This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] IPv6 ipsec tunnel server on linux server
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jorma Mellin
jorma at jmellin.net
Tue Nov 6 15:59:16 CET 2018
Hi all, IPSec tunnel is transparent to IP payload in general, so it is perfectly ok to run IPv4 over IPv6 tunnel. The key issue is how get the traffic into the tunnel as you cannot set IPv6 next-hop to IPv4 route. I’m not familiar how to do this in Linux OS but in general if you can set the next-hop to virtual tunnel-interface then you are one step further. Jome ----------------- Jorma Mellin Trustee SIY ry / ISOC Finland Chapter ENISA PSG member jorma at jmellin.net > On 06 Nov 2018, at 16:49, Gert Doering <gert at space.net> wrote: > > Hi, > > On Mon, Nov 05, 2018 at 08:18:31PM +0100, Gert Doering wrote: >> On Mon, Nov 05, 2018 at 11:39:54AM +0100, Michael Hock wrote: >>> I'm trying to set up an ipsec server on a linux machine. The connection >>> between clients and server should be IPv6 only but also needs to transport >>> IPv4 packets. >>> However, the linux kernel doesn't seem to support a feature which is >>> required to transport IPv4 packets within an IPv6 ipsec connection, as >>> shown here: >>> https://wiki.strongswan.org/issues/939 >>> >>> Does maybe one of you know how to transport IPv4 packets in an IPv6 ipsec >>> connection, or do we need to wait for the linux kernel to support this >>> feature? Because this stops me from switching to IPv6 ipsec connections and >>> I would like to reduce the usage of IPv4 as much as possible ... >> >> Without wanting to understand whether Linux can actually *do* this, what >> you generally do is "put an intermediate tunnel header here". > > It has been pointed out to me that I read your post upside-down - not > "IPv6 over IPv4 IPSEC" was the goal, but "IPv4 (+IPv6) over IPv6 IPSEC". > > But the net recommendation is the same - build an outer IPSEC connection > over IPv6, set up a tunnel interface to use that, route IPv4 through this > second tunnel. > > > (And, of course, OpenVPN could do IPv4-over-IPv6 over 10+ years ago ;-)) > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
- Previous message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
- Next message (by thread): [ipv6-wg] IPv6 ipsec tunnel server on linux server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]