<div dir="ltr">Hi,<div><br></div><div>i have fix the problem by update from 5.3 to latest stable (self compiled). now IPv4 over IPv6 tunnels work fine on linux and mac clients. only windows clients couldn't access the network.</div><div><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">When i start a ping on client side i can see the esp packets came in on server. when start ping on server side i see esp packets go out from server. but i have never seen a esp packet with response.</span><br></div><div><br></div><div><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">anybody an idea?</span></div><div><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></span></div><div><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">greets marco</span></div><div><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-07-05 23:11 GMT+02:00 Marco Scholl <span dir="ltr"><<a href="mailto:develop@marco-scholl.de" target="_blank">develop@marco-scholl.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Hi guys,</span><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">i have an IKEv2 roadwarrior setup (U5.3.5/K4.8.0-58-generic) that works fine with IPv4 through IPv4 tunnel.</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">But now i want to allow connection also through IPv6. But when i connect through IPv6, the tunnel came up and i got the correct ip address..., but i didn't get any traffic through it.</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">When i start a ping on client side i can see the esp packets came in. when start ping on server side i see esp packets go out. but i have never seen ean response esp packet. When i start xfrm monitor i got this errors:</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">"Async event (0x20) timer expired"</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Here my Config</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><div>conn %default</div><div> fragmentation=yes</div><div> ikelifetime=1d</div><div> keylife=20m</div><div> rekeymargin=3m</div><div> keyingtries=1</div><div> keyexchange=ikev2</div><div> authby=secret</div><div> right=%any</div><div> rightid=%any</div><div> rightsendcert=never</div><div> rightauth=eap-radius</div><div> rightsourceip=%radius</div><div> ike=aes128-sha256-ecp256,<wbr>aes256-sha384-ecp384,aes128-<wbr>sha256-modp2048,aes128-sha1-<wbr>modp2048,aes256-sha384-<wbr>modp4096,aes256-sha256-<wbr>modp4096,aes256-sha1-modp4096,<wbr>aes128-sha256-modp1536,aes128-<wbr>sha1-modp1536,aes256-sha384-<wbr>modp2048,aes256-sha256-<wbr>modp2048,aes256-sha1-modp2048,<wbr>aes128-sha256-modp1024,aes128-<wbr>sha1-modp1024,aes256-sha384-<wbr>modp1536,aes256-sha256-<wbr>modp1536,aes256-sha1-modp1536,<wbr>aes256-sha384-modp1024,aes256-<wbr>sha256-modp1024,aes256-sha1-<wbr>modp1024!</div><div> esp=aes128gcm16-ecp256,<wbr>aes256gcm16-ecp384,aes128-<wbr>sha256-ecp256,aes256-sha384-<wbr>ecp384,aes128-sha256-modp2048,<wbr>aes128-sha1-modp2048,aes256-<wbr>sha384-modp4096,aes256-sha256-<wbr>modp4096,aes256-sha1-modp4096,<wbr>aes128-sha256-modp1536,aes128-<wbr>sha1-modp1536,aes256-sha384-<wbr>modp2048,aes256-sha256-<wbr>modp2048,aes256-sha1-modp2048,<wbr>aes128-sha256-modp1024,aes128-<wbr>sha1-modp1024,aes256-sha384-<wbr>modp1536,aes256-sha256-<wbr>modp1536,aes256-sha1-modp1536,<wbr>aes256-sha384-modp1024,aes256-<wbr>sha256-modp1024,aes256-sha1-<wbr>modp1024,aes128gcm16,<wbr>aes256gcm16,aes128-sha256,<wbr>aes128-sha1,aes256-sha384,<wbr>aes256-sha256,aes256-sha1!</div><div> eap_identity=%identity</div><div><br></div><div>conn rw</div><div> auto=add</div><div> right=%any</div><div> rightid=%any</div><div> left=MYIPS</div><div> leftsubnet=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a></div><div> leftfirewall=yes</div><div> leftauth=pubkey</div><div> leftcert=MYCERT</div><div> leftsendcert=always</div><div> leftid=@MYFQDN</div></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">I hope somebody can help.</div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px"><br></div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px">Greets marco</div></div>
</blockquote></div><br></div>