Hi —
Is there a way to set the default outgoing IPv6 address of a network interface?
To my understanding the IPv6 address is used that is bound to the interface by
ifconfig_IFNAME_ipv6, right?
I need to route all my traffic to a remote server via an IPSEC tunnel (racoon)
that has a setkey.conf as follows:
spdadd fd00:1234:1234:1234::/64 fd00:abcd:abcd:abcd::/64 any -P out
ipsec esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd fd00:abcd:abcd:abcd::/64 fd00:1234:1234:1234::/64 any -P in
ipsec esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
I can use that tunnel from my jails because they have addresses from the
fd00:1234:1234:1234::/64 or fd00:abcd:abcd:abcd::/64 address space bound to
their epairXb interfaces. But, my hosts have addresses from
2001:dead:beaf:aaaa::/56 or 2001:dead:beaf:bbbb::/56 respectively. And, here my
tunnel won't work.
I did try to set a local address to ifconfig_IFNAME_ipv6, though. But then the
host is working, but the jails are failing to route through the tunnel.
I did try to add to my setkey.conf:
spdadd 2001:dead:beaf:aaaa::/56 fd00:abcd:abcd:abcd::/64 any -P out
ipsec esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd 2001:dead:beaf:bbbb::/56 fd00:1234:1234:1234::/64 any -P in
ipsec esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
But that doesn't work either.
Every help is highly welcome and thanks in advance.
Regards,
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
