Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
IPSec Phase 1 IPv4 Phase 2 IPv6
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec Phase 1 IPv4 Phase 2 IPv6 (Read 3839 times)
sachaz
Newbie
Posts: 9
Karma: 1
IPSec Phase 1 IPv4 Phase 2 IPv6
«
on:
July 24, 2018, 01:05:26 am »
Hi,
I'm trying to do something like this:
ServerZZTop
-----
FirewallA
[OPNSense]
o===(IPSEC)===o
FirewallB
[OpenBSD] -----
Internet
ServerZZTop have a public IPv4/6
Phase 1 Type: IPv4 IKE v1
Phase 2 Type: ESP IPv4 tunnel
Phase 2 Type: ESP IPv6 tunnel
Yes I got I phase 2 for an IPv4 tunnel AND another one for an IPv6 tunnel, Strongswan is suposed to work like this(
https://www.strongswan.org/testing/testresults/ipv6/net2net-ip6-in-ip4-ikev1/
).
1st problem is the following message when I try to modify my phase 1: "There is a Phase 2 using IPv6, you cannot use IPv4".
When I mount the tunnel:
If I ping from FirewallA to ServerZZTop the IPv4 tunnel is working: I can ping from Internet ServerZZTop IPv4
During 5 second after tunnel mounting I can ping from Internet ServerZZTop IPv6 then the ICMP packet is coming to ServerZZTop but there is only outgoing "ICMP6, neighbor solicitation" on my ServerZZTop Interface
I have to set mtu 1378 to ServerZZTop's interface to make IPv4 work fine
In FirewallA IPSec logs, I got: "installing route failed: ::/0 via $(FirewallA Default IPv4 Gateway) src $(FirewallA IPv6 Gateway for ServerZZTop) dev pppoe0"
I'm stucked to make the IPv6 Phase2 and I don't understand why I have this message from OPNSense (my 1st problem)
Kind regards
«
Last Edit: July 24, 2018, 01:11:44 am by sachaz
»
Logged
sachaz
Newbie
Posts: 9
Karma: 1
Re: IPSec Phase 1 IPv4 Phase 2 IPv6
«
Reply #1 on:
August 02, 2018, 09:30:24 am »
All of this is fixed now:
https://atelier.aquilenet.fr/projects/services/wiki/Librehosting
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
IPSec Phase 1 IPv4 Phase 2 IPv6