[strongSwan] IPv6 Addresses

Claude Tompers claude.tompers at restena.lu
Mon Apr 12 14:33:46 CEST 2010


Sorry, I must have done something wrong in my configuration.
It now works with an /112 subnet.

Thanks a lot for the help anyway.

Claude Tompers

On Monday 12 April 2010 13:34:10 Jan Engelhardt wrote:
> On Monday 2010-04-12 13:06, Andreas Steffen wrote:
> >The real problem is that the Linux kernel does not support
> >routing table entries with the src parameter being an IPv6
> >address,
> I would not call it a problem. If I understand right, the src addr,
> if it has not been explicitly been set or specified using bind(2) or
> sendto(2), is not determined by looking at the "src" attribute in
> IPv6, but at the address list of an interface, and picking one that
> has an appropriate lifetime. Since reproducing the same lookup logic
> in strongswan would be sort of an unwanted fork, the kernel does have
> a way to calculate the routing entry src address, by using `ip route
> get` or the respective netlink calls. Does that help?
> >so that virtual IPv6 addresses can be checked out
> >by a VPN gateway and are transported via the IKEv2 configuration
> >payload or the IKEv1 Mode Config payload but cannot be
> >installed in the kernel. Thus we cannot force IPv6 packets
> >to leave via a physical interface but assuming a different
> >source address.

Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100412/a495f353/attachment.pgp>

More information about the Users mailing list