[strongSwan] ICMP discovery fails with IPv6 and IKEv2
Martin Willi
martin at strongswan.org
Wed Jan 25 09:37:55 CET 2012
Hello Eric,
> 01[KNL] creating acquire job for policy
> fc00:2518::221:9bff:fe98:854b/128[udp/60525] ===
> fc00:2518::10:125:56:9/128[udp/1025] with reqid {10}
If your policy triggering the tunnel covers all traffic, of course any
ICMP messages are covered by this policy, too. So the name resolution
won't work, and the tunnel can't be established.
Try to install a passthrough policy using the "type" ipsec.conf option
(requires strongSwan 4.5.3 if you want to do this with charon). You can
limit this policy to ICMPv6 and the required types using
left/rightprotoport options.
Regards
Martin
More information about the Users
mailing list