[strongSwan] strongSwan and IPv6?

Conrad Kostecki ck at conrad-kostecki.de
Wed Oct 29 09:54:10 CET 2014

> Which ping never arrives? To any IPv6 host on the Internet?

Yeah. Sorry, that was unclear. I meant any ipv6 host on the internet (e.g. ping6 heise.de)

> For that ping that works, does the traffic go over the IPsec tunnel?

I don't know. I can only ping my subnet ip, which I got assigned and the ipv6 of the ipsec gateway itself.

> I think that looks fine so far; seems that both a virtual IP for v4 and
> v6 has been assigned, and tunneling to all destinations is allowed.

That should be good. I can see with the network connection properties under windows, that both IPs are assigned.

>If pinging the gateway works over your tunnel, I'd guess that route
> works fine. Other hosts might not work because your IPv6 default route
> does not go over the tunnel. Check the default route in your routing
> table.

Which one do I need exactly?
-> http://pastebin.com/LuVfM1UB

I would say from my understanding, that the route is missing:
 ::/0                                                         fe80::200:24ff:fece:bb1c
2a01:XXX:YYY:ZZZZ::2/128                 fe80::200:24ff:fece:bb1c

I don't know, where fe80 goes?

> In your RAS connection setting, under Networking -> IPv6 -> Advanced ->
> IP Settings, check that "Use default gateway on remote network" is set.

I've checked it. It's already set and enabled.


More information about the Users mailing list