[strongSwan] IPv6 tunnel and IPv4 traffic: no routing entries in table 220 ?

Thomas Rudolph rudt at teleconnect.de
Wed Jan 29 11:18:29 CET 2020 

Hello,

I wonder how the routing entries are written to table 220, and which are neccesary. Is there any place , like _updown for firewall rules, where I can see how and what is done ?

My problem:

If I use IPv4 tunnel and traffic, it's all ok, rules in table 220 appear and VPN works from LAN to LAN.
If I use IPv6 tunnel and IPv4 traffic, nothing appears in table 220. What can be the reason for such behavior ?

And, I was not able to find myself a rule that works, I tried to add to table 220 rules like

ip route add 192.168.2.0/24 proto static scope global dev eth0 src 192.168.0.1 table 220

with REMOTE_LAN_NET  src LOCAL_LAN_ADDRESS

(derived from strongSwan example https://www.strongswan.org/testing/testresults/ipv6/net2net-ip4-in-ip6-ikev2/ )


but it dont't work. VPN connection is up, but no ping from LAN to LAN, it seems the traffic is not thrown into tunnel (policy based VPN).


?

Can anyone please give a hint ?


Regards,

Thomas
--
Thomas Rudolph
Teleconnect GmbH
Am Lehmberg 54, 01157 Dresden, Germany

Phone:          +49 351 4236 214 (Main: - 210)
E-Mail/Skype:           rudt at teleconnect.de<mailto:rudt at teleconnect.de>


 Watch our current video! <https://www.youtube.com/watch?v=YtFrOo9rzSU>

 Teleconnect <https://www.teleconnect.de>   Twitter <https://twitter.com/Teleconnect_>   Linkedin <https://www.linkedin.com/company/teleconnect-gmbh/>

USt.-IdNr. (VAT ID): DE140301522
Registergericht (Commercial registry): Dresden, HRB 1040
Gesch?ftsf?hrer (Managing Director): Dr. Gerald N?rnberger
________________________________
Der Inhalt dieser Mail enth?lt m?glicherweise vertrauliche Informationen und ist ausschlie?lich f?r den bezeichneten Adressaten bestimmt. Wenn Sie nicht der richtige Adressat sind, teilen Sie dem Absender bitte den Erhalt der Mail mit und l?schen Sie die Mail.
The content of this mail may contain confidential information and is intended solely for the designated addressee. If you are not the intended addressee, then please inform the sender about the receipt of this mail and delete the mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200129/6ab93fde/attachment.html>

More information about the Users mailing list