[strongSwan] %any picks IPv6 link-local address

Tobias Brunner tobias at strongswan.org
Fri Oct 7 09:39:41 CEST 2016


Hi David,

>>> So, the question is if it'd be possible to take the "from 2001:xxxx/56"
>>> part of the default route into consideration when selecting the source
>>> IPv6 address?
>>
>> I pushed a quick patch to the kernel-netlink-rta-src branch [1].
> 
> I've finally gotten around to cross-compile an updated package for
> OpenWRT (based on strongswan-5.5.1dr2.tar.bz2 because of how the OpenWRT
> build system works) and I'm happy to say that the patch works :)

Great, thanks for testing.  By the way, I changed the original patch a
bit when I merged it.  So you might want to try the upcoming 5.5.1rc1.

>> An alternative is using the native source lookup by setting
>> charon.plugins.kernel-netlink.fwmark [2].
> 
> I tried that (both with only fwmark set to !0x42 and with fwmark set to
> !0x42 and socket-default set to 0x42). While it did help a bit (the
> right source IP address was used and the tunnel negotiation completed),
> I ended up getting error messages from netlink about invalid routes
> instead.

Could you provide more information on this (e.g. a log with the log
level for knl set to 2)?  When exactly did you get the errors?  During
installation of the routes?

Regards
Tobias



More information about the Users mailing list