[strongSwan] %defaultroute resolves to link-local address

[Volker Rümelin]

Hello Daniel,

> 14:09:53.069743 IP6 SOURCENET::2 > DESTNET::6: frag (0|1400) 4500 >
> 4500: NONESP-encap: isakmp: child_sa  ikev2_auth[I]
> 14:09:53.070185 IP6 SOURCENET::2 > DESTNET::6: frag (1400|352)
> 14:10:06.802214 IP6 DESTNET::6 > SOURCENET::2: ICMP6, time exceeded
> in-transit (reassembly), length 1240
this is most likely a firewall problem with your Debian machine. Only 
the first fragment is accepted by your netfilter rules and the second 
fragment is dropped, leading to a reassembly timeout after 60s.

Regards,
Volker