<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta name="Generator" content="Kopano WebApp v8.4.0-344">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Strongswan - Problems to set up IPv4 + IPv6 with StrongSwan 5.1.2 on Ubuntu 14</title>
</head>
<body>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Thanks for your incredible support. IPv4 is now working as intended.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Now I've got some issues regarding IPv4/IPv6 dual stack:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;">My /etc/network/interfaces states following<br /></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">---------------------------------------------<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">iface eth0 inet dhcp<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">iface eth0:1 inet static<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> address 10.1.1.1<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> netmask 255.255.255.0<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">iface eth0 inet6 static<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> address (public IP)<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> netmask 64<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> gateway (gateway)<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"> up /sbin/ifconfig eth0 add fdea::1/64<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">---------------------------------------------<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I want to use both 10.1.1.x and fdea::x addresses for my connections, to be sure that ANY traffic is routed through my VPN<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I added<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">rightsourceip=10.1.1.20/24,fdea::20/64</span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">to my ipsec.conf file, and the remote device will get an IPv6 address on connection.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">With IPv4, I am able to ping any participiants from any side. <br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">With IPv6, I can just ping the local address (e.g. fdea::21 on my smartphone), but not any remote address.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I added <br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">rightsubnet=10.1.1.1/24, fdea::1/64<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">to my ipsec.conf, but this didn't change a thing.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">My smartphone tells following on connection:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Aug 24 10:55:50 11[IKE] installing DNS server 8.8.8.8<br />Aug 24 10:55:50 11[IKE] installing DNS server 8.8.4.4<br />Aug 24 10:55:50 11[IKE] installing DNS server 2001:4860:4660::8888<br />Aug 24 10:55:50 11[IKE] installing DNS server 2001:4860:4860::8844<br />Aug 24 10:55:50 11[IKE] installing new virtual IP 10.1.1.21<br />Aug 24 10:55:50 11[IKE] installing new virtual IP fdea::21<br />Aug 24 10:55:50 11[IKE] CHILD_SA android{17} established with SPIs f25c4080_i ca1658c5_o and TS 10.1.1.0/24 fdea::/64 === 0.0.0.0/0</span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Aug 24 10:55:50 11[DMN] setting up TUN device for CHILD_SA android{17}<br />Aug 24 10:55:50 11[DMN] successfully created TUN device<br />Aug 24 10:55:50 11[IKE] peer supports MOBIKE<br />Aug 24 10:55:51 13[IKE] sending address list update using MOBIKE<br />Aug 24 10:55:51 13[ENC] generating INFORMATIONAL request 2 [ N(NO_ADD_ADDR) ]</span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Can anybody tell me why I am not able to ping between client<->server on IPv6?<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Best regards,<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Dirk<br /></span></p>
</body>
</html>