Is it possible to use IPv4 link-local addresses in IPsec tunnel?
-
Hi,
Is it possible to use IPv4 Link-local addresses in a IPsec tunnel.I'm trying to setup a IPsec tunnel, where the remote end is using link-local addresses, but I can't get it to work. It seems that packets to these addresses are not being tunneled.
Blocking of link-local addresses is disabled
Firewall version:
PFsense
Version 2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6Any good ideas.
Thanks in advance
Rgds,
Jesper
-
No. Link local addresses are not supposed to be routed, which means they work no further than the local LAN. Use something in the RFC1918 ranges.
-
That was also what I expected, but AWS uses these addresses, and I'm trying to set up a tunnel towards AWS
https://forums.aws.amazon.com/thread.jspa?threadID=169512
Rgds,
Jesper
-
Within AWS is different they only use them for one-hop of routing, not for NAT or other things. You can't reach them from outside that interface. You shouldn't see any traffic to/from those IP addresses except maybe BGP.