[strongSwan-dev] Gateway's IPV6 ping is not working in IPV6 over IPV4 tunnel

durga latha durgalatha at hotmail.com
Sun Jul 12 07:47:40 CEST 2020 

Hi All,

I am facing one problem in Strongswan IPSEC tunnel . Can you please help me to resolve it.

[cid:image001.png at 01D6583E.0BA66840]


I am using IPV6 over IPV4 strongswan IPSEC tunnel between Access point and security gateway. Tunnel got established. Access point got “virtual IPV6” address from security gateway via IPSEC tunnel.  Access Point already got another one global SLACC IPV6 address from Broadband router. I  can able to ping security gateway’s IPV4 address as well as can able to ping IPV6 address of Virtual IPv6’s peer via IPSEC tunnel

Problem is, I could not able to ping Broadband router’s IPV6 global address from Access Point, If IPSEC tunnel is present. I can able to ping broadband router’s IPV6 address ,if IPSEC tunnel is stopped.

Access point has two global IPV6 addresses. One is “Virtual IPV6 address” from security gateway via IPSEC tunnel and another one is IPV6 address from Broadband router.

Below configuration used in “Access point”

#ipsec.conf - strongswan IPsec configuration  file

config setup
    strictcrlpolicy=no
    uniqueids = yes
    charondebug = "all"

conn %default
        ikelifetime=1h
        keylife=20h
        ike=aes128-sha256-modp2048!
        esp=aes128-sha1!
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        rekey=no

conn client_to_server
       leftid=$(uci get ap_inventory. at inventory[0].Serial_number)
        left=$ap_ipv4_addr
        leftsourceip=%config6
        leftsubnet=%dynamic
        #leftsubnet=::/0
        leftauth=psk
        right=$secgw_ip
        rightid=%any
        rightsubnet=::/0
        rightauth=psk
        auto=start
        dpdaction=clear
        dpddelay=30

Thanks,
Durga K


Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20200712/6f87915c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 77630278D6034391974F9B2ADC7FB825.png
Type: image/png
Size: 51080 bytes
Desc: 77630278D6034391974F9B2ADC7FB825.png
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20200712/6f87915c/attachment-0001.png>

More information about the Dev mailing list