[strongSwan] Neighbor discovery on ipv6 tunnel

Robert Dyck rob.dyck at telus.net
Tue Dec 30 19:57:52 CET 2014


Ip neighbor needs a device. Strongswan  normally doesn't create a device for 
the tunnel. Do I need to set up a VTI or use the non-kernel implementation?

On December 30, 2014 07:38:41 PM Noel Kuntze wrote:
> Hello Robert,
> 
> The farp plugin only handles arp at the moment, not IPv6 neighbor discovery.
> You need to set up proxy arp manually using iproute2.
> Look at "ip neigh help".
> 
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
> 
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> Am 30.12.2014 um 01:46 schrieb Robert Dyck:
> > I had success setting up an ipv4 road warrior tunnel using strongswan at
> > either end. My goal was for the RW to become just another host on my home
> > LAN. This means that the RW can ping any host on the LAN in addition to
> > the server.
> > 
> > I then wanted achieve a similar goal over ipv6 with difference being that
> > instead of private IPs I would use my global ipv6 prefix. I am able to
> > establish the tunnel between the RW and the server and I can ping6 between
> > them in either direction. However when I try the ping6 tests between the
> > RW
> > and a host other than the server, the test fails. The believe that
> > neighbor
> > discovery ( ND ) is at the root of the problem.
> > 
> > Ip6tables were set to accept everything for testing purposes. Also for
> > testing purposes I used the ndisc6 command in addition to ping6. I will
> > summarize the results of my testing.
> > 
> > At the RW
> > ping6 to server - success
> > ndisc6  query any address - network unreachable
> > ping6 to host other than server - 100% packet loss
> > 
> > From the LAN
> > ping6 to RW - address unreachable
> > ndisc6 query RW IP - timeout, I see the query reaching the server but it
> > does not respond.
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users



More information about the Users mailing list