[strongSwan] ipsec tunnel and IPv6

David Mitchell david at fz1.org
Sun Jan 11 22:22:09 CET 2015


Well I’ve encountered another strange issue I’m not sure what to do about. I can successfully bring up my tunnel from my client to the server with leftsubnet 192.168.1.0/24 and rightsubnet 0.0.0.0/0. I have a bypass in place so I can still get to the local LAN. That all works great. The local lan does not have working IPv6 so the client only has the fe80:: link-local IPv6 address. If the tunnel is down, ‘apt-get update’ works as expected and connects via IPv4. When the tunnel is up, ‘apt-get update’ uses IPv6 exclusively which fails of course and doesn’t attempt to use IPv4 at all. I have no IPv6 related configuration in my ipsec.conf on either side so I’m at a loss as to why apt-get is behaving this way. I can’t find any change in the IPv6 configuration in the routing table or interfaces when the tunnel comes up so I’m not sure what exactly is causing apt-get to change it’s behavior. I’m not even sure where to start looking. Any ideas would be appreciated. Thanks,

-David Mitchell



More information about the Users mailing list