[strongSwan] Traffic selectors routing issue for IPv6 TS with 128 prefix
Ts, Sachin (Nokia - IN)
sachin.ts at nokia.com
Wed Mar 15 12:53:13 CET 2017
Hi,
In StrongSwan Version 5.2.2.
We are facing problem in reaching traffic selectors when we use IPv6
TS(Single host IP) with /128 prefix BUT whereas when we use subnets, its
working fine.
Below is the kernel table output when we use /128 prefix for TS and with
/120 prefix.
Failure case:
# ipsec status
Security Associations (3 up, 0 connecting):
tun1_sa1[1]: ESTABLISHED 3 minutes ago,
172.aa.yy.0[F830940152300008.iprc.nlt.in]...192.abc.ab.158[iprc.nlt.in]
tun1_sa1{67108865}: INSTALLED, TUNNEL, ESP in UDP SPIs: c33c0cc0_i
0006ea56_o
tun1_sa1{67108865}: fc01:eab:xx::xx/128 === fc01:eab:8:1::/120
fc01:eab:yy:1::x/128 fc01:eab:11:6::/120 fc01:eab:8:2::/120
fc01:eab:96:1::/120 fc01:eab:92:1::/120
Routing table entry looks like below:
fc01:eab:97:1::7 dev eth1 table 220 proto static metric 1024 >> no src ip
Success case:
# ipsec status
Security Associations (3 up, 0 connecting):
tun1_sa1[1]: ESTABLISHED 3 minutes ago,
172.aa.yy.0[F830940152300008.iprc.nlt.in]...192.abc.ab.158[iprc.nlt.in]
tun1_sa1{67108865}: INSTALLED, TUNNEL, ESP in UDP SPIs: c33c0cc0_i
0006ea56_o
tun1_sa1{67108865}: fc01:eab:xx::xx/128 === fc01:eab:8:1::/120
fc01:eab:yy:1::/120 fc01:eab:11:6::/120 fc01:eab:8:2::/120
fc01:eab:96:1::/120 fc01:eab:92:1::/120
Routing table entry:
fc01:eab:97:1::/120 dev eth1 table 220 proto static src fc01:eab:xx:z::92
metric 1024 >> src ip present
In failure we are not able to reach TS. Can you please let us know is this a
limitation with strongswan v5.2.2 OR is it a known bug ?
Thanks,
Sachin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170315/b0dedffc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5338 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170315/b0dedffc/attachment-0001.bin>
More information about the Users
mailing list