Rockhopper VPN

IPsec/IKEv2-based VPN software for Linux

• Top
• About
• Getting Started
• Screenshots
• Download
• Documents
• Contact

[Remote Access VPN] IPv6 address Auto-configuration over IPsec

By enabling IPv6 address Auto-configuration over IPsec, a remote client can execute IPv6 address Auto-configuration for a VPN interface (a TUN/TAP virtual interface). The IPv6 addresses can be used as source addresses to communicate with internal hosts on protected remote network/LAN.

This is a Rockhopper's private extension.

IPv6 address Auto-configuration (IPv6 Router Advertisement) by internal router needs to be enabled on protected remote network/LAN.

- Configure a remote configuration server - A gateway/concentrator node

1. Open Rockhopper Web Console and login.
   
   
2. Load a VPN realm's configuration.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree]

3. Setup Service.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree]
   > Service[Left-Tree]: Click this tree node and show Service pane.

   - Remote Configuration(IKEv2): Select Remote Configuration Server.

4. Setup Remote Config Server.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree]
   >Service[Left-Tree] > Remote Config Server[Left-Tree]:
   

   Click this tree node and show Remote Configuration Server(IKEv2) pane.

5. Setup Remote Configuration Server - Options.
   

   - Remote Configuration Server(IKEv2)[Pane] > Options[Tab]:

   - Check Allow IPv6 address Auto-configuration for remote clients.
   
   

   - If needed, check the followings.
   
   - Don't forward packets between remote clients
       - Allow only link-local ICMPv6 for IPv6 address Auto-configuration.
   
   

6. Save this realm's configuration.

   - VPN Configuration[Tab] > Edit VPN Realm(Save, Add, etc.)[Left-Tree]:
   Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

   - Click Save Configuration button.

Also, you can configure an IPv6 internal address pool as usual. If a remote client (like a Windows 7/8/10 client) doesn't support or enable IPv6 address Auto-configuration over IPsec, the pool is used instead.

- Configure a remote client

IPv6 address Auto-configuration for a remote client is enabled by default. If you want to change it, show Advanced Settings.

1. Open Rockhopper Web Console and login.
   
   
2. Load a VPN realm's configuration and check Advanced Settings.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree]

3. Setup VPN Interface.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree]
   > VPN Interface[Left-Tree]: Click this tree node and show VPN Tunnel/TAP Interface pane.

   - Enter the following.

   Internal Address Type: Auto(IKEv2 Configuration)
   

   - Check or uncheck Enable IPv6 address Auto-configuration. (Rockhopper's private extension)
   
   

4. Setup Service.

   - VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree]
   > Service[Left-Tree]: Click this tree node and show Service pane.

   - Remote Configuration(IKEv2): Select Remote Access Client.

5. Save this realm's configuration.

   - VPN Configuration[Tab] > Edit VPN Realm(Save, Add, etc.)[Left-Tree]:
   Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

   - Click Save Configuration button.

- A configuration example

• [IPv4 and IPv6] IPv6 address Auto-configuration over IPsec, Bridge (Virtual Ethernet over IPsec), One-armed, Behind a NAT/NAPT and EAP (Rockhopper client) / certificate (PKCS#12/X.509, Rockhopper gateway).
  

- Protocol details

See comments and source codes in [rockhopper/app/rhp_ikev2_cfg.c].

Back to Top

Copyright © 2011 T.HANADA All Rights Reserved.