[strongSwan] Neighbor discovery on ipv6 tunnel

Noel Kuntze noel at familie-kuntze.de
Tue Dec 30 19:38:41 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Robert,

The farp plugin only handles arp at the moment, not IPv6 neighbor discovery.
You need to set up proxy arp manually using iproute2.
Look at "ip neigh help".

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 30.12.2014 um 01:46 schrieb Robert Dyck:
> I had success setting up an ipv4 road warrior tunnel using strongswan at
> either end. My goal was for the RW to become just another host on my home LAN.
> This means that the RW can ping any host on the LAN in addition to the server.
>
> I then wanted achieve a similar goal over ipv6 with difference being that
> instead of private IPs I would use my global ipv6 prefix. I am able to
> establish the tunnel between the RW and the server and I can ping6 between
> them in either direction. However when I try the ping6 tests between the RW
> and a host other than the server, the test fails. The believe that neighbor
> discovery ( ND ) is at the root of the problem.
>
> Ip6tables were set to accept everything for testing purposes. Also for testing
> purposes I used the ndisc6 command in addition to ping6. I will summarize the
> results of my testing.
>
> At the RW
> ping6 to server - success
> ndisc6  query any address - network unreachable
> ping6 to host other than server - 100% packet loss
>
> From the LAN
> ping6 to RW - address unreachable
> ndisc6 query RW IP - timeout, I see the query reaching the server but it does
> not respond.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUovExAAoJEDg5KY9j7GZYm/YQAJ4doA93+P/IAdVOf7ptupk6
pIV083qvfHlQ+CIDPu9sJbsmgSUs/0CzN/+UDo/c0dqYbASawBz54Unr0/bpNTVj
cq4nCbI9MxKMTbVkMTSZVeKssBbUuHKZPwUX42N8lOHdYWCeBdiMNuN7uKoSyKbs
DRehfTXfaDcOeLHRMP3+2nVm5W5nZrbcvoEq4zVbcyv2Trrg6YM+DdDTbtIdDwub
Nte++3Z7cmMFa4EQnYv0s8vXjzRwWJ6DW9ztHKalcolvWeuKG02Z8c/oNJX0aeUs
fJn6EtS3uTN9DPETgEsNTfcMLpN+RlCf1f5jcOjBd4DL1bC4sTOgUYCCMgnp20dm
FB2osBtykkS0qydqjyC7I0/Gligp/c0Hfd8S8QFm+uKRHRdUq+45bvoodUx6/oom
peKSBpGqSaY5OD1gaKvZ3wDyaS40XzACJRYR93A4pGKNOa3gqiMRd16pM3j/LXV3
/1TmQGrRdgpxGfZ62i1z+9c244/PmqOohh5PEyaNL34jMHvPOeaInRu8R+QpVG8y
B/IQSJbA2Myp9H6tvsD8mh7x8xB6NETB4r6A9HYVnZyUs5Ye7jt1dYrKr7B6oT9n
I2MgVNrNjOTAF+RwWDTDaGseVbTWnYv9o3o9yM6iP69eZHDzpU7yiaWNvAICuLuQ
k93jiXaUdxLKa3lCyqhL
=TlRO
-----END PGP SIGNATURE-----



More information about the Users mailing list