[strongSwan] XFRM for IPv6 ND/NA bypass
Martin Willi
martin at strongswan.org
Mon Feb 28 13:55:55 CET 2011
Hi Mike,
> I have these policies installed but the NA always seems to hit the
> strongswan-installed policy rather than my manual ones.
> src ::/0 dst ::/0 proto ipv6-icmp type 135 code 0
> dir in priority 1073741824 ptype main
> src ::/0 dst ::/0 proto ipv6-icmp type 136 code 0
> dir in priority 1073741824 ptype main
> src ::/0 dst ::/0 proto ipv6-icmp type 135 code 0
> dir out priority 1073741824 ptype main
> src ::/0 dst ::/0 proto ipv6-icmp type 136 code 0
> dir out priority 1073741824 ptype main
The priority value you set is higher than any policy installed by
strongSwan, but a higher priority value actually means a lower
priority ;-).
Have you tried to install with "prio 1"? I don't have a full IPv6
network for testing, but at least for ICMP pings it works.
Regards
Martin
More information about the Users
mailing list