[strongSwan] ipv6 connection not working
Ko, HsuenJu
HsuenJu.Ko at stratus.com
Fri May 15 14:37:25 CEST 2015
Hi,
I am testing ipv6 connection using ikev1 and it appears ike exchange packet was not seen by tcpdump. Here is the information.
Here is the version that I am using.
Linux strongSwan U5.2.0/K2.6.32-504.el6.x86_64
Here is the config.
conn conn_14_ike1_ipv6_122
left=fcc1:e::53
leftcert=test_1.14_cert_ipv6.der
leftca=%same
right=fcc1:e::7a
rightid=fcc1:e::7a
rightca="C=US, O=XXX, OU=VOS IPSec Tests, CN=test 1 14 v6 CA"
esp=aes128-sha256-modp2048!
ike=aes128-sha256-modp2048!
keyexchange=ikev1
marginbytes=3400000
ikelifetime=24h
lifetime=24h
And here are some information from the log.
May 15 06:44:24 15[KNL] creating acquire job for policy fcc1:e::53/128[udp/41615] === fcc1:e::7a/128[udp/blackjack] with reqid {8}
...
May 15 06:44:24 14[IKE] initiating Main Mode IKE_SA conn_14_ike1_ipv6_122[1] to fcc1:e::7a
May 15 06:44:24 14[IKE] IKE_SA conn_14_ike1_ipv6_122[1] state change: CREATED => CONNECTING
May 15 06:44:24 14[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
...
May 15 06:49:46 16[NET] sending packet: from 10.1.14.83[500] to 10.1.14.122[500] (160 bytes)
May 15 06:49:46 07[NET] sending packet: from 10.1.14.83[500] to 10.1.14.122[500]
However, I never see this packet with tcpdump. If I used ipv4 address instead, I can see the tcpdump showing that UDP packets. I saw issue #860 with acquire job message. But that issue seems only apply to ikev2. Can someone explain what might be wrong?
Thanks!
Bettina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150515/817c7570/attachment.html>
More information about the Users
mailing list