Isn't the subnet extraneous in that example since the right IP is fully specified? On May 26, 2015 11:04 PM, "Paul Wouters" <[email protected]> wrote:
> On Tue, 26 May 2015, Brandon Enochs wrote: > > Are IPv6 host to host connections with right specified as a subnet >> supported? >> > > Yes, for example: > > ipsec.conf: > > conn ipv6 > left=2001:db8:1:2::45 > leftid="@west" > right=2001:db8:1:2::23 > rightsubnet=2001:db8:0:2::/64 > rightid="@east" > auto=ondemand > authby=secret > > ipsec.secrets: > > 2001:db8:1:2::45 2001:db8:1:2::23 : PSK "secret" > > If your endpoints (left/right) are IPv4, and your subnet is IPv6, then > you need a leftsubnet as well (with an ipv6 range) because both need to > be of the same IP address family, and you need to add connaddrfamily=6 > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
