[strongSwan] IPComp and IPv6 tunneled on IPv4 on Debian

Heiko Wundram modelnine at modelnine.org
Wed Oct 21 00:46:25 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey all,

I'm currently trying to get IPComp working with an IPv6 in IPv4 IPsec
(ESP) tunnel using strongSwan on Debian. From what I gather from
https://wiki.strongswan.org/projects/strongswan/wiki/IPComp there are
supposed to be fixes in strongSwan 5.4 (which isn't released yet) for
IPv6 transports and IPComp - but I can't find anything that
immediately meet my eye for the list of referenced bugs from that
ticket. I've already tried an upgrade to the latest "stable" build for
Debian from stretch (5.3.2-1), which seems to work no differently than
the jessie build (5.2.1-6).

Anyway, apparently what happens is that no proto 41 (IPv6 in IPv6)
policy is installed at the destination end for small packets which
skip IPComp in the corresponding policy on the source side, so that
those don't arrive. "Big" packets do go through properly. I can see no
dropped packets in the IPv6 firewall on the receiving end, so that
they don't seem to be incoming/accepted at all (different from the
IPv4-end where I added the corresponding INPUT rule to accept proto
4). I have loaded ipcomp and ipcomp6 as modules (as the latter didn't
seem to be loaded automatically).

Is this a known broken configuration, and/or is there a fix to make
IPComp work with IPv6 in IPv4-tunnels at the moment? Thanks for any hint
s!

- -- 
Heiko Wundram.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWJsRBAAoJEJ/eyTFUqXhdofoQAJVhT+9cYCxvDzWM7i8uDecu
DEVL5IfBSNj998npDMRj/Y5Dw4BwT+V0Joodekrb9w+5e/W3hzQpEBR7ON9HgNvI
bgZQ5who+r0I4KZ2AWqozskr0X8i0lnig4WrIteC1uXtZaASF2iVjKUPbZuNYuJu
oXdx5ZBEuQzMYDIIXevG1cUpulYESgaPrYYcMLYs4vSFrQ1C+EcASMsaHHulxpBN
rgv+w/n+dSkXBBKWyqfsHsKoBHY4yrNNg6j1zDR4FMI+m5f14AYKUnMU0tMy5Fag
9gBJB6hwojsmhw1VPAYDsZu8dmPtxeHdv2hxSAJu9+5QYNOe7lCVIs84F2WNKHEx
KDIBXdTfkNzRQ/t64ChJ74SbVcAY5mUvR/TBwnb/E3do+9NXQ6J5HV1e0DmrDcFn
CjhrGKK1OIxmUzxwRjWgun5ncgLD+LRy3WW/jB3bLulmSya6Vg6+KTiq/JBdSY1L
z6LIabr/1PWqH6foA15XNEjxGMvL6XEMdDH2FL3lrHiOLc+SIh/dnj8PVFTQqrCK
QsSdUdlFtwblmgKADkam/VV68P6ssCCXI4cjEiL575yZTzfFf9/qNIfV7k3KtFFY
bn1Ylf5itJofwAUXyHJDa3qDDPX0LgXpHzBs+3d9mVYEit5DpRvMtdFCOUi/9o08
gZIkiSSSLSvrtV5Iukzv
=mIaU
-----END PGP SIGNATURE-----


More information about the Users mailing list