Hi,
I have a KVM VPS running Strongswan 5.1.0, and I am trying to set up an
IKEv2 IPv6-to-IPv6 tunnel such that all road warrior's traffic should go
through this VPS. This VPS has a /64 routed subnet. The roadwarriors
have IPv6 access. Now the problem is that the tunnel can be established,
but no traffic can go between the VPS server and road warriors. The IPv4
part of this VPN works fine. Here are my configurations:
ipsec.conf
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
rekey=no
keyingtries=3
dpdaction=clear
dpddelay=30
dpdtimeout=120
left=server.public.ipv4.addr
leftsubnet=0.0.0.0/0
right=%any
conn IKEv2
keyexchange=ikev2
ike=aes256-sha1-modp1024!
auto=add
leftauth=pubkey
leftcert=serverCertv4.pem
right=%any
rightsourceip=ipv4.private.addr/24
rightauth=eap-radius
rightsendcert=never
eap_identity=%any
conn IKEv2-IPv6
left=server.public.ipv6.addr
leftsubnet=::/0
keyexchange=ikev2
ike=aes256-sha1-modp1024!
auto=add
leftauth=pubkey
leftcert=serverCertv6.pem
leftfirewall=yes
right=%any
rightsourceip=subnet.prefix/112
rightauth=eap-radius
rightsendcert=never
eap_identity=%any
And ip6tables:
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A FORWARD -s subnet.prefix/64 -j ACCEPT
Thanks a lot,
TZ
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
