[solved?] IPv6, win10 client: Road Warrior IPsec, no route ::/0->:: on IPsec int



  • Hi there,

    I am configuring a Road Warrior IPsec on IPv6 stack on an additional pfSence 2.4.2-p1 firewall. The settings are very similar to the IPsec on IPv4 settings on my master pfSense 2.3.5-p1 firewall.

    The Local Network is ::/0, Remote Network - fddf❌x❌x❌x:0/112 .

    I can login to the VPN over IPv6. But the network is not accessible. After adding route ::/0 -> :: on the IPsec host interface, everything works as expected:

    route -6 add ::/0 gateway :: metric 1 if 27
    

    On the IPsec on IPv4 such route is automatically created by pfSense after the login:

    
    route print
    ...
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
    ...
              0.0.0.0          0.0.0.0         On-link       10.33.111.5     26
    ...
    
    

    Have you any idea, what I am doing wrong?

    P.S. host machines are windows 10 with the built-in IPsec client.

    Best regards
    yarick123



  • It seems to be a regular win10 IPv6 VPN client problem. Maybe it should be solved by using link-local addresses on IPsec interface.

    For now I have solved the problem by creating a power shell script to create a windows VPN connection definition. The script adds route ::/0->::

    
    Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix ::/1
    Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix 8000::/1
    
    

    The Add-VpnConnectionRoute cmdlet does not allow to manipulate with ::/0 , this is why there are two routes, for ::/1 and for 8000::/1

    And how are you, who already uses IPsec on IPv6, working with client routes? Are they automatically created? Do you use link-local addresses on IPsec interface?