[strongSwan] %any picks IPv6 link-local address
Tobias Brunner
tobias at strongswan.org
Tue Aug 23 12:52:37 CEST 2016
Hi David,
> Then strongSwan will try to initiate a connection using the link-local
> address of the pppoe-wan interface (which fails), presumably because it
> is the device used for outgoing IPv6 traffic. But pppoe-wan doesn't have
> a global IPv6 address assigned.
Yes, the found route gives us the interface but nothing else as RTA_SRC
(the `from ...` part) is currently not used by the kernel-netlink
plugin. So only that interface is searched for addresses.
> So, the question is if it'd be possible to take the "from 2001:xxxx/56"
> part of the default route into consideration when selecting the source
> IPv6 address?
I pushed a quick patch to the kernel-netlink-rta-src branch [1].
An alternative is using the native source lookup by setting
charon.plugins.kernel-netlink.fwmark [2].
Regards,
Tobias
[1]
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/kernel-netlink-rta-src
[2]
https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Routing
More information about the Users
mailing list