[strongSwan] virtual IP request with IPv6 in IPv4 use case

Andreas Steffen andreas.steffen at strongswan.org
Wed Jun 20 11:01:43 CEST 2012

Hi Martin,

patch [1] works perfectly as the updated scenario shows:


On gateway moon:

Jun 20 10:53:32 moon charon:

 06[ENC] parsed IKE_AUTH request 1 [ IDi CERT .. CP(ADDR6) .. ]
 06[IKE] peer requested virtual IP %any6
 06[CFG] assigning new lease to 'carol at strongswan.org'
 06[IKE] assigning virtual IP fec3::1 to peer 'carol at strongswan.org'
 06[IKE] CHILD_SA rw{1} established with SPIs c42d424d_i c8635e57_o
         and TS fec1::/16 === fec3::1/128



On 06/20/2012 10:05 AM, Martin Willi wrote:
> Hi,
>>   01[IKE] traffic selectors fec1::/16 ===  inacceptable
> Currently the virtual IP address family is determined on the (local)
> leftsubnet option. Defining
>   leftsubnet=::/0
> on the client should fix this scenario.
> To have a better fallback if no leftsubnet is given, I've pushed a patch
> [1] that looks at the family of rightsubnet if no leftsubnet is given.
> Regards
> Martin
> [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=e2dd114f

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list