Dear community,
I have a Debian 9 VPS assigned an IPv6 /64 address via SLAAC, running strongSwan, and would like to make clients able to access IPv6 websites. Here is the IPv6 setting in /etc/network/interfaces: iface ens3 inet6 static address 2001:19f0:6001:e4d:AAAA:BBBB:CCCC:1 netmask 64 dns-nameservers 2001:19f0:300:1704::6 /etc/ipsec.conf conn %default auto = add keyexchange = ikev2 leftsubnet = 0.0.0.0/0,::/0 rightdns = 8.8.8.8,2001:4860:4860::8888 rightsourceip = 10.10.10.0/24,2001:19f0:6001:e4d::/112 conn EAP-MSCHAPv2 eap_identity = %identity leftauth = pubkey leftcert = fullchain.pem leftid = example.com leftsendcert = always rightauth = eap-mschapv2 rightid = %any rightsendcert = never $ iptables -t nat -A POSTROUTING -j MASQUERADE $ systctl -p net.ipv4.ip_forward = 1 net.ipv6.conf.all.accept_ra = 2 With configuration above, the VPS and strongSwan seem working well with IPv4 network that clients like iOS 10 are able to access to the IPv4 websites via IPSec. Clients assigned an IPv6 address 2001:19f0:6001:e4d::1 and the VPS can ping each other, however, clients cannot access to any IPv6 websites. I know that I disable net.ipv6.conf.all.forwarding so IPv6 packages are not able to be forwarded, but if it is enabled, clients still have no IPv6 connectivity and the VPS is unreachable via IPv6. Honestly, I am not quite familiar with IPv6 network and really stuck into this problem even search tons of information from Google. So is there someone running a strongSwan server with IPv6 successfully? Could you offer some help, please? Thanks in advance for helping, Colbert Yang