[strongSwan] including IPv6 address and IPv6 DNS entry in the conf payload of IKE_AUTH message

Martin Willi martin at strongswan.org
Mon Dec 15 11:19:23 CET 2014


> Does charon daemon used as a client capable of including just IPv6
> address/IPv6 DNS in the conf payload , in the IKE_AUTH message sent to the
> ePDG. ?
> eg. in the CP payload I want to include
>    IPv6: fec3::/120  in the CP..

You can propose addresses in configuration payloads as an initiator by
setting a leftsourceip option. strongSwan handles this as a request for
a specific address, but its up to the responder if it honors that
address or just returns what it has configured.

As we don't support RFC 5739, request and assignment of prefixes is not
really supported. We handle IPv6 just like IPv4 addresses, that is we
assign a single IPv6 address with a /128 prefix from a larger address
pool. So you currently can't request a specific prefix, either.

> What is the configuration parameter to be set for charon daemon to send
> this IPv6 address in the conf payload. ?

You can use the leftsourceip option to request a specific address as

> Also which IKEv2 RFC is currently supported by Strongswan
> RFC 5996 or RFC  7296.

strongSwan was mostly implemented against RFC 4306. We support some of
the new bits form RFC 5996, but not all of it. RFC 7296 is mostly the
Internet Standard version of RFC 5996 with all Errata included.


More information about the Users mailing list