[strongSwan] %any picks IPv6 link-local address

Tobias Brunner tobias at strongswan.org
Fri Oct 7 09:39:41 CEST 2016

Hi David,

>>> So, the question is if it'd be possible to take the "from 2001:xxxx/56"
>>> part of the default route into consideration when selecting the source
>>> IPv6 address?
>> I pushed a quick patch to the kernel-netlink-rta-src branch [1].
> I've finally gotten around to cross-compile an updated package for
> OpenWRT (based on strongswan-5.5.1dr2.tar.bz2 because of how the OpenWRT
> build system works) and I'm happy to say that the patch works :)

Great, thanks for testing.  By the way, I changed the original patch a
bit when I merged it.  So you might want to try the upcoming 5.5.1rc1.

>> An alternative is using the native source lookup by setting
>> charon.plugins.kernel-netlink.fwmark [2].
> I tried that (both with only fwmark set to !0x42 and with fwmark set to
> !0x42 and socket-default set to 0x42). While it did help a bit (the
> right source IP address was used and the tunnel negotiation completed),
> I ended up getting error messages from netlink about invalid routes
> instead.

Could you provide more information on this (e.g. a log with the log
level for knl set to 2)?  When exactly did you get the errors?  During
installation of the routes?


More information about the Users mailing list