[strongSwan] No packets transmitted for a while over IPv6 after connection establishment
Jason White
jason at jasonjgw.net
Sat May 25 06:59:08 CEST 2013
I'm experimenting again with StrongSwan over IPv6 after upgrading to v5.0.4
via the Debian package.
Here's the problem as best I can explain it:
1. The connection is established in tunnel mode between my machine and a
remote host, with StrongSwan 5.0.4 on both sides (debian kernel 3.8.13 on my
side). Usually, the connection is established properly but sometimes there are
retransmissions and timeouts when it reaches the child SA stage.
2. After the connection is established, my machine can receive packets over
the tunnel successfully from the remote host, but it doesn't send out any
packets at all. Tshark shows no attempt to send out echo requests when I ping
the remote host, for example. Ip xfrm commands show that everything is
set up as it should be.
3. After about 10-15 minutes, suddenly my host is able to send packets over
the tunnel and everything works. So there's a timeout somewhere or perhaps
something gets renegotiated.
4. If I copy the configuration and change all of the addresses to the
respective host IPv4 addresses, the connection is established straight away
and works fine.
So it seems to be an IPv6-specific problem and I'm guessing it may be
kernel-related, but I would appreciate any debugging suggestions so I can
track down the issue and submit a good bug report to the right place.
It's native IPv6 at both ends (a PPP connection over an ADSL link in my case
and a virtual server at the remote end).
More information about the Users
mailing list