[strongSwan] "next header type" issues with ipv6 tunnel

Christian Becker phpbeck at gmail.com
Mon Apr 6 06:09:53 CEST 2015


i’m trying to setup a tunnel over ipv6 and get the SAs installed.

My problem is now, that if i send a ping over this tunnel, i’ll don’t get responses and in tcpdump i see

out > next-header ESP (50)
in   > next-header ICMPv6 (58) => ICMP6, parameter problem, next header - octet 6

the answer is send by my local gateway / router / ipv4 nat box (which is unfortunately a blackbox i got from my provider)

Wireshark reports the message as: Code: 1 (unrecognized Next Header type encountered)

Unfortunately i just found RFCs containing this message and no useful information.

Is there a way to encapsulate the packets to avoid this or do i have to tell my provider to fix this? I already tried to use “forceencaps”, but this causes netlink issues on my vpn box.

Thank you,

More information about the Users mailing list