[strongSwan] IPv6 strongswan over IPv4

Radosław Smogura mail at smogura.eu
Sun Aug 21 17:07:09 CEST 2011 

Hello,

I configured IPv6 VPN over IPv4 connection (to decrease subnet collisions in 
road-warrior) to be portable across Windows and Linux, but for my client I get

handling INTERNAL_IP4_NETMASK attribute failed
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
handling INTERNAL_IP4_SUBNET attribute failed
installing new virtual IP 192.168.1.1
no local address found in traffic selector fd73:6d6f:6772:1::ffff:1/128
no local address found in traffic selector fd73:6d6f:6772:1::ffff:1/128

I tired differnet configurations and still I locally install 192.168.1.1 IP (I 
want only IPv6 ip).

Here is latest my server configuration (ver 4.5.0)
conn psk-default
        also=default-vpn
        ike=aes256-sha1-modp1024,aes128-sha1-modp1024
        esp=aes256-sha1,aes128-sha1
        rightauth=eap-mschapv2
        eap_identity=%any
        rekey=no
        authby=eap
        auto=add
        keyexchange=ikev2

conn default-vpn
        left=%defaultroute
        leftsubnet=fd73:6d6f:6772:0001::/64
        #lefthostaccess=yes
        #leftsubnet=fd73:6d6f:6772:0000::/64
        #leftsourceip=fd73:6d6f:6772:0000::1
        leftauth=pubkey
        leftcert=vpn-cert.pem
        leftid=<my_id>
        right=%any
        rightsourceip=fd73:6d6f:6772:0001::ffff:0001/112
        rightsubnet=
        rightfirewall=yes
        #leftsendcert=transport
        type=tunnel
        pfs=no
        compress=yes
And client one (ver 4.5.3):
conn target
        authby=eap
        keyexchange=ikev2
        ike=aes256-sha1-modp1024,aes128-sha1-modp1024
        esp=aes256-sha1,aes128-sha1
        eap_identity="q"
        right=<target>
        rightid=<target>
        rightsubnet=::0/0
        #fd73:6d6f:6772:0001::/64
        rightsourceip=fd73:6d6f:6772:0001::ffff:0002
        rightauth=pubkey
        rightcert=vpn-cert.pem
        left=%defaultroute
        leftsourceip=fd73:6d6f:6772:0001::ffff:0001
        leftsubnet=::0/128
        #fd73:6d6f:6772:0001::ffff:0000/112
        #::0/0
        leftauth=eap-mschapv2
        type=transport
        compress=yes
        auto=add
        rekey=no
and snippest from server log
Aug 21 16:48:29 [charon] 15[IKE] peer requested virtual IP 
fd73:6d6f:6772:1::ffff:1_
Aug 21 16:48:29 [charon] 15[CFG] reassigning offline lease to 'q'_
Aug 21 16:48:29 [charon] 15[IKE] assigning virtual IP fd73:6d6f:6772:1::ffff:1 
to peer 'q'_
Aug 21 16:48:29 [charon] 15[IKE] CHILD_SA psk-default{2} established with SPIs 
c29a5524_i c57f4587_o and TS fd73:6d6f:6772:1::/64 === 
fd73:6d6f:6772:1::ffff:1/128 _

Any suggestion how to make this working. Windows 7 automaticcly configures 
right network to be source_ip/64, and do not configures other routers. 
Actually configuration simillar to above works in Win7.

Best regards

More information about the Users mailing list