[strongSwan] "next header type" issues with ipv6 tunnel
phpbeck at gmail.com
Mon Apr 6 06:09:53 CEST 2015
i’m trying to setup a tunnel over ipv6 and get the SAs installed.
My problem is now, that if i send a ping over this tunnel, i’ll don’t get responses and in tcpdump i see
out > next-header ESP (50)
in > next-header ICMPv6 (58) => ICMP6, parameter problem, next header - octet 6
the answer is send by my local gateway / router / ipv4 nat box (which is unfortunately a blackbox i got from my provider)
Wireshark reports the message as: Code: 1 (unrecognized Next Header type encountered)
Unfortunately i just found RFCs containing this message and no useful information.
Is there a way to encapsulate the packets to avoid this or do i have to tell my provider to fix this? I already tried to use “forceencaps”, but this causes netlink issues on my vpn box.
More information about the Users