[strongSwan] issue found in strongswan-5.0.1dr4

Robert Lee rleeatgm at gmail.com
Mon Sep 24 06:20:37 CEST 2012


Dear StrongSwan Developer,

When assigning IPv4 and IPv6 addresses for the single tunnel, client gets
both VPN addresses, IPv4 routing is working fine, but there is no IPv6
routing/traffic over the tunnel. Server's log shows only the TS for [
10.10.10.0/24 fec1::/64 === 10.10.10.1/32], but there is no TS for [
10.10.10.0/24 fec1::/64 === fec1::1/128] in the log:

charon: 10[IKE] peer requested virtual IP %any
 charon: 10[CFG] assigning new lease to 'carol at strongswan.org'
charon: 10[IKE] assigning virtual IP 10.10.10.1 to peer '
carol at strongswan.org'
charon: 10[IKE] peer requested virtual IP %any6
charon: 10[CFG] assigning new lease to 'carol at strongswan.org'
charon: 10[IKE] assigning virtual IP fec1::1 to peer 'carol at strongswan.org'
charon: 10[IKE] CHILD_SA client{1} established with SPIs c4baa232_i
c6a51aa7_o and TS 10.10.10.0/24 fec1::/64 === 10.10.10.1/32
charon: 10[ENC] generating IKE_AUTH response 1 [ IDr AUTH CP(ADDR ADDR6) SA
TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR)
N(ADD_6_ADDR) ]

Server's ipsec.conf:
 conn client
        leftsubnet=10.10.10.0/24,fec1::/64
        rightsourceip=10.10.10.1,fec1::1/64

Client's ipsec.conf:
 conn home
        rightsubnet=10.10.10.0/24,::0/0
        leftsourceip=%config4,%config6

Thank you!
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120923/7bf6c6f9/attachment.html>


More information about the Users mailing list