[solved?] IPv6, win10 client: Road Warrior IPsec, no route ::/0->:: on IPsec int
I am configuring a Road Warrior IPsec on IPv6 stack on an additional pfSence 2.4.2-p1 firewall. The settings are very similar to the IPsec on IPv4 settings on my master pfSense 2.3.5-p1 firewall.
The Local Network is ::/0, Remote Network - fddfxxx:0/112 .
I can login to the VPN over IPv6. But the network is not accessible. After adding route ::/0 -> :: on the IPsec host interface, everything works as expected:
route -6 add ::/0 gateway :: metric 1 if 27
On the IPsec on IPv4 such route is automatically created by pfSense after the login:
route print ... IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric ... 0.0.0.0 0.0.0.0 On-link 10.33.111.5 26 ...
Have you any idea, what I am doing wrong?
P.S. host machines are windows 10 with the built-in IPsec client.
It seems to be a regular win10 IPv6 VPN client problem. Maybe it should be solved by using link-local addresses on IPsec interface.
For now I have solved the problem by creating a power shell script to create a windows VPN connection definition. The script adds route ::/0->::
Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix ::/1 Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix 8000::/1
The Add-VpnConnectionRoute cmdlet does not allow to manipulate with ::/0 , this is why there are two routes, for ::/1 and for 8000::/1
And how are you, who already uses IPsec on IPv6, working with client routes? Are they automatically created? Do you use link-local addresses on IPsec interface?