Is it possible to use IPv4 link-local addresses in IPsec tunnel?



  • Hi,
    Is it possible to use IPv4 Link-local addresses in a IPsec tunnel.

    I'm trying to setup a IPsec tunnel, where the remote end is using link-local addresses, but I can't get it to work. It seems that packets to these addresses are not being tunneled.

    Blocking of link-local addresses is disabled

    Firewall version:
    PFsense
    Version 2.4.2-RELEASE-p1 (amd64)
    built on Tue Dec 12 13:45:26 CST 2017
    FreeBSD 11.1-RELEASE-p6

    Any good ideas.

    Thanks in advance

    Rgds,

    Jesper



  • No. Link local addresses are not supposed to be routed, which means they work no further than the local LAN. Use something in the RFC1918 ranges.



  • That was also what I expected, but AWS uses these addresses, and I'm trying to set up a tunnel towards AWS

    https://forums.aws.amazon.com/thread.jspa?threadID=169512

    Rgds,

    Jesper


  • Rebel Alliance Developer Netgate

    Within AWS is different they only use them for one-hop of routing, not for NAT or other things. You can't reach them from outside that interface. You shouldn't see any traffic to/from those IP addresses except maybe BGP.