Public bug reported:
Hello guys,
I tried with the network-manager-strongswan plugin a connection via
IPSec to a Fortigate Firewall.
My goal is a dual-stack connection via IPv4. Therefore I'm trying to
setup CHILD_SA for IPv4 and IPv6.
It faild with the network-manager-strongswan plugin, but it works with
the native CLI strongswan.
For example, we get this kind of error:
13[KNL] received netlink error: Invalid argument (22)
13[KNL] unable to install source route for X:X::2
13[IKE] installed bypass policy for X:X::2/128
Soloution via CLI-Strongswan:
swanctl.conf
connections {
ipsec-ikev2-psk {
dpd_delay = 30s
dpd_timeout = 150s
version = 2
remote_addrs = ikev2.ipsec.host
vips = 0.0.0.0,::
rekey_time = 1800s
fragmentation = no
proposals = aes256-sha256-modp2048
mobike = no
encap = yes
unique = replace
local-1 {
auth = psk
id = "IPSecID"
}
remote {
auth = psk
id = %any
}
children {
ikev16-ikev2-psk {
remote_ts = ::/0
esp_proposals = aes256-sha256-modp2048
close_action = start
start_action = start
}
}
children {
ipsecv4-ikev2-psk {
remote_ts = 0.0.0.0/0
esp_proposals = aes256-sha256-modp2048
close_action = start
start_action = start
}
}
}
}
It seems the network-manager-strongswan plugin have a problem to establish the
IPv6 routes.
** Affects: network-manager-strongswan (Ubuntu)
Importance: Undecided
Status: New
** Tags: ipsec
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905565
Title:
IPv6 over IPv4 IPSec tunnel communication error
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1905565/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
