like iOS 10 are able to access to the IPv4 websites via
IPSec. Clients assigned an IPv6 address 2001:19f0:6001:e4d::1 and the VPS can
ping each other, however, clients cannot access to any IPv6 websites. I know
that I disable net.ipv6.conf.all.forwarding so IPv6 packages are not able to be
forwarded, but if it is enabled, clients still have no IPv6 connectivity and
the VPS is unreachable via IPv6.
Honestly, I am not quite familiar with IPv6 network and really stuck into this
problem even search tons of information from Google. So is there someone
running a strongSwan server with IPv6 successfully? Could you offer some help,
please?
Thanks in advance for helping,
Colbert Yang
