Hi Martin. Thanks for hanging with me on this. One more question. Once I get to 4.5.3 you're saying I need to define the type as passthrough and then use the left/rightprotoport options. Are the protoport options defining traffic exceptions to NOT send over the tunnel? For example would I list icmp6 134-6 to make sure the neighbor discovery works before the tunnel attempt is made? And can I still define an 'allow all' policy on the remote peer by doing this?
-----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: Thursday, January 26, 2012 10:39 AM To: Johnson, Eric C Cc: [email protected] Subject: RE: [strongSwan] ICMP discovery fails with IPv6 and IKEv2 Hi, > I have v4.5.2. Will the passthrough option insist on manual keying? Passthrough policies are not supported with charon before 4.5.3. You can install them manually using other tools (setkey or iproute2), but it might be a little tricky to get it right. Probably simpler to update to a recent strongSwan version. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
