Hi,I'm trying to connect IPv4 networks over an IPv6 tunnel using OpenIKED without success.
Here a short overview: Site-A: - several IPv4 networks- OpenIKED (OpenBSD 6.5) on a multihomed host, internal IPv4 address, external IPv6 address
Site-B: - one IPv4 network - Cisco something (not under my control), external IPv6 address IKEv2 tunnel using OpenIKED between the external IPv6 addresses of both sites.IPv4 networks of Site-A should be able to communicate with the IPv4 network of Site-B and the other way round through the IKEv2 tunnel.
The actual state:The IKEv2 tunnel is established and all flows and SAs are showing up correctly in 'ipsecctl -s all'. If I run a ping on a host in Site-A to another host in Site-B I can see the packets arrive on the internal interface of the OpenIKED/OpenBSD machine. The pinging host in Site-A immediately receives a "Destination Host Unreachable" from the OpenIKED/OpenBSD machine. If I listen on 'enc0' to see the packets traveling through the tunnel nothing appears at all. It seems that the flows are not correctly evaluated so the OpenIKED/OpenBSD machine has no route to the destination host/network.
Testing:If both sites use IPv4 addresses on the external interface to establish the IKEv2 tunnel, everything is working as expected without changing the configuration beside the IP address relevant parts.
Question:Is the above scenario, routing IPv4 networks over IPv6-only IKEv2 tunnel. supported at all?
Am I hitting some sort of bug? Am I missing something in my configuration? Kind regards Joerg
smime.p7s
Description: S/MIME Signature
