I had success setting up an ipv4 road warrior tunnel using strongswan at either end. My goal was for the RW to become just another host on my home LAN. This means that the RW can ping any host on the LAN in addition to the server.
I then wanted achieve a similar goal over ipv6 with difference being that instead of private IPs I would use my global ipv6 prefix. I am able to establish the tunnel between the RW and the server and I can ping6 between them in either direction. However when I try the ping6 tests between the RW and a host other than the server, the test fails. The believe that neighbor discovery ( ND ) is at the root of the problem. Ip6tables were set to accept everything for testing purposes. Also for testing purposes I used the ndisc6 command in addition to ping6. I will summarize the results of my testing. At the RW ping6 to server - success ndisc6 query any address - network unreachable ping6 to host other than server - 100% packet loss >From the LAN ping6 to RW - address unreachable ndisc6 query RW IP - timeout, I see the query reaching the server but it does not respond. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
