Hi Martin. I have v4.5.2. Will the passthrough option insist on manual keying? Not sure what this option does in conjunction with Charon? Could you give me the 2 sec summary?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Martin Willi Sent: Wednesday, January 25, 2012 3:38 AM To: Johnson, Eric C Cc: [email protected] Subject: Re: [strongSwan] ICMP discovery fails with IPv6 and IKEv2 Hello Eric, > 01[KNL] creating acquire job for policy > fc00:2518::221:9bff:fe98:854b/128[udp/60525] === > fc00:2518::10:125:56:9/128[udp/1025] with reqid {10} If your policy triggering the tunnel covers all traffic, of course any ICMP messages are covered by this policy, too. So the name resolution won't work, and the tunnel can't be established. Try to install a passthrough policy using the "type" ipsec.conf option (requires strongSwan 4.5.3 if you want to do this with charon). You can limit this policy to ICMPv6 and the required types using left/rightprotoport options. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
