[strongSwan] IKEv2 Over IPv6

Arnab Bakshi arnab.bakshi at gmail.com
Wed Jul 20 13:25:19 CEST 2011 

Hi Andreas,

    I was going through the UML test cases for net-2-net scenario with PSK
and apart from the ipsec.conf files I see a sample strongswan.conf file
which contains the following snippet:

  # /etc/strongswan.conf - strongSwan configuration file


charon {
  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke
kernel-netlink socket-default updown
  multiple_authentication = no
}

Is the above block required in the strongswan.conf file?..

Regards

Arnab


On Wed, Jul 20, 2011 at 4:34 PM, Arnab Bakshi <arnab.bakshi at gmail.com>wrote:

> Hi Andreas,
>
>    Do we need to set any entry in iptables to ACCEPT the IKEv2 UDP ports
> (500 & 4500) when using strongswan.
>
>    Actually I am trying to bring up the session with strongswan against one
> of my implementation.
>
> *   Strongswan info:*
>
>     Release version: 4.5.2
>     Kernel: 2.6.35
>     Linux Flavour: Ubuntu- 0.10
>
> Please let me know on this?...Actually this used to work on Strongswan
> release 4.2.12 with kernel 2.6.9-22.EL and if we disable firewall.
>
> Regards
> Arnab
>
> On Thu, Jul 14, 2011 at 5:34 PM, Arnab Bakshi <arnab.bakshi at gmail.com>wrote:
>
>> Thanks Andreas...
>>
>> I will use accordingly..
>>
>> Regards
>> Arnab
>>
>>
>> On Thu, Jul 14, 2011 at 11:51 AM, Andreas Steffen <
>> andreas.steffen at strongswan.org> wrote:
>>
>>> Hello Arnab,
>>>
>>> it's great that you found out yourself that strongSwan has full IPv6
>>> support. In very early Linux 2.6 kernels there was an issue with
>>> IPv4-over-IPv6 tunnels but 2.6.35 is certainly fine.
>>>
>>> Best regards
>>>
>>> Andreas
>>>
>>>
>>> On 07/14/2011 06:43 AM, Arnab Bakshi wrote:
>>>
>>>> Ok I think I got some info from here:
>>>> http://www.strongswan.org/uml/**testresults43/ipv6/<http://www.strongswan.org/uml/testresults43/ipv6/>
>>>>
>>>> Maybe if you can throw light on the required kernel version or any other
>>>> points to be noted for me.
>>>>
>>>> Regards
>>>> Arnab
>>>> On Thu, Jul 14, 2011 at 10:04 AM, Arnab Bakshi <arnab.bakshi at gmail.com
>>>> <mailto:arnab.bakshi at gmail.com**>> wrote:
>>>>
>>>>    Hi,
>>>>
>>>>         Need one information regarding whether strongswan supports
>>>>    IKEv2 sessions over IPv6. My requirement is to carry IPv4 traffic
>>>>    over the IPv6 network and the SAs should be brought up using IKEv2
>>>>    over the IPv6 core.
>>>>
>>>>         Also is there any dependency on the kernel version for the
>>>>    support. Right now I have the kernel version 2.6.35
>>>>
>>>>    Regards
>>>>    Arnab
>>>>
>>>
>>> ==============================**==============================**
>>> ==========
>>> Andreas Steffen                         andreas.steffen at strongswan.org
>>> strongSwan - the Linux VPN Solution!                www.strongswan.org
>>> Institute for Internet Technologies and Applications
>>> University of Applied Sciences Rapperswil
>>> CH-8640 Rapperswil (Switzerland)
>>> ==============================**=============================[**
>>> ITA-HSR]==
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110720/84345664/attachment.html>

More information about the Users mailing list