[strongSwan] Forward IPv6 traffic
Noel Kuntze
noel at familie-kuntze.de
Wed Jul 1 23:26:49 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Carl,
Take a look at this ticket: https://wiki.strongswan.org/issues/1008
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 01.07.2015 um 12:39 schrieb Carl Hörberg:
> I've setup strongswan on a vps from digitalocean on a ubuntu 14.04 box.
> It works great with the android client for ipv4 traffic but ipv6 traffic
> does not seems to go through.
>
> Server's ipsec.conf:
>
> config setup
> conn %default
> left=%any
> leftid=vpn.mydomain.com
> leftsubnet=0.0.0.0/0,::/0
> leftfirewall=yes
> right=%any
> rightsourceip=192.168.211.0/24,2a03:b0c0:2:d0::4b4:9001/64
> rightdns=8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844
> conn ikev2
> keyexchange=ikev2
> dpdaction=clear
> dpddelay=300s
> rekey=no
> leftcert=vpn.mydomain.com.pem
> leftauth=pubkey
> rightauth=eap-gtc
> eap_identity=%any
> auto=add
>
> 2a03:b0c0:2:d0::4b4:9001/64 is the subnet the vps is assigned by
> digitalocean.
>
> The server log when the Android client connects:
>
> Jul 1 10:28:11 mail-ams3 charon: 03[IKE] peer requested virtual IP %any
> Jul 1 10:28:11 mail-ams3 charon: 03[CFG] assigning new lease to 'carl'
> Jul 1 10:28:11 mail-ams3 charon: 03[IKE] assigning virtual IP
> 192.168.211.1 to peer 'carl'
> Jul 1 10:28:11 mail-ams3 charon: 03[IKE] peer requested virtual IP %any6
> Jul 1 10:28:11 mail-ams3 charon: 03[CFG] assigning new lease to 'carl'
> Jul 1 10:28:11 mail-ams3 charon: 03[IKE] assigning virtual IP
> 2a03:b0c0:2:d0::4b4:9002 to peer 'carl'
> Jul 1 10:28:11 mail-ams3 charon: 03[IKE] CHILD_SA ikev2{1} established
> with SPIs c36bd0ef_i 3501ed85_o and TS 0.0.0.0/0 ::/0 ===
> 192.168.211.1/32 2a03:b0c0:2:d0::4b4:9002/128
> Jul 1 10:28:11 mail-ams3 vpn: + carl 192.168.211.1/32 == 77.218.252.176
> -- 188.166.89.56 == %any/0
> Jul 1 10:28:11 mail-ams3 vpn: + carl 2a03:b0c0:2:d0::4b4:9002/128 ==
> 77.218.252.176 -- 188.166.89.56 == %any6/0
> Jul 1 10:28:11 mail-ams3 charon: 03[ENC] generating IKE_AUTH response 4
> [ AUTH CPRP(ADDR ADDR6 DNS DNS DNS6 DNS6) SA TSi TSr N(MOBIKE_SUP)
> N(ADD_6_ADDR) ]
> Jul 1 10:28:11 mail-ams3 charon: 03[NET] sending packet: from
> 188.166.89.56[4500] to 77.218.252.176[1813] (396 bytes)
>
> I've enabled ipv6 forwarding:
>
> # cat /proc/sys/net/ipv6/conf/all/forwarding
> 1
>
> Am I missing something? Is it correct to set the VPS's IPv6 subnet as
> rightsourceip?
> Do I have to add any ip6tables rules for forwarding ipv6 traffic?
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVlFsQAAoJEDg5KY9j7GZYQzcP/03tVbofArzQb44ufGNSquud
q8oyofZqE8Z+bXGZqajFzyMvjgcmevw3qaY9dGi4+9yDKda4zI6iOib4i4Z4JxX9
3qwqN++7i4syQ++DZSsDEXpJXe9Mf7ZJ0+vR3p0ZsxASZ0LHvI+Iralhmy+8A+oa
lcfCuZLMnlnkyHdjmmdLEaz5H+rjRr6/8o6krn/pqq1IPEFwduspnQp2DncGERbB
lCyXLM6m8mo0tT5glN/PjiHeHL6byMoEEBmVuE6imzgtzANpRyE+oPUxi7ryT82W
ldHtXqLj9YGGYIYAs6AhFI8LrTgwNp8/l+VaEz6qa2b4Jv//qoDYFpZh6ksvm+iI
c6t3IHJuRX+GUJR1SjswYPtOFq7HfqFf05tseyEB3Qpqtee8FBzTTpUCcqV4uV5K
Y+hP6jKBmF1D0iHfuxSgQysXour28clOHsDpXvqGn+Az3/MmVYkeT/O/mcALbqyf
XMMpMOJkGfiAZnmBAJP9tn17jsrI6XeVixhkgSeYGFuuXQ9RbZEhPfcS5HY7mBiB
1lHmtEi4VgDR8lPveRQqxoNN77tLETTvvyf1jw/ARt+PKj708E4hUh1OKcQNd8p2
QFVRirEwLDn2aD95qTqBEeD6q+UTWPYcnSoSY8T7Pds5gEH6w6CLuRq9rEuqnTlj
+AdB8f3yJ3Di2xiaRq7/
=Wetu
-----END PGP SIGNATURE-----
More information about the Users
mailing list