[strongSwan] is kernel-libipsec supporting native IPv6 ESP?
Peter Bieringer
pb at bieringer.de
Thu Mar 9 19:54:17 CET 2017
Hi,
what are the steps to use native IPv6 ESP with kernel-libipsec?
strongswan-5.4.0-2.el7 on a Virtuozzo system has to use kernel-libipsec.
While IPv4 is working fine (with UDP-encapsulated ESP) with IPv6 it's
not working.
IKEv2 session is working, but then native IPv6 ESP is received (at least
tcpdump shows), but nothing happen.
19:42:53.038851 IP6 2001:a61:** > 2a01:238:**:
ESP(spi=0xbdece169,seq=0x9), length 84
(resent all the time -> no reply from server)
stracing charon also shows that in difference to IPv4-UDPenc-ESP no
action is seen on charon once IPv6-ESP is received.
I have the feeling that the IPv6-ESP packages are not "routed" into
charon at all.
Searched already with Google, didn't find a proper hint so far.
Hopefully one can point me to the right config setting (either in Linux
network stack or in charon/strongswan)
Thank you!
Regards,
Peter
More information about the Users
mailing list