[strongSwan] IKEv1 doesn't pass ipv6 traffic

yordanos beyene yordanosb at gmail.com
Thu Jul 4 05:12:10 CEST 2013


Hi Jason, and SS team,

I can finally get KEv1 IPv6 to work when I disabled cisco_unity from my
strongswan.conf.

Jason, can you try if it works in your environment with cisco_unity set to
yes as follows.

file: strongswan.conf

charon {
         cisco_unity = yes
}


Does any one has any tips why CHILD_SA fails when cisco_unity is set to
yes? I need to set enable cisco_unity in my deployment.

...
12[ENC] generating INFORMATIONAL_V1 request 1570886643 [ HASH N(INVAL_ID) ]
12[NET] sending packet: from 2001::2[500] to 2001::3[500]
10[NET] received packet: from 2001::3[500] to 2001::2[500]
10[ENC] parsed QUICK_MODE request 672338128 [ HASH SA No ID ID ]
10[IKE] no matching CHILD_SA config found


Thanks!

Jordan.






On Thu, Jun 6, 2013 at 5:04 PM, Jason White <jason at jasonjgw.net> wrote:

> yordanos beyene  <yordanosb at gmail.com> wrote:
> >
> >Phase2 negotiation fails with IPv6 traffic. Is this a bug with strongswan
> >5.0.1 or configuration issue?
> >The same deployment works with IKEV2 that is why I am suspecting this may
> >be strongswan bug.
>
> It worked for me last week under 5.0.4. I prefer IKEv2 however and I would
> recommend not using IKEv1.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130703/f9a4b958/attachment.html>


More information about the Users mailing list