[strongSwan] %any picks IPv6 link-local address
tobias at strongswan.org
Fri Oct 7 09:39:41 CEST 2016
>>> So, the question is if it'd be possible to take the "from 2001:xxxx/56"
>>> part of the default route into consideration when selecting the source
>>> IPv6 address?
>> I pushed a quick patch to the kernel-netlink-rta-src branch .
> I've finally gotten around to cross-compile an updated package for
> OpenWRT (based on strongswan-5.5.1dr2.tar.bz2 because of how the OpenWRT
> build system works) and I'm happy to say that the patch works :)
Great, thanks for testing. By the way, I changed the original patch a
bit when I merged it. So you might want to try the upcoming 5.5.1rc1.
>> An alternative is using the native source lookup by setting
>> charon.plugins.kernel-netlink.fwmark .
> I tried that (both with only fwmark set to !0x42 and with fwmark set to
> !0x42 and socket-default set to 0x42). While it did help a bit (the
> right source IP address was used and the tunnel negotiation completed),
> I ended up getting error messages from netlink about invalid routes
Could you provide more information on this (e.g. a log with the log
level for knl set to 2)? When exactly did you get the errors? During
installation of the routes?
More information about the Users