[strongSwan] IPComp and IPv6 tunneled on IPv4 on Debian
Tobias Brunner
tobias at strongswan.org
Thu Oct 22 18:43:55 CEST 2015
Hi Heiko,
> Anyway, what I gather the problem is is the actual policy, which isn't
> set up correctly for the IPv6 in IPv4 tunnel:
To clarify, what you listed are not the policies but the SAs (states).
Check the policies with `ip xfrm policy`.
> src 192.168.178.2 dst 46.4.15.36
> proto esp spi 0xc43d3310 reqid 4 mode transport
> replay-window 32
> auth-trunc hmac(sha1) ... 96
> enc cbc(aes) ...
> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
> sel src 0.0.0.0/0 dst 0.0.0.0/0
> src 192.168.178.2 dst 46.4.15.36
> proto comp spi 0x00002275 reqid 4 mode tunnel
> replay-window 0 flag af-unspec
> comp deflate
> src 46.4.15.36 dst 192.168.178.2
> proto esp spi 0xccc07fea reqid 4 mode transport
> replay-window 32
> auth-trunc hmac(sha1) ... 96
> enc cbc(aes) ...
> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
> sel src 0.0.0.0/0 dst 0.0.0.0/0
> src 46.4.15.36 dst 192.168.178.2
> proto comp spi 0x00005632 reqid 4 mode tunnel
> replay-window 0 flag af-unspec
> comp deflate
> Is this a known problem that IPv6 in IPv4 tunnels and IPCOMP don't set
> up their policies properly?
What do you mean?
Regards,
Tobias
More information about the Users
mailing list