Hello, My strongswan 5.0.2 installation has some bizarre behaviour with IKEv2 connections that ask both an IPv4 and an IPv6 address.
My client ipsec.conf is as follows :
conn IKEv2
keyexchange=ikev2
left=%any
leftauth=pubkey
leftcert=nullpointerexception-cert.pem
leftsourceip=%config4,%config6
right=casarrondo.restena.lu
rightauth=pubkey
[email protected]
My server ipsec.conf is as follows :
conn IKEv2-tech
keyexchange=ikev2
rightauth=pubkey
rightsendcert=always
rightid="C=LU, L=Luxembourg, O=Fondation RESTENA, OU=Technical,
CN=*, E=*"
rightsourceip=%tech-v4,%tech-v6
auto=add
Both pools are defined as follows :
name start end timeout size
online usage
tech-v4 158.64.15.193 158.64.15.206 1h 14 0 ( 0%)
2 (14%)
tech-v6 2001:a18:1:40::1 2001:a18:1:40::ff 1h 255 0 (
0%) 0 ( 0%)
In the server logs, I see the following lines :
Mar 26 09:35:47 casarrondo charon: 07[CFG] acquired existing lease for
address 158.64.15.193 in pool 'tech-v4'
Mar 26 09:35:47 casarrondo charon: 07[IKE] assigning virtual IP
158.64.15.193 to peer 'C=LU ...
Mar 26 09:35:47 casarrondo charon: 07[IKE] peer requested virtual IP %any6
Mar 26 09:35:47 casarrondo charon: 07[CFG] acquired existing lease for
address 158.64.15.194 in pool 'tech-v4'
Mar 26 09:35:47 casarrondo charon: 07[IKE] assigning virtual IP
158.64.15.194 to peer 'C=LU ...
The client really ends up with two addresses from tech-v4 pool.
I've changed the following line in the server's ipsec.conf :
rightsourceip=%tech-v6,%tech-v4
The result was that strongswan distributed 2 addresses from the tech-v6
pool.
Is there an error in my configuration ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
