[strongSwan] ICMP discovery fails with IPv6 and IKEv2
Eric_C_Johnson at Dell.com
Eric_C_Johnson at Dell.com
Thu Jan 26 17:44:15 CET 2012
Hi Martin.
Thanks for hanging with me on this. One more question. Once I get to 4.5.3 you're saying I need to define the type as passthrough and then use the left/rightprotoport options. Are the protoport options defining traffic exceptions to NOT send over the tunnel? For example would I list icmp6 134-6 to make sure the neighbor discovery works before the tunnel attempt is made? And can I still define an 'allow all' policy on the remote peer by doing this?
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Thursday, January 26, 2012 10:39 AM
To: Johnson, Eric C
Cc: users at lists.strongswan.org
Subject: RE: [strongSwan] ICMP discovery fails with IPv6 and IKEv2
Hi,
> I have v4.5.2. Will the passthrough option insist on manual keying?
Passthrough policies are not supported with charon before 4.5.3. You can install them manually using other tools (setkey or iproute2), but it might be a little tricky to get it right. Probably simpler to update to a recent strongSwan version.
Regards
Martin
More information about the Users
mailing list