Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[WORKAROUND] IPSEC using ipv6 address altough ipv4 selected
« previous
next »
Print
Pages: [
1
]
Author
Topic: [WORKAROUND] IPSEC using ipv6 address altough ipv4 selected (Read 5923 times)
Arvoreen
Newbie
Posts: 5
Karma: 0
[WORKAROUND] IPSEC using ipv6 address altough ipv4 selected
«
on:
September 19, 2015, 10:19:57 am »
Hello,
it seems to me that if you enter a DNS name for the Remote gateway and this resolves to an ipv4 and ipv6 address it uses the ipv6 address even if you selected ipv4 as internet protocol on phase1
Sincerely
Pol Bettinger
«
Last Edit: September 20, 2015, 08:47:29 am by franco
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSEC using ipv6 address altough ipv4 selected
«
Reply #1 on:
September 19, 2015, 01:24:04 pm »
Hi Pol,
can you try enabling "System: Settings: Networking: Prefer to use IPv4 even if IPv6 is available" and see if that helps?
Cheers,
Franco
Logged
Arvoreen
Newbie
Posts: 5
Karma: 0
Re: IPSEC using ipv6 address altough ipv4 selected
«
Reply #2 on:
September 20, 2015, 03:29:41 am »
Hello,
yes that works too.
I already helped myself by using the IP instead of the DNS.
Sincerely
Pol Bettinger
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSEC using ipv6 address altough ipv4 selected
«
Reply #3 on:
September 20, 2015, 08:47:17 am »
Ok, that is good to hear. It may be an arms race, prefering IPv6 may have other side effects down the road. Safest way would be to have a IPv6-only entry on the domain name, but that may also be out of your hands.
I will discuss with Ad if there is a solution that could be applied to IPSec handling to automatically prevent that from happening in the future, although I must say picking a DNS entry is not the IPSec daemons job as this might be handled by a system library.
Logged
Arvoreen
Newbie
Posts: 5
Karma: 0
Re: [WORKAROUND] IPSEC using ipv6 address altough ipv4 selected
«
Reply #4 on:
September 20, 2015, 03:33:58 pm »
Yes I understand the problem I also tested this on strongswan between two of my servers and saw clearly that there it also uses ipv6 when I am using the DNS names.
So for me I think the main problem is that in OPNSense you can chose ipv4 or ipv6 while configuring IPSEC but I don't see why it could be good for, as for me at first sight it doesn't have an effect on anything.
Sincerly
Pol Bettinger
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [WORKAROUND] IPSEC using ipv6 address altough ipv4 selected
«
Reply #5 on:
September 20, 2015, 04:33:21 pm »
It's used as a means to verify the remote gateway IP and the Phase 2 tunnel mode. Other than that, it's irrelevant. The only benefit I see is avoiding a few configuration errors although using a hostname as you described subverts all of this checking anyway.
Not sure how to proceed. Maybe Ad can say whether ditching this has any bad side effects or not.
Logged
Arvoreen
Newbie
Posts: 5
Karma: 0
Re: [WORKAROUND] IPSEC using ipv6 address altough ipv4 selected
«
Reply #6 on:
September 20, 2015, 08:39:44 pm »
I either doesn't have the ultimate solution to it.
Because I selected IPv4 I felt safe that it does the connection using IPv4 :-)
Perhaps a dns check of the remote host if IPv4 is selected might help and display a warning if the dns resolves then to an ipv6. (same in inverse logic if ipv6 is selected)
Sincerely
Pol Bettinger
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[WORKAROUND] IPSEC using ipv6 address altough ipv4 selected