[strongSwan] Ikev2 for ipv6 with protocol icmp6

Indira Manthri indira.mantri at gmail.com
Thu Apr 19 13:38:40 CEST 2012


Thanks for information.
Is there any patch or fix for this issue. Or is it acceptable and this cant
be fixed?


On 1 April 2012 19:51, <Eric_C_Johnson at dell.com> wrote:

> Indira.
> I experienced the samme problem.  The issue is icmp6 is getting caught in
> the Allow All policy of your tunnel definition.  If you change the policy
> to use something like TCP or just icmp6 the tunnel should establish.  The
> reason why the tunnel establishes after pinging in the clear is because the
> mac entry hasn't been cleared from your cache yet.  If you try that same
> test again after the cache is cleared it will fail again.
> ________________________________
> From: users-bounces+eric_c_johnson=dell.com at lists.strongswan.org[users-bounces+eric_c_johnson=
> dell.com at lists.strongswan.org] On Behalf Of Indira Manthri [
> indira.mantri at gmail.com]
> Sent: Sunday, April 01, 2012 9:13 AM
> To: users at lists.strongswan.org
> Subject: [strongSwan] Ikev2 for ipv6 with protocol icmp6
> Hi,
> I have configured ikev2 to test ipsec for ipv6 with protocol as icmp6.
> There is a strange behaviour in this scenario and it is as below:
> 1. When I configure ipsec configuration and send ping6 traffic, the IKE_SA
> donot get established.
> 2. After the above point, if I delete the ipsec configuration and send
> ping6 traffic, then the ping between those end points works fine.
> 3. Now after the second point, if I configure ipsec for the same end
> points and then start ping6 traffic, then the tunnel gets established.
> Could you please let me know the reason behind this? And is there any fix
> or patch to solve this issue.
> Thanks alot for the support,
> Indira.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120419/2466bc24/attachment.html>

More information about the Users mailing list