[strongSwan] Problem with IPv4 through IPv6 IKEv2 tunnel

Marco Scholl develop at marco-scholl.de
Wed Jul 5 23:11:24 CEST 2017 

Hi guys,

i have an IKEv2 roadwarrior setup (U5.3.5/K4.8.0-58-generic) that works
fine with IPv4 through IPv4 tunnel.
But now i want to allow connection also through IPv6. But when i connect
through IPv6, the tunnel came up and i got the correct ip address..., but i
didn't get any traffic through it.

When i start a ping on client side i can see the esp packets came in. when
start ping on server side i see esp packets go out. but i have never seen
ean response esp packet. When i start xfrm monitor i got this errors:

"Async event  (0x20)  timer expired"

Here my Config

conn %default
  fragmentation=yes
  ikelifetime=1d
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev2
  authby=secret
  right=%any
  rightid=%any
  rightsendcert=never
  rightauth=eap-radius
  rightsourceip=%radius

ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!

esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
  eap_identity=%identity

conn rw
  auto=add
  right=%any
  rightid=%any
  left=MYIPS
  leftsubnet=10.0.0.0/8
  leftfirewall=yes
  leftauth=pubkey
  leftcert=MYCERT
  leftsendcert=always
  leftid=@MYFQDN

I hope somebody can help.

Greets marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170705/01cd0203/attachment-0001.html>

More information about the Users mailing list