[strongSwan] Ikev2 for ipv6 with protocol icmp6

Eric_C_Johnson at Dell.com Eric_C_Johnson at Dell.com
Sun Apr 1 16:21:17 CEST 2012


I experienced the samme problem.  The issue is icmp6 is getting caught in the Allow All policy of your tunnel definition.  If you change the policy to use something like TCP or just icmp6 the tunnel should establish.  The reason why the tunnel establishes after pinging in the clear is because the mac entry hasn't been cleared from your cache yet.  If you try that same test again after the cache is cleared it will fail again.

From: users-bounces+eric_c_johnson=dell.com at lists.strongswan.org [users-bounces+eric_c_johnson=dell.com at lists.strongswan.org] On Behalf Of Indira Manthri [indira.mantri at gmail.com]
Sent: Sunday, April 01, 2012 9:13 AM
To: users at lists.strongswan.org
Subject: [strongSwan] Ikev2 for ipv6 with protocol icmp6


I have configured ikev2 to test ipsec for ipv6 with protocol as icmp6.

There is a strange behaviour in this scenario and it is as below:
1. When I configure ipsec configuration and send ping6 traffic, the IKE_SA donot get established.

2. After the above point, if I delete the ipsec configuration and send ping6 traffic, then the ping between those end points works fine.

3. Now after the second point, if I configure ipsec for the same end points and then start ping6 traffic, then the tunnel gets established.

Could you please let me know the reason behind this? And is there any fix or patch to solve this issue.

Thanks alot for the support,

More information about the Users mailing list