[strongSwan] Trouble mixing ipv4 and ipv6 configuration within a single connection
Robert Dyck
rob.dyck at telus.net
Sun Dec 14 03:27:14 CET 2014
I have a typical home LAN behind a router with NAT. I created a strongswan
server on one machine and used port forwarding on the router to allow ipsec
access from the public internet. I set up a road warrior configuration on a
laptop which I tether to my phone. No new subnets were created. The laptop
becomes another host on the existing LAN. The laptop gets its dynamic IP
address from the router via strongswan.
This was originally ipv4 only. Since I have an ipv6 64 prefix courtesy of
Hurricane Electric I wanted an ipv6 address on the laptop. I decided on a
static address since a dynamic address would be problematic. I wanted to have
a single connection definition create both an ipv4 and ipv6 tunnel. On the
server I used rightsoureip=%dhcp,%config6. The ipv6 address was explicitly
defined on the laptop. When I tested my configuration I found that the ipv6
address was indeed set on the laptop but no tunnel was created for either ipv4
or ipv6. Worst of all it shut down the LAN except that I could ping from the
laptop to the server. When I used "strongswan down home" the LAN began working
again.
When I deconstructed my configuration I found that the rightsoureip=%dhcp,
%config6 on the server was the cause of the failure. I tried changing %dhcp to
%dhcp4. Strongswan accepted the syntax but did not correct the problem.
Is this my error or strongswan's?
Rob
More information about the Users
mailing list