[strongSwan] ip6-in-ip6 tunnel problem
Chris Ryan
Chris.Ryan at gmx.de
Fri Sep 24 10:58:20 CEST 2010
Hi there,
i'm quite new to strongswan. I tried several configurations in an
kvm-based testbed. While IP4-in-IP4, IP6-in-IP4 and IP4-in-IP6 tunnels
do work fine, i have some trouble with IP6-in-IP6.
Testbeds simple network configuration is as follows:
red --------- black
2002:10:1 | host_10 | 2001:ffc7::12 === ....
---------
black --------- red
.... === 2001:ffc7::14 | host_20 | 2002:20:1
---------
The environment settings, logs and configs of the two testbed hosts
can be found here:
http://195.225.198.142/strongswan/host_10
http://195.225.198.142/strongswan/host_20
The tunnel is established without problems, yet is seems that no
traffic is passed through. I tried to ping the red net interface of
the other host:
host_10: PING 2002:20::1 (2002:20::1): 56 data bytes
64 bytes from 2001:ffc7::12: \
Destination unreachable: Address unreachable
In opposite to the mentioned other scenarios, the packets are not ESP
encapsulated. Instead, the host sends neighbor solicitation requests
for the other hosts red net (and gets no reply to them), though a
distinct route for that net is already set.
host_10: IP6 2001:ffc7::12 > ff02::1:ff00:1: \
ICMP6, neighbor solicitation, who has 2002:20::1, length 32
Its not clear to me why the packets are not passed into the tunnel,
even though the necessary routes and iptables rules exist.
I'd appreciate any help.
Thanks, Chris.
More information about the Users
mailing list