I will give it a try. Is ipv6 neighbor discovery on the strongswan road map?
On December 30, 2014 08:21:40 PM Noel Kuntze wrote: > Hello Robert, > > Neither. > I think this needs more explanation, so I'll provide some. Read on. > > First, let me talk about the farp plugin and the analogies to IPv6. > What farp does is reply to arp queries for the client's IP address with his > own MAC address on the interface where the arp query arrives on. You can do > the same for IPv6. Simply enable proxy arp on the interface (sysctl > net.ipv4.conf.$interface.proxy_arp=1) and add a proxy entry for that > interface (ip -6 neigh add proxy $IPv6Address dev $interface). The > interface here is the physical layer two device, _on which arp queries > should be replied to_. It is NOT the VPN interface (tun/tap/ipsec device). > > Mit freundlichen Grüßen/Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 30.12.2014 um 19:57 schrieb Robert Dyck: > > Ip neighbor needs a device. Strongswan normally doesn't create a device > > for the tunnel. Do I need to set up a VTI or use the non-kernel > > implementation?> > > On December 30, 2014 07:38:41 PM Noel Kuntze wrote: > >> Hello Robert, > >> > >> The farp plugin only handles arp at the moment, not IPv6 neighbor > >> discovery. You need to set up proxy arp manually using iproute2. > >> Look at "ip neigh help". > >> > >> Mit freundlichen Grüßen/Regards, > >> Noel Kuntze > >> > >> GPG Key ID: 0x63EC6658 > >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >> > >> Am 30.12.2014 um 01:46 schrieb Robert Dyck: > >>> I had success setting up an ipv4 road warrior tunnel using strongswan at > >>> either end. My goal was for the RW to become just another host on my > >>> home > >>> LAN. This means that the RW can ping any host on the LAN in addition to > >>> the server. > >>> > >>> I then wanted achieve a similar goal over ipv6 with difference being > >>> that > >>> instead of private IPs I would use my global ipv6 prefix. I am able to > >>> establish the tunnel between the RW and the server and I can ping6 > >>> between > >>> them in either direction. However when I try the ping6 tests between the > >>> RW > >>> and a host other than the server, the test fails. The believe that > >>> neighbor > >>> discovery ( ND ) is at the root of the problem. > >>> > >>> Ip6tables were set to accept everything for testing purposes. Also for > >>> testing purposes I used the ndisc6 command in addition to ping6. I will > >>> summarize the results of my testing. > >>> > >>> At the RW > >>> ping6 to server - success > >>> ndisc6 query any address - network unreachable > >>> ping6 to host other than server - 100% packet loss > >>> > >>> From the LAN > >>> ping6 to RW - address unreachable > >>> ndisc6 query RW IP - timeout, I see the query reaching the server but it > >>> does not respond. > >>> _______________________________________________ > >>> Users mailing list > >>> [email protected] > >>> https://lists.strongswan.org/mailman/listinfo/users > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
