Add "IPv4+IPv6" protocol value for IPSEC mobile VPN #4819
Labels
Comments
|
@goodomens42 we don't accept patches inside issues, for discussion and feature merges we advise to use the normal GitHub PR process (https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests) |
jasperroloff
added a commit
to jasperroloff/opnsense-core
that referenced
this issue
Aug 17, 2021
|
@goodomens42 Based on your patch, I've created a PR: see #5166 |
|
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
IPv6 is becoming more important day by day as more and more mobile users are using connections with DS-Lite or pure IPv6.
In order to setup a mobile tunnel that works with IPv4 and IPv6 in OPNsense you have to specify the interface as "any".
This approach might have undesired side effects in a configuration with several WAN interfaces that are used for IPSEC.
It would be nice to have a "clean" way to configure the mobile user connection for both IPv4 and IPv6.
I have created a patch, that allows setting the protocol to "any" when editing the mobile user connection.
The generated StrongSwan configuration will then contain something like
left = 1.2.3.4,2001:1:2:3:4::1which works fine for us in production use.
I am aware this will only work for IKEv2, maybe there should be some kind of warning if using protocol=any with IKEv1.
opnsense_ipsec.patch.txt
The text was updated successfully, but these errors were encountered: