Hi all To finish off this ancient thread, I've written up what it took to get StrongSwan to play nicely with iked and to build a GRE tunnel over the IPSec link:
http://markus.wernig.net/en/it/ip6tunnel.phtml Any feedback is of course very welcome. krgds /markus On 08/13/2014 06:05 AM, Markus Wernig wrote: > Finally found a rather awkward workaround: > > 1) On the VPN GW, set an ip alias from a different subnet > (192.168.100.1/24) on the primary interface > 2) Set up iked.conf with > ikev2 ... > from 0.0.0.0/0 to 192.168.100.0/24 > config address 192.168.100.0/24 > config address 192.168.100.2 > (yes, both ...) > 3) On the client, configure tunnel mode instead of transport mode, > configure remote subnet to be 192.168.100.0/24, but still request ip > configuration from IKEv2.