rms/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2026-05-17 08:05:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
hwdsl2
2026-03-24 22:24:22 -05:00
parent ea9b0dc90a
commit b30b95185d
2 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/advanced-usage.md
View File

@@ -262,14 +262,31 @@ In the examples above, `VPN_L2TP_LOCAL` is the VPN server's internal IP for IPse
If your VPN server has a public (global unicast) IPv6 address and the requirements below are met, IPv6 support for IKEv2 clients is automatically enabled during VPN setup. No manual configuration is needed.
**Note:** IPv6 support has been tested on Android using the strongSwan VPN client, and on Windows with the additional steps in the note below. Other platforms (e.g. macOS, iOS) may have limitations or require additional configuration for IPv6 to work over the IKEv2 VPN.
**Note:** IPv6 works without additional configuration when using the strongSwan VPN client on Android. For Windows and macOS clients, follow the platform-specific steps below. iOS clients do not currently support routing IPv6 traffic through the IKEv2 VPN.
**Note:** For **Windows** clients, if you used the `ikev2_config_import.cmd` script to import IKEv2 configuration, you can answer **y** when prompted to automatically add IPv6 routes. Otherwise, run the following commands once in a PowerShell window to route IPv6 traffic through the VPN. Replace `IKEv2 VPN X.X.X.X` with the actual name of your VPN connection. When finished, reconnect to the IKEv2 VPN.
<details>
<summary>
Windows: Route IPv6 traffic through the VPN
</summary>
If you used the `ikev2_config_import.cmd` script to import IKEv2 configuration, you can answer **y** when prompted to automatically add IPv6 routes. Otherwise, run the following commands once in a PowerShell window to route IPv6 traffic through the VPN. Replace `IKEv2 VPN X.X.X.X` with the actual name of your VPN connection. When finished, reconnect to the IKEv2 VPN.
```powershell
Add-VpnConnectionRoute -ConnectionName "IKEv2 VPN X.X.X.X" -DestinationPrefix ::/1
Add-VpnConnectionRoute -ConnectionName "IKEv2 VPN X.X.X.X" -DestinationPrefix 8000::/1
```
</details>
<details>
<summary>
macOS: Route IPv6 traffic through the VPN
</summary>
After connecting to the IKEv2 VPN, run the following command in Terminal to route IPv6 traffic through the VPN. This command must be run each time you connect. The route is automatically removed when you disconnect from the VPN. The interface is usually `ipsec0`; if you have multiple VPN connections active it may be `ipsec1`, etc. Run `ifconfig | grep ipsec` to confirm.
```
sudo route -n add -inet6 default -interface ipsec0
```
</details>
When IPv6 is enabled, IKEv2 VPN clients receive both an IPv4 address from the `192.168.43.0/24` pool and an IPv6 address from the `fddd:500:500:500::/64` pool. The VPN server masquerades IPv6 traffic from the client pool through the server's own IPv6 address, giving VPN clients full IPv6 internet access through the tunnel.