[strongSwan] IPv6 tunnel connection ping with no response, and Router Advertisement multicast

Peter Hsiang phsiang at nvidia.com
Tue Aug 14 02:15:13 CEST 2018


I have a Strongswan IPv6 tunnel connection over the normal IPv4, and sometimes the IPv6 ping to the server does not get ping reply.  Has anyone seen this issue too?


The reason for sending the ping over the secure IPv6 tunnel is to test if the tunnel connection is up and running.


Checking the wireshark traces and comparing the successful and failing case, I see in the successful case we received an IPv6 "Router Advertisement" multi-cast right after having connected the tunnel (i.e. after the IKE_INIT and the 3 IKE_AUTH pairs).
Then all subsequent IPv6 pings would get a response.


For the failing case, we do not receive the Router Advertisement, and the pings do not get any response.  Could the ping with no response issue be related to the Router Advertisement?


The exact sequence is:

IKE_SA_INIT MID=00 Initiator Request

IKE_SA_INIT MID=00 Responder Response

IKE_AUTH MID=01 Initiator Request

IKE_AUTH MID=01 Responder Response

IKE_AUTH MID=02 Initiator Request

IKE_AUTH MID=02 Responder Response

IKE_AUTH MID=03 Initiator Request

Router Advertisement from :: to ff02::1

IKE_AUTH MID=03 Responder Response

Router Advertisement from an IPv6 address to ff02::1

Echo (ping) request

Echo (ping) response


Thanks,

Peter

-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180814/aa722c7c/attachment.html>


More information about the Users mailing list