Re: Can't set up IPv6 for IKEv2 VPN

Aram Hăvărneanu Mon, 11 Feb 2019 07:01:35 -0800

>> By default, iked inserts a flow which blocks IPv6. To prevent
>> this, either configure explicit IPv6 flows (from/to with IPv6
>> addresses), or pass the -6 option to iked (see the man page).
>
> Forgot to mention that I already do this:
>
>     freedom# cat /etc/rc.conf.local
>     iked_flags=-6
>     unbound_flags=


Hmm.

I was, indeed, passing -6, but I wasn't passing an explicit ::0/0
in iked.conf. This set-up works:

freedom# cat /etc/iked.conf
ikev2 "vpn" passive ipcomp esp \
        from 0.0.0.0/0 to 0.0.0.0/0 \
        from ::0/0 to ::0/0 \
        local egress peer any \
        psk "XXXXX" \
        config address 172.24.24.0/24 \
        config address 2001:470:8c78:a0::/64 \
        config name-server 172.24.24.1 \
        config name-server 2001:470:8c78:a0:: \
        tag "vpn" tap enc0

Many thanks for the pointer!

-- 
Aram Hăvărneanu

Re: Can't set up IPv6 for IKEv2 VPN

Reply via email to