Hello, all
I was trying to setup a IPv6 tunnel with strongSwan as the client. strongSwan
sent the IKE_SA_INIT to my SGW and the SGW properly responded. Wireshark
capture indicated that the IKE_SA_INIT response was received on the network
interface that strongSwan was listening on, however the packet (IKE_SA_INIT
response) was not handed over to charon, instead the packet was responded with
a "ICMPv6 Unreachable (Administratively prohibited)". Any idea that the linux
kernel can fail to distribute the packet to charon?
Examing the charon logs, I found the following errors:
"
charon: 00[KNL] unable to set UDP_ENCAP: Protocol not available
charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
"
Do those errors have anything to do with the failure to setup IPv6 tunnels?
I am currently running strongSwan 5.0.1. The IPv6 connection is:
conn ipv6_cert
left=1080::192:160:1:100
leftsourceip=%config
leftcert=ss.cert
leftauth=pubkey
leftsubnet=1080::6:0:0/112
leftfirewall=yes
rightfirewall=yes
right=1080::192:160:1:10
rightsubnet=1080::15:15:15:0/112
rightauth=pubkey
auto=add
esp=aes-sha1-md5-modp1024
ike=3des-aes-sha1-md5-modp1024
-----------------
Thanks for your help
Nan
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
