[strongSwan] ipv4, ipv6 and mobike
Wolfgang Walter
wolfgang.walter at stwm.de
Fri Jul 20 14:14:41 CEST 2012
Hello,
I have 2 hosts each with an ipv4 address and and ipv6 address. I
transport-mode for both, ipv4 and ipv6:
conn ei_dotter_ipv4
auto=start
type=transport
left=10.10.10.1
leftrsasigkey=%cert
leftcert=eiCert.pem
leftfirewall=no
right=10.100.0.1
rightrsasigkey=%cert
rightcert=dotterCert.pem
rightfirewall=no
keyexchange=ikev2
ike=aes128-sha-modp1536!
esp=aes128-sha1!
conn ei_dotter_ipv6
auto=start
type=transport
left=2001:1234:5678:3:0:5efe:a0a:a01
leftrsasigkey=%cert
leftcert=eiCert.pem
leftfirewall=no
right=2001:1234:5678:3:0:5efe:a64:1
rightrsasigkey=%cert
rightcert=dotterCert.pem
rightfirewall=no
keyexchange=ikev2
ike=aes128-sha-modp1536!
esp=aes128-sha1!
If the ipv6 interface dissappears on ei the ipv4 traffic stops working. One
has to reload (or restart) ipsec. ipsec status shows that ei_dotter_ipv6 is
now between 10.10.10.1 and 10.100.0.1 instead of
2001:1234:5678:3:0:5efe:a0a:a01 and 2001:1234:5678:3:0:5efe:a64:1
This seams to disturb ei_dotter_ipv4
If mobike=no is added to ei_dotter_ipv6 this does not happen.
I think it does not make sense to move transportmode connections between ipv4
and ipv6.
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
More information about the Users
mailing list