[strongSwan] Strongswan - Problems to set up IPv4 + IPv6 with StrongSwan 5.1.2 on Ubuntu 14

Dirk Hoelscher dirk.hoelscher at xplod.de
Thu Aug 24 10:59:53 CEST 2017 

Thanks for your incredible support. IPv4 is now working as intended.



Now I've got some issues regarding IPv4/IPv6 dual stack:



My /etc/network/interfaces states following

---------------------------------------------

iface eth0 inet dhcp



iface eth0:1 inet static

    address 10.1.1.1

    netmask 255.255.255.0



iface eth0 inet6 static

  address (public IP)

  netmask 64

  gateway (gateway)

  up /sbin/ifconfig eth0 add fdea::1/64

---------------------------------------------



I want to use both 10.1.1.x and fdea::x addresses for my connections, to be sure that ANY traffic is routed through my VPN



I added

rightsourceip=10.1.1.20/24,fdea::20/64

to my ipsec.conf file, and the remote device will get an IPv6 address on connection.



With IPv4, I am able to ping any participiants from any side. 

With IPv6, I can just ping the local address (e.g. fdea::21 on my smartphone), but not any remote address.



I added 

rightsubnet=10.1.1.1/24, fdea::1/64

to my ipsec.conf, but this didn't change a thing.



My smartphone tells following on connection:

Aug 24 10:55:50 11[IKE] installing DNS server 8.8.8.8
Aug 24 10:55:50 11[IKE] installing DNS server 8.8.4.4
Aug 24 10:55:50 11[IKE] installing DNS server 2001:4860:4660::8888
Aug 24 10:55:50 11[IKE] installing DNS server 2001:4860:4860::8844
Aug 24 10:55:50 11[IKE] installing new virtual IP 10.1.1.21
Aug 24 10:55:50 11[IKE] installing new virtual IP fdea::21
Aug 24 10:55:50 11[IKE] CHILD_SA android{17} established with SPIs f25c4080_i ca1658c5_o and TS 10.1.1.0/24 fdea::/64 === 0.0.0.0/0

Aug 24 10:55:50 11[DMN] setting up TUN device for CHILD_SA android{17}
Aug 24 10:55:50 11[DMN] successfully created TUN device
Aug 24 10:55:50 11[IKE] peer supports MOBIKE
Aug 24 10:55:51 13[IKE] sending address list update using MOBIKE
Aug 24 10:55:51 13[ENC] generating INFORMATIONAL request 2 [ N(NO_ADD_ADDR) ]



Can anybody tell me why I am not able to ping between client<->server on IPv6?



Best regards,

Dirk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170824/5a037180/attachment.html>

More information about the Users mailing list