FreeBSD 13 - StrongSwan 4in6 Tunneling Routing

[tanis]

Hi,

I'm experimenting with StrongSwan 4in6 Tunneling. IPv6 tunnel gets established successfully, and IPv4 addr is assigned from the pool to the client. Now I'm stuck with the routing between the client at the end of the IPv6 tunnel which I cannot reach by it's IPv4 assigned address. All my research brings up NAT, but from my point of view, all IPv4 packets are encapsulated by IPv6, so after exiting the IPv6 tunnel, the IPv4 packet should be extracted and the usual IPv4 rules (firewall, routing) should apply.

What do I miss here ? Do I really have to NAT the IPv4 inside the IPv6 tunnel ?

Any advice is highly appreciated.

Thanks in advance.

 

[tanis]

Update:

Launched a second VM running Alma 9 and used the exact same configuration. The first surprise, launching StrongSwan creates an interface ipsec0 which I don't get on FreeBSD. Second surprise, IPv4-in-IPv6 is working right out of the gate, where as with FreeBSD I don't see any traffic.

Any advice on how I can narrow that down to it's an FreeBSD issue or an StrongSwan issue ?

Anyone else any experience with this ?

Edit:
Another issue I notice, somehow in FreeBSD I experience a strange issue that when I try to connect to StrongSwan using IPv6 the log file shows:

charon 04NET error writing to socket: No route to host

After a reboot I'm able to establish a connection successfully for quite some time until this error appears again and I'm unable to reconnect till I reboot the VM again. Somehow a very strange behaviour. Just for the record packet filtering has been disabled.