[strongSwan] Neighbor discovery on ipv6 tunnel
Robert Dyck
rob.dyck at telus.net
Tue Dec 30 01:46:02 CET 2014
I had success setting up an ipv4 road warrior tunnel using strongswan at
either end. My goal was for the RW to become just another host on my home LAN.
This means that the RW can ping any host on the LAN in addition to the server.
I then wanted achieve a similar goal over ipv6 with difference being that
instead of private IPs I would use my global ipv6 prefix. I am able to
establish the tunnel between the RW and the server and I can ping6 between
them in either direction. However when I try the ping6 tests between the RW
and a host other than the server, the test fails. The believe that neighbor
discovery ( ND ) is at the root of the problem.
Ip6tables were set to accept everything for testing purposes. Also for testing
purposes I used the ndisc6 command in addition to ping6. I will summarize the
results of my testing.
At the RW
ping6 to server - success
ndisc6 query any address - network unreachable
ping6 to host other than server - 100% packet loss
>From the LAN
ping6 to RW - address unreachable
ndisc6 query RW IP - timeout, I see the query reaching the server but it does
not respond.
More information about the Users
mailing list