[strongSwan] Roadwarrior ipv6-over-ipv4 tunnel
Michel Wilson
michel at crondor.net
Mon Mar 8 16:53:42 CET 2010
Hi,
I'm trying to setup a roadwarrior v6-over-v4 tunnel, but I cannot get it
to work, also, I can't seem to find any examples of such a
configuration. Is this a supported configuration of strongswan?
Currently, I have the following configuration on the server:
conn vela
left=%defaultroute
leftsubnet=2001:610:6f9::/64
leftcert=aeon.public.pem
right=%any
rightcert=vela.public.pem
rightsourceip=2001:610:6f9:2::/64
auto=add
and on the mobile client I have
conn aeon
left=aeon.hgd.crondor.net
leftcert=aeon.public.pem
leftsubnet=2001:610:6f9::/64
right=%defaultroute
rightsourceip=2001:610:6f9:2::1
rightcert=vela.public.pem
auto=start
keyexchange=ikev2
But, this leads to the following errors at the server:
charon: 09[IKE] peer requested virtual IP 2001:610:6f9:2::1
charon: 09[IKE] assigning virtual IP 2001:610:6f9:2::1 to peer
charon: 09[AUD] no acceptable traffic selectors found
charon: 09[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CP
N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR)
N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(TS_UNACCEPT) ]
And the client:
charon: 13[IKE] installing new virtual IP 2001:610:6f9:2::1
charon: 13[IKE] received TS_UNACCEPTABLE notify, no CHILD_SA built
So, it doesn't work, obviously. What did I do wrong here? Or, is this
configuration not supported?
Regards,
Michel Wilson.
More information about the Users
mailing list