From 993f5bf9f54bcb7af20d44e7618586b55064a372 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Sat, 31 Oct 2020 11:54:27 +0100
Subject: T3035: allow mixed protocol IPsec (IPv4 over IPv6 and vice versa).

---
 scripts/vpn-config.pl | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 6720583..69d82af 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -540,15 +540,6 @@ if ($vcVPN->exists('ipsec')) {
                 vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err The 'remote prefix' and 'local prefix' protocols "."do not match");
             }
 
-            # Check remote/local and peer protocol consistency
-            # IPv6 over IPv6 scenario is actually supported by StrongS/WAN,
-            # we do not allow it in this version because of design and QA issues.
-            if (($conn_proto != 6) && ($leftsubnet_proto == 6)) {
-                vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err IPv6 over IPv4 IPsec is not supported");
-            } elsif (($conn_proto == 6) && ($leftsubnet_proto != 6)) {
-                vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel],"$vpn_cfg_err IPv4 over IPv6 IPsec is not supported");
-            }
-
             my $rightsubnet;
             my $allow_nat_networks = $vcVPN->returnValue("ipsec site-to-site peer $peer $tunKeyword allow-nat-networks");
             my $allow_public_networks = $vcVPN->returnValue("ipsec site-to-site peer $peer $tunKeyword allow-public-networks");
-- 
cgit v1.2.3