-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Robert,
The road map [1] that is visible to me (as to everyone else) does not contain such a change. [1] https://wiki.strongswan.org/projects/strongswan/roadmap Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 30.12.2014 um 20:31 schrieb Robert Dyck: > I will give it a try. > > Is ipv6 neighbor discovery on the strongswan road map? > > On December 30, 2014 08:21:40 PM Noel Kuntze wrote: >> Hello Robert, >> >> Neither. >> I think this needs more explanation, so I'll provide some. Read on. >> >> First, let me talk about the farp plugin and the analogies to IPv6. >> What farp does is reply to arp queries for the client's IP address with his >> own MAC address on the interface where the arp query arrives on. You can do >> the same for IPv6. Simply enable proxy arp on the interface (sysctl >> net.ipv4.conf.$interface.proxy_arp=1) and add a proxy entry for that >> interface (ip -6 neigh add proxy $IPv6Address dev $interface). The >> interface here is the physical layer two device, _on which arp queries >> should be replied to_. It is NOT the VPN interface (tun/tap/ipsec device). >> >> Mit freundlichen Grüßen/Regards, >> Noel Kuntze >> >> GPG Key ID: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> >> Am 30.12.2014 um 19:57 schrieb Robert Dyck: >>> Ip neighbor needs a device. Strongswan normally doesn't create a device >>> for the tunnel. Do I need to set up a VTI or use the non-kernel >>> implementation?> >>> On December 30, 2014 07:38:41 PM Noel Kuntze wrote: >>>> Hello Robert, >>>> >>>> The farp plugin only handles arp at the moment, not IPv6 neighbor >>>> discovery. You need to set up proxy arp manually using iproute2. >>>> Look at "ip neigh help". >>>> >>>> Mit freundlichen Grüßen/Regards, >>>> Noel Kuntze >>>> >>>> GPG Key ID: 0x63EC6658 >>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >>>> >>>> Am 30.12.2014 um 01:46 schrieb Robert Dyck: >>>>> I had success setting up an ipv4 road warrior tunnel using strongswan at >>>>> either end. My goal was for the RW to become just another host on my >>>>> home >>>>> LAN. This means that the RW can ping any host on the LAN in addition to >>>>> the server. >>>>> >>>>> I then wanted achieve a similar goal over ipv6 with difference being >>>>> that >>>>> instead of private IPs I would use my global ipv6 prefix. I am able to >>>>> establish the tunnel between the RW and the server and I can ping6 >>>>> between >>>>> them in either direction. However when I try the ping6 tests between the >>>>> RW >>>>> and a host other than the server, the test fails. The believe that >>>>> neighbor >>>>> discovery ( ND ) is at the root of the problem. >>>>> >>>>> Ip6tables were set to accept everything for testing purposes. Also for >>>>> testing purposes I used the ndisc6 command in addition to ping6. I will >>>>> summarize the results of my testing. >>>>> >>>>> At the RW >>>>> ping6 to server - success >>>>> ndisc6 query any address - network unreachable >>>>> ping6 to host other than server - 100% packet loss >>>>> >>>>> From the LAN >>>>> ping6 to RW - address unreachable >>>>> ndisc6 query RW IP - timeout, I see the query reaching the server but it >>>>> does not respond. >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [email protected] >>>>> https://lists.strongswan.org/mailman/listinfo/users >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUov5eAAoJEDg5KY9j7GZYDZwQAJFLs8Kyj8BWHEBHTL3gtrnb OtCFfZJWzLsAxLIAQITiGwNmR9V7QSc1DAxTsOlgPxrlLuE34w+9Ic6gQInV6MAF 0W785F3joR1feBphOhBjePQ2GVSexrfA/0pYOk98yPV8NQJ2p7TMhqeJ9/3pxFj8 YT5X0p3w+oH+dUU1shSmW4UupZybZ34keTIeU5BPmOe6bV3KWAZCjbtnNfeiWS/r +LvSZJkKWjheYSND0Ko5huGA/8w0GcURl5Zr/RurFaqVxm0snzkjSaLfCFD5DzhJ KWj1qvbaNUqCTNX7Esc6mzESaVMAqaaoi5oR11Fo/EZ3O3ThtMLlofWKjPEU+Bou tszXW38gus8sMJlQyT6K3CTXGwZKeBIR2WlqdmGWAaDyhzfgxKXvrfyS/Cr+4f0l 6d5Q+8P5tnajBP2EWn122cIGsViUdF7sBejt7SUfb/Z6XgcSNqq55YTB3LLLKc+f 6ZUakal4tK30C+vHmhPo1ORnJLB9cpV56CHRE26are27Pe+PM6pQ1X5Xw8uaQo9r wz3BtBRRkjyTKOrxl9I5Pv6mKlNlPwJ8XnAl6z3gzmIPey2k9wXT4Itcv8z6pReW Lg51O4Muj9S5Dl2Lb7epbLni/Wronfd0sHRqUSva3HWoL8ob/gZlbLGvuH66gO9e vVdIYAR05pSoPJelBUpD =2dIb -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
