IPv6 Legacy Configuration Examples » History » Version 3
Version 2 (Andreas Steffen, 18.11.2017 12:51) → Version 3/5 (Andreas Steffen, 16.11.2018 22:49)
h1. Legacy IPv6 Examples
These example scenarios use the deprecated stroke management interface.
h2. Site-to-Site
|IPv6 in IPv6 tunnel mode |{{tc(ipv6-stroke/net2net-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ikev2/,IKEv2)}} |
|IPv4 in IPv6 tunnel mode |{{tc(ipv6-stroke/net2net-ip4-in-ip6-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ip4-in-ip6-ikev2/,IKEv2)}} |
|IPv6 in IPv4 tunnel mode |{{tc(ipv6-stroke/net2net-ip6-in-ip4-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ip6-in-ip4-ikev2/,IKEv2)}} |
h2. Host-to-Host
|IPv6 tunnel mode |{{tc(ipv6-stroke/host2host-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/host2host-ikev2/,IKEv2)}} |
|IPv6 transport mode |{{tc(ipv6-stroke/transport-ikev1/,IKEv1)}} |{{tc(ipv6v/transport-ikev2/,IKEv2)}} |
h2. Remote Access
|RSA authentication with X.509 certificates |{{tc(ipv6-stroke/rw-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-ikev2/,IKEv2)}} |
|PSK authentication with pre-shared keys |{{tc(ipv6-stroke/rw-psk-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-psk-ikev2/,IKEv2)}} |
|IPv6 in IPv4 tunnel mode with virtual IP |{{tc(ipv6-stroke/rw-ip6-in-ip4-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-ip6-in-ip4-ikev2/,IKEv2)}} |
Please be aware that the strongSwan IKE daemon cannot listen on IPv6 *link-local* addresses (fe80:..). You must assign a *site-local*, *unique-local*, or *global* IPv6 address to the physical network interface first.
These example scenarios use the deprecated stroke management interface.
h2. Site-to-Site
|IPv6 in IPv6 tunnel mode |{{tc(ipv6-stroke/net2net-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ikev2/,IKEv2)}} |
|IPv4 in IPv6 tunnel mode |{{tc(ipv6-stroke/net2net-ip4-in-ip6-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ip4-in-ip6-ikev2/,IKEv2)}} |
|IPv6 in IPv4 tunnel mode |{{tc(ipv6-stroke/net2net-ip6-in-ip4-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/net2net-ip6-in-ip4-ikev2/,IKEv2)}} |
h2. Host-to-Host
|IPv6 tunnel mode |{{tc(ipv6-stroke/host2host-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/host2host-ikev2/,IKEv2)}} |
|IPv6 transport mode |{{tc(ipv6-stroke/transport-ikev1/,IKEv1)}} |{{tc(ipv6v/transport-ikev2/,IKEv2)}} |
h2. Remote Access
|RSA authentication with X.509 certificates |{{tc(ipv6-stroke/rw-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-ikev2/,IKEv2)}} |
|PSK authentication with pre-shared keys |{{tc(ipv6-stroke/rw-psk-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-psk-ikev2/,IKEv2)}} |
|IPv6 in IPv4 tunnel mode with virtual IP |{{tc(ipv6-stroke/rw-ip6-in-ip4-ikev1/,IKEv1)}} |{{tc(ipv6-stroke/rw-ip6-in-ip4-ikev2/,IKEv2)}} |
Please be aware that the strongSwan IKE daemon cannot listen on IPv6 *link-local* addresses (fe80:..). You must assign a *site-local*, *unique-local*, or *global* IPv6 address to the physical network interface first.