Bug #3285

Virtual IPs on FreeBSD cannot set IPv6 addresses

Added by Chris Ryder about 1 year ago. Updated about 1 year ago.

Start date:
Due date:
Estimated time:
Affected version:


Running StrongSwan 5.8.1 on a FreeBSD 12.1 machine, acting as a roaming VPN client it appears that StrongSwan is only able to assign IPv4 addresses to the tun interface. IPv4 traffic works fine, and I have other VPN clients (iOS and Mac OS X built-in clients) connect to the VPN server and get both IPv6 and IPv4 addresses assigned correctly. However, on the FreeBSD client, StrongSwan reports the following when it brings up the VPN:

scheduling reauthentication in 86170s
maximum IKE_SA lifetime 86350s
installing new virtual IP 81.XX.XX.XX
created TUN device: tun0
installing new virtual IP 2001:XXX:XXXX:XXXX::XXXX
created TUN device: tun1
failed to add address on tun1: Invalid argument
installing virtual IP 2001:XXXX:XXXX:XXXX::XXXX failed
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
CHILD_SA vpn{2} established with SPIs c740b4b1_i 65f904ab_o and TS 81.XX.XX.XX/32 === 81.XX.XX.YY/29 ZZ.ZZ.ZZ.ZZ/28
connection 'vpn' established successfully

Digging into the `failed to add address on tun1: Invalid argument` message, I think the problem is that in the SIOCAIFADDR ioctl (and other friends) is being used, which I think only supports IPv4 address on FreeBSD/Darwin - for IPv6 I think SIOCAIFADDR_IN6 and friends are needed. I don't have any experience of that level of networking code though, but the source for the FreeBSD ifconfig tool shows a difference between inet and inet6 code paths:

There is also a sample of how to set IPv6 addresses on Darwin which looks similar:

Related issues

Related to Issue #974: Charon crash on Mac OS with IPv6 Virtual IPNew30.05.2015


#1 Updated by Tobias Brunner about 1 year ago

  • Status changed from New to Feedback

That's a known issue. See the (very old) commit in the tun-device-ipv6 branch. Since I had no IPv6 connectivity at the time (and nobody really seemed interested), I never tested it (don't know if it even is complete).

#2 Updated by Chris Ryder about 1 year ago

Ah, I hadn't managed to find that branch - I'll see if I can get that code updated to work in my FreeBSD scenario, thanks!

#3 Updated by Tobias Brunner about 1 year ago

  • Related to Issue #974: Charon crash on Mac OS with IPv6 Virtual IP added

Also available in: Atom PDF