On Mon, Feb 11, 2019 at 03:32:17PM +0100, Aram Hăvărneanu wrote: > Hello, > > I am trying to set-up an dual-stack IKEv2/IPsec VPN. The server is > OpenBSD (obviously). The clients are macs (so far). IPv4 works, but > I can't get IPv6 working for the clients. The clients get a v6 IP > and a good route, but it seems routing doesn't work on OpenBSD's > side.
> My iked.conf is > > freedom# cat /etc/iked.conf > > ikev2 "vpn" passive ipcomp esp \ > from 0.0.0.0/0 to 0.0.0.0/0 \ > local egress peer any \ > psk "XXXXXXXX" \ > config address 172.24.24.0/24 \ > config address 2001:470:8c78:a0::/64 \ > config name-server 172.24.24.1 \ > config name-server 2001:470:8c78:a0:: \ > tag "vpn" tap enc0 > freedom# By default, iked inserts a flow which blocks IPv6. To prevent this, either configure explicit IPv6 flows (from/to with IPv6 addresses), or pass the -6 option to iked (see the man page).
