Am 05.11.18 um 11:39 schrieb Michael Hock:
Hello,
I'm trying to set up an ipsec server on a linux machine. The connection between clients and server should be IPv6 only but also needs to transport IPv4 packets. However, the linux kernel doesn't seem to support a feature which is required to transport IPv4 packets within an IPv6 ipsec connection, as shown here: https://wiki.strongswan.org/issues/939
Does maybe one of you know how to transport IPv4 packets in an IPv6 ipsec connection, or do we need to wait for the linux kernel to support this feature? Because this stops me from switching to IPv6 ipsec connections and I would like to reduce the usage of IPv4 as much as possible ...
I am not sure if I understand you correctly. I am also not very familiar with ipsec and with strongswan. They are on my long to do list...for rainy days. I also know there are thousand kinds of "ipsec". I found a very old script(2013). Some people told me, this kind of ipsec may be obsoleted already. But it makes two things clear to me: you can use ipsec IPv6 as transport with payload IPv4 or IPv4/IPv6. https://gist.github.com/vi/5628320 allows only IPv4-payload, with a little bit rewriting I have got dual stack payload over IPv6. (tested between my work place and my home ISP) I am not sure if it helps you. But I don't see limitations by Linux at the moment. (ok, I did not speak about dual stack transport, but in worst case you can use different instances for that) Regards, Thomas