--- /dev/null
+conn roaming-host-domain
+ leftsubnet=fdfd:dead:beef::/48
+ modecfgdomains="in.example.org f.e.e.b.d.a.e.d.d.f.d.f.ip6.arpa"
+ #modecfgdomains="."
--- /dev/null
+conn roaming-host-ipv6
+ also=roaming-host-common
+ hostaddrfamily=ipv6
+
+conn roaming-host-ipv4
+ also=roaming-host-common
+ hostaddrfamily=ipv4
+ # Required so that client is considered IPv6:
+ rightsubnet=::/0
+ ipsec-interface=yes
+ leftupdown="/usr/libexec/ipsec/_updown.host4client6"
+
+conn roaming-host-common
+ also=roaming-host-domain
+ # Authorisation
+ authby=rsa-sha2
+ leftid=%fromcert
+ rightid=%fromcert
+ # Networking
+ clientaddrfamily=ipv6
+ right=%any
# Generic roaming configurations
conn roaming-ipv6
- hostaddrfamily=ipv6
also=roaming-common
-
+ hostaddrfamily=ipv6
ipsec-interface=yes
conn roaming-ipv4
- hostaddrfamily=ipv4
also=roaming-common
-
- # Required so that client is considered IPv6
+ hostaddrfamily=ipv4
+ # Required so that client is considered IPv6:
leftsubnet=::0/0
ipsec-interface=yes
leftupdown="/usr/libexec/ipsec/_updown.host4client6"
leftid=%fromcert
rightid=%fromcert
leftcert=ipa-client
-
# Networking
left=%defaultroute
clientaddrfamily=ipv6