<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div style='font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;color:#00000;'><div>Hello,<br></div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>I
got a problem when connecting with IPv6 ipsec using strongswan. It is however working when building up an IPv6 ipsec connection
manually, like this:<br></div><div><a target="_blank" href="https://www.ripe.net/ripe/mail/archives/ipv6-wg/2018-November/003267.html">https://www.ripe.net/ripe/mail/archives/ipv6-wg/2018-November/003267.html</a><br></div><div><br></div><div>Here is all the debug and configs:<br></div><div> The complete log from daemon start to the point where the problem occurs<br></div><div>SERVER:<br></div><div>/var/log/charon_debug.log<br></div><div dir="ltr"><a target="_blank" href="https://pastebin.com/JQhcn2db">https://pastebin.com/JQhcn2db</a><br></div><div><br></div><div>CLIENT:<br></div><div>/var/log/syslog<br></div><div><a target="_blank" href="https://pastebin.com/ZEkkPAnT">https://pastebin.com/ZEkkPAnT</a><br></div><div><br></div><div>SERVER:<br></div><div>/etc/ipsec.conf<br></div><div><a target="_blank" href="https://pastebin.com/cCVb0jSZ">https://pastebin.com/cCVb0jSZ</a><br></div><div><br></div><div>/etc/strongswan.d/swanctl.conf<br></div><blockquote style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote"><div>swanctl {<br></div><div> # Plugins to load in swanctl.<br></div><div> # load =<br></div><div> # VICI socket to connect to by default.<br></div><div> # socket = unix://${piddir}/charon.vici<br></div><div>}<br></div></blockquote><div><br></div><div> The complete current status of the daemon (ipsec statusall or swanctl -L and swanctl -l)<br></div><div>ipsec statusall<br></div><div><a target="_blank" href="https://pastebin.com/Rmxw7RJA">https://pastebin.com/Rmxw7RJA</a><br></div><div><br></div><div>swanctl -L<br></div><div><a target="_blank" href="https://pastebin.com/Wnz3Tecs">https://pastebin.com/Wnz3Tecs</a><br></div><div><br></div><div>swanctl -l (empty output)<br></div><div><br></div><div>
The complete firewall rules (output of iptables-save and ip6tables-save
on Linux, analogously on other operating systems using the
corresponding command(s))<br></div><div><br></div><div>iptables-save<br></div><div><a target="_blank" href="https://pastebin.com/vYtQMs1w">https://pastebin.com/vYtQMs1w</a><br></div><div><br></div><div>ip6tables-save<br></div><div><a target="_blank" href="https://pastebin.com/T7m9726Y">https://pastebin.com/T7m9726Y</a><br></div><div><br></div><div>
The complete contents of all routing tables (output of ip route show
table all on Linux, analogously on other operating systems)<br></div><div><br></div><div>ip route show table all<br></div><div><a target="_blank" href="https://pastebin.com/cSRwtrGw">https://pastebin.com/cSRwtrGw</a><br></div><div><br></div><div> The complete overview over all IP addresses (output of ip address on Linux, analogously on other operating systems)<br></div><div><br></div><div>ip address<br></div><div><a target="_blank" href="https://pastebin.com/Anx8sBWj">https://pastebin.com/Anx8sBWj</a><br></div><div><br></div></div><div>I
think the reason why it doesn't work is the following error, but I'm
not exactly sure what that means or how to avoid this. According to the bugtracker there is a
feature missing in the linux kernel, but it works manually using the
specified script above.<br></div><div><div>Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> got SPI cf8b9417<br></div><div>...<br></div><div>Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> received netlink error: Invalid argument (22)<br></div><div>Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> unable to add SAD entry with SPI cf8b9417 (FAILED)<br></div><div><br></div><div><br></div></div><div>Thanks and best regards,<br></div><div>Hook<br></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div><br></body></html>