[strongSwan] ipv6 connection not working

Ko, HsuenJu HsuenJu.Ko at stratus.com
Mon May 18 18:20:24 CEST 2015 

Hi Noel,
Sorry I sent the wrong log information.  It turned out the problem that I had was related to issue #595.  Once the passthru policy is added for icmpv6  codes 135/136 are added everything works.
Thanks for your response.

Bettina

-----Original Message-----
From: Noel Kuntze [mailto:noel at familie-kuntze.de] 
Sent: Saturday, May 16, 2015 2:23 AM
To: Ko, HsuenJu; 'users at lists.strongswan.org'
Subject: Re: [strongSwan] ipv6 connection not working


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Bettina,

That sending_message is for a different IKE SA. Your configuration uses IPv6, but the log shows an IPv4 packet. The packet is also sent 5 minutes after Main Mode gets initiated.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 15.05.2015 um 14:37 schrieb Ko, HsuenJu:
>
> Hi,
>
> I am testing ipv6 connection using ikev1 and it appears ike exchange packet was not seen by tcpdump.  Here is the information.
>
> 
>
> Here is the version that I am using.
>
> 
>
> Linux strongSwan U5.2.0/K2.6.32-504.el6.x86_64
>
> 
>
> 
>
> Here is the config.
>
> 
>
> conn conn_14_ike1_ipv6_122
>
>      left=fcc1:e::53
>
>      leftcert=test_1.14_cert_ipv6.der
>
>      leftca=%same
>
>      right=fcc1:e::7a
>
>      rightid=fcc1:e::7a
>
>      rightca="*C=US, O=XXX, OU=VOS IPSec Tests, CN=test 1 14 v6 CA*"
>
>      esp=aes128-sha256-modp2048!
>
>      ike=aes128-sha256-modp2048!
>
>      keyexchange=ikev1
>
>      marginbytes=3400000
>
>      ikelifetime=24h
>
>      lifetime=24h
>
> 
>
> And here are some information from the log.
>
> 
>
> May 15 06:44:24 15[KNL] creating acquire job for policy 
> fcc1:e::53/128[udp/41615] === fcc1:e::7a/128[udp/blackjack] with reqid 
> {8}
>
>>
> May 15 06:44:24 14[IKE] initiating Main Mode IKE_SA 
> conn_14_ike1_ipv6_122[1] to fcc1:e::7a
>
> May 15 06:44:24 14[IKE] IKE_SA conn_14_ike1_ipv6_122[1] state change: 
> CREATED => CONNECTING
>
> May 15 06:44:24 14[CFG] configured proposals: 
> IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>
>>
> May 15 06:49:46 16[NET] sending packet: from 10.1.14.83[500] to 
> 10.1.14.122[500] (160 bytes)
>
> May 15 06:49:46 07[NET] sending packet: from 10.1.14.83[500] to 
> 10.1.14.122[500]
>
> 
>
> However, I never see this packet with tcpdump.  If I used ipv4 address instead, I can see the tcpdump showing that UDP packets.  I saw issue #860 with acquire job message.  But that issue seems only apply to ikev2.   Can someone explain what might be wrong?
>
> 
>
> Thanks!
>
> Bettina
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVVuJXAAoJEDg5KY9j7GZYHNIP/AzwOqtIj7weBlzsOKA4nv99
lkGbmVxe4bsKsRZBRXrqxkCrjgKGHZKV40VzMH9msP4RPYjOBPuD6G36O6Zhgtwt
rvhDnPZthbk3Uan5HrH3omh2Qq2VwBtOQQ5+iSJ2Z7XFXNk5eZ1ETjXTrHWtXbYB
/Ssw9uKzRHRRnojX00/kb/R4aqlIJHe4rjyy9XUN1OQm3JJXU8YxN0txoTk7E3gw
r6yNxhkp3mrjvjRrqGyrUnHQG8Y4CQTzMMYJjTXMTQVKu5dHn67Y6rgZMMyD/5BS
lfwRY/pOc9XZXZixiBocbAKYInu7Xnjtkf5M/ghHxkGQvnHXsixFD64nee7+/2OS
aKBk9F/A/h1IAYDwA0ZQxpndVi3KQfrHCJHDxUH+7IostYKitfRgxE9pbOcLB44Z
fqrW77lwLk8PKys0kxQVMXTkNSuiCpCMkmytawZcKbZuJQ8a4bANRRY70KPOW85U
VX1xImjMkYMunmXDt8LTa2DTXJFADDqmIho5MXYeoP91WuK3yDiuBD3fPoJLUUex
JCvVRapFAYyVexHeVth/kA3iGlAuMDgBrZ3xJBuANpv7uCob9aQl2dW4B7U/kxOh
UPSRaoG5sLBEhe9Q6iKCmCe8FD99nO8e4vDxQeuRmwDaJH9ex9WHUhWHeRzAUuI5
pLn2b0Dqfg1l/oGV8vLh
=aQss
-----END PGP SIGNATURE-----

More information about the Users mailing list