[strongSwan] ipv6 support

Yong Choo yhc at alcatel-lucent.com
Thu Mar 4 18:04:25 CET 2010 

Hi all,
We are trying to use the StrongSwan (4.3.3) in IPv6 env but getting two 
"errors": (errors are in 'bold face').
Any help would be appreciated!

- We are using 'preshared key'
- The ipsec.conf is a very simple one as the following: (We used the 
same format for IPv4 which worked, of course the ip address was in IPv4 
format)
  (Also I tried to add interfaces="ipsec0=eth2.10" for our environment 
in the 'setup' section)
- strongswan.conf is empty

config setup
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        authby=secret

conn net-enb12
        left=fd00::410:172:21:10:12
        right=fd00::410:172:21:10:181
        auto=add





==== ERRORS ===

1) 'ipsec start' (regardless whether I add 'interfaces=

Starting strongSwan 4.3.3 IPsec [starter]...
*no default route - cannot cope with %defaultroute!!!*


2) 'ipsec up net-enb12':

initiating IKE_SA net-enb12[1] to fd00::410:172:21:10:181
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from fd00::410:172:21:10:12[500] to fd00::410:172:21:10:181[500]
received packet: from fd00::410:172:21:10:181[500] to fd00::410:172:21:10:12[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
authentication of 'fd00::410:172:21:10:12' (myself) with pre-shared key
establishing CHILD_SA net-enb12
generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) ]
sending packet: from fd00::410:172:21:10:12[4500] to fd00::410:172:21:10:181[4500]
received packet: from fd00::410:172:21:10:181[4500] to fd00::410:172:21:10:12[4500]
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
authentication of 'fd00::410:172:21:10:181' with pre-shared key successful
scheduling reauthentication in 3347s
maximum IKE_SA lifetime 3527s
IKE_SA net-enb12[1] established between fd00::410:172:21:10:12[fd00::410:172:21:10:12]...fd00::410:172:21:10:181[fd00::410:172:21:10:181]
*received netlink error: Protocol not supported (93)
unable to add SAD entry with SPI c4b1352e
received netlink error: Protocol not supported (93)
unable to add SAD entry with SPI c6b13641
unable to install inbound and outbound IPsec SA (SAD) in kernel*

More information about the Users mailing list