Hi Andreas,<div><br></div><div> I was going through the UML test cases for net-2-net scenario with PSK and apart from the ipsec.conf files I see a sample strongswan.conf file which contains the following snippet:</div><div>
<br></div><div> <font class="Apple-style-span" face="'courier new', monospace"> <span class="Apple-style-span" style="white-space: pre-wrap; "># /etc/strongswan.conf - strongSwan configuration file</span></font><pre style="word-wrap: break-word; white-space: pre-wrap; ">
<font class="Apple-style-span" face="'courier new', monospace">
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}</font></pre><pre style="word-wrap: break-word; white-space: pre-wrap; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">Is the above block required in the strongswan.conf file?..</font></pre><pre style="word-wrap: break-word; white-space: pre-wrap; ">
<font class="Apple-style-span" face="arial, helvetica, sans-serif">Regards</font></pre><pre style="word-wrap: break-word; white-space: pre-wrap; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">Arnab</font></pre>
<br><div class="gmail_quote">On Wed, Jul 20, 2011 at 4:34 PM, Arnab Bakshi <span dir="ltr"><<a href="mailto:arnab.bakshi@gmail.com">arnab.bakshi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Andreas,<div><br></div><div> Do we need to set any entry in iptables to ACCEPT the IKEv2 UDP ports (500 & 4500) when using strongswan.</div><div><br></div><div> Actually I am trying to bring up the session with strongswan against one of my implementation. </div>
<div><br></div><div><b> <u>Strongswan info:</u></b> </div><div><br></div><div> Release version: 4.5.2</div><div> Kernel: 2.6.35</div><div> Linux Flavour: Ubuntu- 0.10</div><div><br></div><div>Please let me know on this?...Actually this used to work on Strongswan release 4.2.12 with kernel 2.6.9-22.EL and if we disable firewall.</div>
<div><br></div><div>Regards</div><div>Arnab </div><div><div></div><div class="h5"><div> </div><div><div class="gmail_quote">On Thu, Jul 14, 2011 at 5:34 PM, Arnab Bakshi <span dir="ltr"><<a href="mailto:arnab.bakshi@gmail.com" target="_blank">arnab.bakshi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks Andreas...<div><br></div><div>I will use accordingly..</div><div><br></div><div>Regards</div><div>Arnab<div><div>
</div><div><br><br><div class="gmail_quote">On Thu, Jul 14, 2011 at 11:51 AM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Arnab,<br>
<br>
it's great that you found out yourself that strongSwan has full IPv6<br>
support. In very early Linux 2.6 kernels there was an issue with<br>
IPv4-over-IPv6 tunnels but 2.6.35 is certainly fine.<br>
<br>
Best regards<br>
<br>
Andreas<div><br>
<br>
On 07/14/2011 06:43 AM, Arnab Bakshi wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
Ok I think I got some info from here:<br>
<a href="http://www.strongswan.org/uml/testresults43/ipv6/" target="_blank">http://www.strongswan.org/uml/<u></u>testresults43/ipv6/</a><br>
<br>
Maybe if you can throw light on the required kernel version or any other<br>
points to be noted for me.<br>
<br>
Regards<br>
Arnab<br>
On Thu, Jul 14, 2011 at 10:04 AM, Arnab Bakshi <<a href="mailto:arnab.bakshi@gmail.com" target="_blank">arnab.bakshi@gmail.com</a><br></div><div>
<mailto:<a href="mailto:arnab.bakshi@gmail.com" target="_blank">arnab.bakshi@gmail.com</a><u></u>>> wrote:<br>
<br>
Hi,<br>
<br>
Need one information regarding whether strongswan supports<br>
IKEv2 sessions over IPv6. My requirement is to carry IPv4 traffic<br>
over the IPv6 network and the SAs should be brought up using IKEv2<br>
over the IPv6 core.<br>
<br>
Also is there any dependency on the kernel version for the<br>
support. Right now I have the kernel version 2.6.35<br>
<br>
Regards<br>
Arnab<br>
</div></blockquote>
<br>
==============================<u></u>==============================<u></u>==========<br><font color="#888888">
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
==============================<u></u>=============================[<u></u>ITA-HSR]==<br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>