-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "IPv4+IPv6" protocol value for IPSEC mobile VPN #4819
Comments
@goodomens42 we don't accept patches inside issues, for discussion and feature merges we advise to use the normal GitHub PR process (https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests) |
@goodomens42 Based on your patch, I've created a PR: see #5166 |
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
IPv6 is becoming more important day by day as more and more mobile users are using connections with DS-Lite or pure IPv6.
In order to setup a mobile tunnel that works with IPv4 and IPv6 in OPNsense you have to specify the interface as "any".
This approach might have undesired side effects in a configuration with several WAN interfaces that are used for IPSEC.
It would be nice to have a "clean" way to configure the mobile user connection for both IPv4 and IPv6.
I have created a patch, that allows setting the protocol to "any" when editing the mobile user connection.
The generated StrongSwan configuration will then contain something like
left = 1.2.3.4,2001:1:2:3:4::1
which works fine for us in production use.
I am aware this will only work for IKEv2, maybe there should be some kind of warning if using protocol=any with IKEv1.
opnsense_ipsec.patch.txt
The text was updated successfully, but these errors were encountered: