[solved?] IPv6, win10 client: Road Warrior IPsec, no route ::/0->:: on IPsec int

  • Hi there,

    I am configuring a Road Warrior IPsec on IPv6 stack on an additional pfSence 2.4.2-p1 firewall. The settings are very similar to the IPsec on IPv4 settings on my master pfSense 2.3.5-p1 firewall.

    The Local Network is ::/0, Remote Network - fddf❌x❌x❌x:0/112 .

    I can login to the VPN over IPv6. But the network is not accessible. After adding route ::/0 -> :: on the IPsec host interface, everything works as expected:

    route -6 add ::/0 gateway :: metric 1 if 27

    On the IPsec on IPv4 such route is automatically created by pfSense after the login:

    route print
    IPv4 Route Table
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
             On-link     26

    Have you any idea, what I am doing wrong?

    P.S. host machines are windows 10 with the built-in IPsec client.

    Best regards

  • It seems to be a regular win10 IPv6 VPN client problem. Maybe it should be solved by using link-local addresses on IPsec interface.

    For now I have solved the problem by creating a power shell script to create a windows VPN connection definition. The script adds route ::/0->::

    Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix ::/1
    Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix 8000::/1

    The Add-VpnConnectionRoute cmdlet does not allow to manipulate with ::/0 , this is why there are two routes, for ::/1 and for 8000::/1

    And how are you, who already uses IPsec on IPv6, working with client routes? Are they automatically created? Do you use link-local addresses on IPsec interface?

Log in to reply