[strongSwan] virtual IP request with IPv6 in IPv4 use case
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jun 20 11:01:43 CEST 2012
Hi Martin,
patch [1] works perfectly as the updated scenario shows:
http://www.strongswan.org/uml/20120620-1053/ipv6/rw-ip6-in-ip4-ikev2/
On gateway moon:
Jun 20 10:53:32 moon charon:
06[ENC] parsed IKE_AUTH request 1 [ IDi CERT .. CP(ADDR6) .. ]
..
06[IKE] peer requested virtual IP %any6
06[CFG] assigning new lease to 'carol at strongswan.org'
06[IKE] assigning virtual IP fec3::1 to peer 'carol at strongswan.org'
06[IKE] CHILD_SA rw{1} established with SPIs c42d424d_i c8635e57_o
and TS fec1::/16 === fec3::1/128
Thanks
Andreas
On 06/20/2012 10:05 AM, Martin Willi wrote:
> Hi,
>
>> 01[IKE] traffic selectors fec1::/16 === 0.0.0.0/0 inacceptable
>
> Currently the virtual IP address family is determined on the (local)
> leftsubnet option. Defining
>
> leftsubnet=::/0
>
> on the client should fix this scenario.
>
> To have a better fallback if no leftsubnet is given, I've pushed a patch
> [1] that looks at the family of rightsubnet if no leftsubnet is given.
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=e2dd114f
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list