[strongSwan] IPv6 tunnel and routing problems

[Jason White]

Jason White  <jason at jasonjgw.net> wrote:

>virtual machine -> remote IPv6 host: I can establish a working tunnel with
>x.509 certificates on both sides.
>
>Virtual machine -> laptop on local LAN: also works.
>
>workstation/router -> anywhere: I can establish a tunnel, but as far as I can
>tell from packet monitoring, no packets are ever sent out over the tunnel. The
>output of "ipsec xfrm policy show" and "ip xfrm state show" looks fine on both
>sides.
>
>In the kernel logs of the workstation/router, messages such as the following
>appear whenever I try to ping the remote end of such a tunnel: 
>
>Jul 30 15:12:26 jdc kernel: [23751.548077] pmtu discovery on SA ESP/c0cb33bc/2607:f2f8:2340:0000:0000:0000:0000:0002
>

I'm running kernel 3.0.0, in case that affects the situation. As I recall, I
was using kernel 2.6.39 when I first tried, and failed, to make this work.

I can post whatever output would help to track down the cause of this issue.