Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?
- In reply to: Michael Grimm : "Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 15 Jan 2024 15:30:18 UTC
Me wrote: > On 15. Jan 2024, at 16:15, Michael Grimm <trashcan@ellael.org> wrote: > > Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: >> W dniu 15.01.2024 o 15:35, Michael Grimm pisze: > >>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254" > >> Please try: >> route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254" > > Bingo! That did the trick: > > Internet6: > Destination Gateway Flags Netif Expire > fd00:a:a:a::/64 fd00:a:a:a::254 UGS ipsec0 > fd00:a:a:a::254 link#4 UH ipsec0 > fd00:b:b:b::250 link#3 UHS lo0 That has been a bit premature, because now, the IPv4 routing has been lost. Because when having two identical route_tunnel0= keywords provided, the latter wins. FTR: Here is the final solution: /etc/rc.conf: cloned_interfaces="ipsec0" static_routes="tunnel0 tunnel1" create_args_ipsec0="reqid 104" ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.40" ifconfig_ipsec0_ipv6="inet6 fd00:b:b:b::250 fd00:a:a:a::254 prefixlen 128 tunnel 1.2.3.4 10.20.30.40" route_tunnel0="10.1.1.0/24 10.1.1.254" route_tunnel1="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254" ifconfig vtnet0: vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1490 tunnel inet 1.2.3.4 --> 10.20.30.40 inet 10.2.2.250 --> 10.1.1.254 netmask 0xffffff00 inet6 fd00:b:b:b::250 --> fd00:a:a:a::254 prefixlen 128 netstat -rn: Internet: Destination Gateway Flags Netif Expire 10.1.1.0/24 10.1.1.254 UGS ipsec0 10.1.1.254 link#4 UH ipsec0 10.2.2.250 link#3 UHS lo0 Internet6: Destination Gateway Flags Netif Expire fd00:a:a:a::/64 fd00:a:a:a::254 UGS ipsec0 fd00:a:a:a::254 link#4 UH ipsec0 fd00:b:b:b::250 link#3 UHS lo0 > Thanks to all who helped, and to me: lessons learned ;-) Yeah, Michael