Hi,
I am using the sample configurations [1] to setup the ikev2/ip-two-pools-v4v6 and notice one thing related to the routing: If Carol sets up the connection with Moon using the IPv4 interfaces as the tunnel endpoints, both IP v4 and v6 VPN addresses are assigned to Carol, IPv4 routing is working fine between Moon and Carol, but IPv6 routing is not working from Moon to Carol. But, if Carol sets up the connection with Moon using the IPv6 interfaces as the tunnel endpoints, both IP v4 and v6 VPN addresses are assigned to Carol, IPv6 routing is working fine between Moon and Carol, but IPv4routing is not working from Moon to Carol. I notice that Moon sets up both IPv4 and IPv6 routing to the same single source address (endpoint) of Carol, i.e. If tunnel endpoints are IPv4, Moon sets up both IPv4 and IPv6 routings to the IPv4 endpoint address of Carol, thus the IPv6 routing failed. If tunnel endpoints are IPv6, Moon sets up both IPv4 and IPv6 routings to the IPv6 endpoint address of Caro, thus the IPv4 routing failed. In the single IP case, I guess that server is based its routing decision on the single source address (endpoint) of the client. But in the dual IP case, how does Carol convey her IPv4 and IPv6 endpoint addresses as the source addresses to the Moon? Is there a way to do that? How could Moon be configured such that it should expect both IPv4 and IPv6 endpoint addresses from Carol in case of the dual IP single tunnel setup? Would this make it establish both the IPv4 and the IPv6 routings properly over the same tunnel? Thank you! Robert [1] http://www.strongswan.org/uml/testresults5rc/ikev2/ip-two-pools-v4v6/ ============ Moon config remains the same ===========** Moon ipsec.conf left=%defaultroute leftsubnet=10.9.8.0/24,fec1::/64 right=%any rightsourceip=fec1::1/64,10.9.8.1 ============ tunnel endpoints are IPv4 addresses ===========** Carol ipsec.conf right=10.41.73.71 rightsubnet=10.9.8.0/24,fec1::/64 left=%defaultroute leftsourceip=%config4,%config6 Log: Oct 2 22:20:54 04[IKE] 10.41.73.234 is initiating an IKE_SA Oct 2 22:20:54 07[KNL] getting a local address in traffic selector 10.9.8.0/24 Oct 2 22:20:54 07[KNL] using host 10.9.8.2 Oct 2 22:20:54 07[KNL] using 10.41.73.234 as nexthop to reach 10.41.73.234 Oct 2 22:20:54 07[KNL] 10.41.73.71 is on interface eth0 Oct 2 22:20:54 07[KNL] installing route: 10.9.8.1/32 via 10.41.73.234 src 10.9.8.2 dev eth0 Oct 2 22:20:54 07[KNL] getting a local address in traffic selector fec1::/64 Oct 2 22:20:54 07[KNL] using host fec1::2 Oct 2 22:20:54 07[KNL] using 10.41.73.234 as nexthop to reach 10.41.73.234 Oct 2 22:20:54 07[KNL] 10.41.73.71 is on interface eth0 Oct 2 22:20:54 07[KNL] installing route: fec1::1/128 via 10.41.73.234 src fec1::2 dev eth0 ping6 fec1::1 from Moon to Carol failed: Oct 2 22:21:05 12[KNL] creating acquire job for policy fec1::2/128[udp/47216] === fec1::1/128[udp/1025] with reqid {1} Oct 2 22:21:05 08[CFG] trap not found, unable to acquire reqid 1 ============ tunnel endpoints are IPv6 addresses =========== Carol ipsec.conf right=2002:c023:9c17:21c::a29:4947 rightsubnet=10.9.8.0/24,fec1::/64 left=%defaultroute leftsourceip=%config4,%config6 Log: Oct 2 22:18:16 07[IKE] 2002:c023:9c17:21c:21b:78ff:fee0:dbfc is initiating an IKE_SA Oct 2 22:18:16 10[KNL] getting a local address in traffic selector 10.9.8.0/24 Oct 2 22:18:16 10[KNL] using host 10.9.8.2 Oct 2 22:18:16 10[KNL] using 2002:c023:9c17:21c:21b:78ff:fee0:dbfc as nexthop to reach 2002:c023:9c17:21c:21b:78ff:fee0:dbfc Oct 2 22:18:16 10[KNL] 2002:c023:9c17:21c::a29:4947 is on interface eth0 Oct 2 22:18:16 10[KNL] installing route: 10.9.8.1/32 via 2002:c023:9c17:21c:21b:78ff:fee0:dbfc src 10.9.8.2 dev eth0 Oct 2 22:18:16 10[KNL] getting a local address in traffic selector fec1::/64 Oct 2 22:18:16 10[KNL] using host fec1::2 Oct 2 22:18:16 10[KNL] using 2002:c023:9c17:21c:21b:78ff:fee0:dbfc as nexthop to reach 2002:c023:9c17:21c:21b:78ff:fee0:dbfc Oct 2 22:18:16 10[KNL] 2002:c023:9c17:21c::a29:4947 is on interface eth0 Oct 2 22:18:16 10[KNL] installing route: fec1::1/128 via 2002:c023:9c17:21c:21b:78ff:fee0:dbfc src fec1::2 dev eth0 ping 10.9.8.1 from Moon to Carol failed Oct 2 22:18:29 15[KNL] creating acquire job for policy 10.9.8.2/32[udp/42668] === 10.9.8.1/32[udp/1025] with reqid {1} Oct 2 22:18:29 11[CFG] trap not found, unable to acquire reqid 1
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
