Re: [strongSwan] IPv6 tunnel and IPv4 traffic: no routing entries in table 220 ?

[Thomas Rudolph]

Hi Tobias,

oh wow I really have "Ein Brett vorm Kopf"  yes it works now, thank you 
very much.

Regards,
Thomas



-Ursprüngliche Nachricht-
Von: Tobias Brunner  
Gesendet: Mittwoch, 29. Januar 2020 13:54
An: Thomas Rudolph ; users@lists.strongswan.org
Betreff: Re: [strongSwan] IPv6 tunnel and IPv4 traffic: no routing entries in 
table 220 ?

Hi Thomas,

> root@strongswan:/home/rudt/projects/vpn-server# swanctl -i --ike conn1

With this you initiate a childless IKE_SA.  Without IPsec/CHILD_SA you 
obviously won't be able to tunnel any traffic.  Try with `--child child1` (or 
use `start_action=trap` in that child config to trigger the creation of the SA 
based on traffic).

Regards,
Tobias

Re: [strongSwan] IPv6 tunnel and IPv4 traffic: no routing entries in table 220 ?

[Tobias Brunner]

Hi Thomas,

> root@strongswan:/home/rudt/projects/vpn-server# swanctl -i --ike conn1

With this you initiate a childless IKE_SA.  Without IPsec/CHILD_SA you
obviously won't be able to tunnel any traffic.  Try with `--child
child1` (or use `start_action=trap` in that child config to trigger the
creation of the SA based on traffic).

Regards,
Tobias

Re: [strongSwan] IPv6 tunnel and IPv4 traffic: no routing entries in table 220 ?

[Noel Kuntze]

Hello Thomas,

Routes are added when traffic needs to be sent to another destination than the 
main routing table or existing routes in table 220 do. It's all in C code.

Please provide all information as shown on he HelpRequests page on the wiki if 
you want any actionable advice.

Kind regards

Noel

Am 29.01.20 um 11:18 schrieb Thomas Rudolph:
> Hello,
> 
>  
> 
> I wonder how the routing entries are written to table 220, and which are 
> neccesary. Is there any place , like _updown for firewall rules, where I can 
> see how and what is done ?
> 
>  
> 
> My problem:
> 
>  
> 
> If I use IPv4 tunnel and traffic, it’s all ok, rules in table 220 appear and 
> VPN works from LAN to LAN.
> 
> If I use IPv6 tunnel and IPv4 traffic, nothing appears in table 220. What can 
> be the reason for such behavior ?
> 
>  
> 
> And, I was not able to find myself a rule that works, I tried to add to table 
> 220 rules like
> 
>  
> 
> ip route add 192.168.2.0/24 proto static scope global dev eth0 src 
> 192.168.0.1 table 220
> 
>  
> 
> with REMOTE_LAN_NET  src LOCAL_LAN_ADDRESS
> 
>  
> 
> (derived from strongSwan example 
> https://www.strongswan.org/testing/testresults/ipv6/net2net-ip4-in-ip6-ikev2/ 
> )
> 
>  
> 
>  
> 
> but it dont’t work. VPN connection is up, but no ping from LAN to LAN, it 
> seems the traffic is not thrown into tunnel (policy based VPN).
> 
>  
> 
>  
> 
> ?
> 
>  
> 
> Can anyone please give a hint ?
> 
>  
> 
>  
> 
> Regards,
> 
>  
> 
> Thomas
> 
> -- 
> Thomas Rudolph
> Teleconnect GmbH
> Am Lehmberg 54, 01157 Dresden, Germany
> 
> Phone:+49 351 4236 214 (Main: - 210)
> E-Mail/Skype: r...@teleconnect.de 
> 
> 
> 
>  Watch our current video!  
> 
>  Teleconnect    Twitter  
>   Linkedin  
> 
> 
> USt.-IdNr. (VAT ID): DE140301522
> Registergericht (Commercial registry): Dresden, HRB 1040
> Geschäftsführer (Managing Director): Dr. Gerald Nürnberger
> --
> Der Inhalt dieser Mail enthält möglicherweise vertrauliche Informationen und 
> ist ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht 
> der richtige Adressat sind, teilen Sie dem Absender bitte den Erhalt der Mail 
> mit und löschen Sie die Mail.
> The content of this mail may contain confidential information and is intended 
> solely for the designated addressee. If you are not the intended addressee, 
> then please inform the sender about the receipt of this mail and delete the 
> mail.



signature.asc
Description: OpenPGP digital signature