I'm trying to run an IPsec tunnel between a Linux router and a FreeBSD router, but the FreeBSD router isn't passing any of the IPv6 traffic (IPv4 works perfectly). I have the following in /etc/ipsec.conf:
spdadd 10.1.0.0/21 10.2.2.0/24 any -P out ipsec esp/tunnel/192.0.2.1-192.0.2.2/require ; spdadd 10.2.2.0/24 10.1.0.0/21 any -P in ipsec esp/tunnel/192.0.2.2-192.0.2.1/require ; spdadd 2001:1:1::/48 2001:2:2:2::/64 any -P out ipsec esp/tunnel/192.0.2.1-192.0.2.2/require ; spdadd 2001:2:2:2::/64 2001:1:1::/48 any -P in ipsec esp/tunnel/192.0.2.2-192.0.2.1/require ; When I try to ping an IPv6 host through the tunnel in either direction, I'm seeing the packet on the FreeBSD router's enc0 device, but I get the following error on the FreeBSD router's console: ipsec6_output_tunnel: family mismatched between inner and outer, spi=49961579 ip6_output (ipsec): error code 47 I found the error message in src/sys/netipsec/ipsec_output.c (r245225, line 833). I guess that I assumed that one could tunnel IPv6 over an IPv4 IPsec tunnel. Is this not the case? Will I have to encapsulate the IPv6 traffic in an IPIP or GRE tunnel? I don't want to build an IPv6 IPsec tunnel, because I connect to the IPv6 Internet through a tunnel broker. The latency and encapsulation overhead would be too much for my purposes. I noticed a PR by someone who got the same error message: http://www.freebsd.org/cgi/query-pr.cgi?pr=147894&cat=kern -- I FIGHT FOR THE USERS _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
